r6829 - in trunk/BOOK: . introduction/welcome postlfs/security

randy at linuxfromscratch.org randy at linuxfromscratch.org
Mon Jul 2 21:20:51 PDT 2007


Author: randy
Date: 2007-07-02 22:20:51 -0600 (Mon, 02 Jul 2007)
New Revision: 6829

Modified:
   trunk/BOOK/general.ent
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/postlfs/security/shadow.xml
Log:
Updated to Shadow-4.0.18.1, which is the version used in LFS. Also modified the /etc/pam.d/login files as suggested by Jonathan Oksman to strengthen the login security

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent	2007-07-02 19:57:48 UTC (rev 6828)
+++ trunk/BOOK/general.ent	2007-07-03 04:20:51 UTC (rev 6829)
@@ -3,11 +3,11 @@
 $Date$
 -->
 
-<!ENTITY day          "02">                   <!-- Always 2 digits -->
+<!ENTITY day          "03">                   <!-- Always 2 digits -->
 <!ENTITY month        "07">                   <!-- Always 2 digits -->
 <!ENTITY year         "2007">
 <!ENTITY version      "svn-&year;&month;&day;">
-<!ENTITY releasedate  "July &day;nd, &year;">
+<!ENTITY releasedate  "July &day;rd, &year;">
 <!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
 <!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->
 <!ENTITY lfs-version  "development">          <!-- version|testing|unstable|development] -->
@@ -63,7 +63,7 @@
 
 <!ENTITY cracklib-version             "2.8.10">
 <!ENTITY linux-pam-version            "0.99.7.1">
-<!ENTITY shadow-version               "4.0.17">
+<!ENTITY shadow-version               "4.0.18.1">
 <!ENTITY iptables-version             "1.3.6">
 <!ENTITY gnupg-version                "1.4.7">
 <!ENTITY tripwire-version             "2.4.0.1">

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2007-07-02 19:57:48 UTC (rev 6828)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2007-07-03 04:20:51 UTC (rev 6829)
@@ -42,6 +42,17 @@
 -->
 
     <listitem>
+      <para>July 3rd, 2007</para>
+      <itemizedlist>
+        <listitem>
+          <para>[randy] - Updated to Shadow-4.0.18.1, which is the version used
+          in LFS. Also modified the /etc/pam.d/login file as suggested by
+          Jonathan Oksman to strengthen the login security.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem>
       <para>July 2nd, 2007</para>
       <itemizedlist>
         <listitem>

Modified: trunk/BOOK/postlfs/security/shadow.xml
===================================================================
--- trunk/BOOK/postlfs/security/shadow.xml	2007-07-02 19:57:48 UTC (rev 6828)
+++ trunk/BOOK/postlfs/security/shadow.xml	2007-07-03 04:20:51 UTC (rev 6829)
@@ -4,11 +4,12 @@
   <!ENTITY % general-entities SYSTEM "../../general.ent">
   %general-entities;
 
-  <!ENTITY shadow-download-http "http://ftp.pld.org.pl/software/shadow/old/shadow-&shadow-version;.tar.bz2">
-  <!ENTITY shadow-download-ftp  "ftp://ftp.pld.org.pl/software/shadow/old/shadow-&shadow-version;.tar.bz2">
-  <!ENTITY shadow-md5sum        "bc5972a195290533b4c0576276056ed9">
-  <!ENTITY shadow-size          "1.4 MB">
-  <!ENTITY shadow-buildsize     "17 MB">
+  <!-- <!ENTITY shadow-download-http "http://ftp.pld.org.pl/software/shadow/old/shadow-&shadow-version;.tar.bz2"> -->
+  <!ENTITY shadow-download-http "http://cross-lfs.org/files/packages/svn/shadow-&shadow-version;.tar.bz2">
+  <!ENTITY shadow-download-ftp  "ftp://ftp.pld.org.pl/software/shadow/shadow-&shadow-version;.tar.bz2">
+  <!ENTITY shadow-md5sum        "e7751d46ecf219c07ae0b028ab3335c6">
+  <!ENTITY shadow-size          "1.5 MB">
+  <!ENTITY shadow-buildsize     "18 MB">
   <!ENTITY shadow-time          "0.3 SBU">
 ]>
 
