source: branches/3.0/mindi-busybox/loginutils/Config.src @ 2899

Last change on this file since 2899 was 2725, checked in by bruno, 9 years ago
  • Update mindi-busybox to 1.18.3 to avoid problems with the tar command which is now failing on recent versions with busybox 1.7.3
File size: 8.8 KB
Line 
1#
2# For a description of the syntax of this configuration file,
3# see scripts/kbuild/config-language.txt.
4#
5
6menu "Login/Password Management Utilities"
7
8INSERT
9
10config FEATURE_SHADOWPASSWDS
11    bool "Support for shadow passwords"
12    default y
13    help
14      Build support for shadow password in /etc/shadow. This file is only
15      readable by root and thus the encrypted passwords are no longer
16      publicly readable.
17
18config USE_BB_PWD_GRP
19    bool "Use internal password and group functions rather than system functions"
20    default y
21    help
22      If you leave this disabled, busybox will use the system's password
23      and group functions. And if you are using the GNU C library
24      (glibc), you will then need to install the /etc/nsswitch.conf
25      configuration file and the required /lib/libnss_* libraries in
26      order for the password and group functions to work. This generally
27      makes your embedded system quite a bit larger.
28
29      Enabling this option will cause busybox to directly access the
30      system's /etc/password, /etc/group files (and your system will be
31      smaller, and I will get fewer emails asking about how glibc NSS
32      works). When this option is enabled, you will not be able to use
33      PAM to access remote LDAP password servers and whatnot. And if you
34      want hostname resolution to work with glibc, you still need the
35      /lib/libnss_* libraries.
36
37      If you need to use glibc's nsswitch.conf mechanism
38      (e.g. if user/group database is NOT stored in /etc/passwd etc),
39      you must NOT use this option.
40
41      If you enable this option, it will add about 1.5k.
42
43config USE_BB_SHADOW
44    bool "Use internal shadow password functions"
45    default y
46    depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS
47    help
48      If you leave this disabled, busybox will use the system's shadow
49      password handling functions. And if you are using the GNU C library
50      (glibc), you will then need to install the /etc/nsswitch.conf
51      configuration file and the required /lib/libnss_* libraries in
52      order for the shadow password functions to work. This generally
53      makes your embedded system quite a bit larger.
54
55      Enabling this option will cause busybox to directly access the
56      system's /etc/shadow file when handling shadow passwords. This
57      makes your system smaller (and I will get fewer emails asking about
58      how glibc NSS works). When this option is enabled, you will not be
59      able to use PAM to access shadow passwords from remote LDAP
60      password servers and whatnot.
61
62config USE_BB_CRYPT
63    bool "Use internal crypt functions"
64    default y
65    help
66      Busybox has internal DES and MD5 crypt functions.
67      They produce results which are identical to corresponding
68      standard C library functions.
69
70      If you leave this disabled, busybox will use the system's
71      crypt functions. Most C libraries use large (~70k)
72      static buffers there, and also combine them with more general
73      DES encryption/decryption.
74
75      For busybox, having large static buffers is undesirable,
76      especially on NOMMU machines. Busybox also doesn't need
77      DES encryption/decryption and can do with smaller code.
78
79      If you enable this option, it will add about 4.8k of code
80      if you are building dynamically linked executable.
81      In static build, it makes code _smaller_ by about 1.2k,
82      and likely many kilobytes less of bss.
83
84config USE_BB_CRYPT_SHA
85    bool "Enable SHA256/512 crypt functions"
86    default y
87    depends on USE_BB_CRYPT
88    help
89      Enable this if you have passwords starting with "$5$" or "$6$"
90      in your /etc/passwd or /etc/shadow files. These passwords
91      are hashed using SHA256 and SHA512 algorithms. Support for them
92      was added to glibc in 2008.
93      With this option off, login will fail password check for any
94      user which has password encrypted with these algorithms.
95
96config ADDUSER
97    bool "adduser"
98    default y
99    help
100      Utility for creating a new user account.
101
102config FEATURE_ADDUSER_LONG_OPTIONS
103    bool "Enable long options"
104    default y
105    depends on ADDUSER && LONG_OPTS
106    help
107      Support long options for the adduser applet.
108
109config FEATURE_CHECK_NAMES
110    bool "Enable sanity check on user/group names in adduser and addgroup"
111    default n
112    depends on ADDUSER || ADDGROUP
113    help
114      Enable sanity check on user and group names in adduser and addgroup.
115      To avoid problems, the user or group name should consist only of
116      letters, digits, underscores, periods, at signs and dashes,
117      and not start with a dash (as defined by IEEE Std 1003.1-2001).
118      For compatibility with Samba machine accounts "$" is also supported
119      at the end of the user or group name.
120
121config FIRST_SYSTEM_ID
122    int "First valid system uid or gid for adduser and addgroup"
123    depends on ADDUSER || ADDGROUP
124    range 0 64900
125    default 100
126    help
127      First valid system uid or gid for adduser and addgroup
128
129config LAST_SYSTEM_ID
130    int "Last valid system uid or gid for adduser and addgroup"
131    depends on ADDUSER || ADDGROUP
132    range 0 64900
133    default 999
134    help
135      Last valid system uid or gid for adduser and addgroup
136
137config ADDGROUP
138    bool "addgroup"
139    default y
140    help
141      Utility for creating a new group account.
142
143config FEATURE_ADDGROUP_LONG_OPTIONS
144    bool "Enable long options"
145    default y
146    depends on ADDGROUP && LONG_OPTS
147    help
148      Support long options for the addgroup applet.
149
150config FEATURE_ADDUSER_TO_GROUP
151    bool "Support for adding users to groups"
152    default y
153    depends on ADDGROUP
154    help
155      If  called  with two non-option arguments,
156      addgroup will add an existing user to an
157      existing group.
158
159config DELUSER
160    bool "deluser"
161    default y
162    help
163      Utility for deleting a user account.
164
165config DELGROUP
166    bool "delgroup"
167    default y
168    help
169      Utility for deleting a group account.
170
171config FEATURE_DEL_USER_FROM_GROUP
172    bool "Support for removing users from groups"
173    default y
174    depends on DELGROUP
175    help
176      If called with two non-option arguments, deluser
177      or delgroup will remove an user from a specified group.
178
179config GETTY
180    bool "getty"
181    default y
182    select FEATURE_SYSLOG
183    help
184      getty lets you log in on a tty, it is normally invoked by init.
185
186config LOGIN
187    bool "login"
188    default y
189    select FEATURE_SYSLOG
190    help
191      login is used when signing onto a system.
192
193      Note that Busybox binary must be setuid root for this applet to
194      work properly.
195
196config PAM
197    bool "Support for PAM (Pluggable Authentication Modules)"
198    default n
199    depends on LOGIN
200    help
201      Use PAM in login(1) instead of direct access to password database.
202
203config LOGIN_SCRIPTS
204    bool "Support for login scripts"
205    depends on LOGIN
206    default y
207    help
208      Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT
209      just prior to switching from root to logged-in user.
210
211config FEATURE_NOLOGIN
212    bool "Support for /etc/nologin"
213    default y
214    depends on LOGIN
215    help
216      The file /etc/nologin is used by (some versions of) login(1).
217      If it exists, non-root logins are prohibited.
218
219config FEATURE_SECURETTY
220    bool "Support for /etc/securetty"
221    default y
222    depends on LOGIN
223    help
224      The file /etc/securetty is used by (some versions of) login(1).
225      The file contains the device names of tty lines (one per line,
226      without leading /dev/) on which root is allowed to login.
227
228config PASSWD
229    bool "passwd"
230    default y
231    select FEATURE_SYSLOG
232    help
233      passwd changes passwords for user and group accounts. A normal user
234      may only change the password for his/her own account, the super user
235      may change the password for any account. The administrator of a group
236      may change the password for the group.
237
238      Note that Busybox binary must be setuid root for this applet to
239      work properly.
240
241config FEATURE_PASSWD_WEAK_CHECK
242    bool "Check new passwords for weakness"
243    default y
244    depends on PASSWD
245    help
246      With this option passwd will refuse new passwords which are "weak".
247
248config CRYPTPW
249    bool "cryptpw"
250    default y
251    help
252      Encrypts the given password with the crypt(3) libc function
253      using the given salt. Debian has this utility under mkpasswd
254      name. Busybox provides mkpasswd as an alias for cryptpw.
255
256config CHPASSWD
257    bool "chpasswd"
258    default y
259    help
260      Reads a file of user name and password pairs from standard input
261      and uses this information to update a group of existing users.
262
263config SU
264    bool "su"
265    default y
266    select FEATURE_SYSLOG
267    help
268      su is used to become another user during a login session.
269      Invoked without a username, su defaults to becoming the super user.
270
271      Note that Busybox binary must be setuid root for this applet to
272      work properly.
273
274config FEATURE_SU_SYSLOG
275    bool "Enable su to write to syslog"
276    default y
277    depends on SU
278
279config FEATURE_SU_CHECKS_SHELLS
280    bool "Enable su to check user's shell to be listed in /etc/shells"
281    depends on SU
282    default y
283
284config SULOGIN
285    bool "sulogin"
286    default y
287    select FEATURE_SYSLOG
288    help
289      sulogin is invoked when the system goes into single user
290      mode (this is done through an entry in inittab).
291
292config VLOCK
293    bool "vlock"
294    default y
295    help
296      Build the "vlock" applet which allows you to lock (virtual) terminals.
297
298      Note that Busybox binary must be setuid root for this applet to
299      work properly.
300
301endmenu
Note: See TracBrowser for help on using the repository browser.