@@ -61,15 +62,13 @@
       </listitem>
     </itemizedlist>
 
-    <!--
     <bridgehead renderas="sect3">Additional Downloads</bridgehead>
     <itemizedlist spacing='compact'>
       <listitem>
         <para>Required patch: <ulink
-        url="&patch-root;/shadow-&shadow-version;-configure_fix-1.patch"/></para>
+        url="&patch-root;/shadow-&shadow-version;-useradd_fix-2.patch"/></para>
       </listitem>
     </itemizedlist>
-    -->
 
     <bridgehead renderas="sect3">Shadow Dependencies</bridgehead>
 
@@ -101,12 +100,15 @@
     <para>Reinstall <application>Shadow</application> by running the following
     commands:</para>
 
-<screen><userinput>./configure --libdir=/lib \
+<screen><userinput>patch -Np1 -i ../shadow-&shadow-version;-useradd_fix-2.patch &&
+
+./configure --libdir=/lib \
             --sysconfdir=/etc \
             --enable-shared \
             --without-selinux &&
+
 sed -i 's/groups$(EXEEXT) //' src/Makefile &&
-find man -name Makefile -exec sed -i '/groups/d' {} \; &&
+find man -name Makefile -exec sed -i 's/groups\.1 / /' {} \; &&
 sed -i -e 's/ ko//' -e 's/ zh_CN zh_TW//' man/Makefile &&
 
 for i in de es fi fr id it pt_BR; do
@@ -186,6 +188,20 @@
   </sect2>
 
   <sect2 role="configuration">
+    <title>Configuring Shadow</title>
+
+    <para><application>Shadow</application>'s stock configuration for the
+    <command>useradd</command> utility is not suitable for LFS systems. Use the
+    following commands as the <systemitem class="username">root</systemitem>
+    user to change the default home directory for new users and prevent the
+    creation of mail spool files:</para>
+
+<screen role="root"><userinput>useradd -D -b /home &&
+sed -i 's/yes/no/' /etc/default/useradd</userinput></screen>
+
+  </sect2>
+
+  <sect2 role="configuration">
     <title>Configuring Linux-PAM to Work with Shadow</title>
 
     <note>
@@ -331,8 +347,8 @@
 <screen role="root"><userinput>cat > /etc/pam.d/login << "EOF"
 <literal># Begin /etc/pam.d/login
 
-auth        requisite      pam_securetty.so
 auth        requisite      pam_nologin.so
+auth        required       pam_securetty.so
 auth        required       pam_unix.so
 account     required       pam_access.so
 account     required       pam_unix.so
@@ -358,8 +374,8 @@
 <screen role="root"><userinput>cat > /etc/pam.d/login << "EOF"
 <literal># Begin /etc/pam.d/login
 
-auth        requisite      pam_securetty.so
 auth        requisite      pam_nologin.so
+auth        required       pam_securetty.so
 auth        required       pam_env.so
 auth        required       pam_unix.so
 account     required       pam_access.so
@@ -441,11 +457,11 @@
       </sect4>
 
       <sect4>
-        <title>'chpasswd', 'newusers', 'groupadd', 'groupdel',
-        'groupmod', 'useradd', 'userdel', and 'usermod'</title>
+        <title>'chpasswd', 'chgpasswd', 'groupadd', 'groupdel', 'groupmems',
+        'groupmod', 'newusers', 'useradd', 'userdel', and 'usermod'</title>
 
-<screen role="root"><userinput>for PROGRAM in chpasswd newusers groupadd groupdel \
-               groupmod useradd userdel usermod
+<screen role="root"><userinput>for PROGRAM in chpasswd chgpasswd groupadd groupdel groupmems \
+               groupmod newusers useradd userdel usermod
 do
     install -v -m644 /etc/pam.d/chage /etc/pam.d/$PROGRAM
     sed -i "s/chage/$PROGRAM/" /etc/pam.d/$PROGRAM




More information about the blfs-book mailing list