source: branches/3.2/mindi-busybox/loginutils/Config.src @ 3232

Last change on this file since 3232 was 3232, checked in by bruno, 5 years ago
  • Update mindi-busybox to 1.21.1
File size: 9.7 KB
Line 
1#
2# For a description of the syntax of this configuration file,
3# see scripts/kbuild/config-language.txt.
4#
5
6menu "Login/Password Management Utilities"
7
8INSERT
9
10config FEATURE_SHADOWPASSWDS
11    bool "Support for shadow passwords"
12    default y
13    help
14      Build support for shadow password in /etc/shadow. This file is only
15      readable by root and thus the encrypted passwords are no longer
16      publicly readable.
17
18config USE_BB_PWD_GRP
19    bool "Use internal password and group functions rather than system functions"
20    default y
21    help
22      If you leave this disabled, busybox will use the system's password
23      and group functions. And if you are using the GNU C library
24      (glibc), you will then need to install the /etc/nsswitch.conf
25      configuration file and the required /lib/libnss_* libraries in
26      order for the password and group functions to work. This generally
27      makes your embedded system quite a bit larger.
28
29      Enabling this option will cause busybox to directly access the
30      system's /etc/password, /etc/group files (and your system will be
31      smaller, and I will get fewer emails asking about how glibc NSS
32      works). When this option is enabled, you will not be able to use
33      PAM to access remote LDAP password servers and whatnot. And if you
34      want hostname resolution to work with glibc, you still need the
35      /lib/libnss_* libraries.
36
37      If you need to use glibc's nsswitch.conf mechanism
38      (e.g. if user/group database is NOT stored in /etc/passwd etc),
39      you must NOT use this option.
40
41      If you enable this option, it will add about 1.5k.
42
43config USE_BB_SHADOW
44    bool "Use internal shadow password functions"
45    default y
46    depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS
47    help
48      If you leave this disabled, busybox will use the system's shadow
49      password handling functions. And if you are using the GNU C library
50      (glibc), you will then need to install the /etc/nsswitch.conf
51      configuration file and the required /lib/libnss_* libraries in
52      order for the shadow password functions to work. This generally
53      makes your embedded system quite a bit larger.
54
55      Enabling this option will cause busybox to directly access the
56      system's /etc/shadow file when handling shadow passwords. This
57      makes your system smaller (and I will get fewer emails asking about
58      how glibc NSS works). When this option is enabled, you will not be
59      able to use PAM to access shadow passwords from remote LDAP
60      password servers and whatnot.
61
62config USE_BB_CRYPT
63    bool "Use internal crypt functions"
64    default y
65    help
66      Busybox has internal DES and MD5 crypt functions.
67      They produce results which are identical to corresponding
68      standard C library functions.
69
70      If you leave this disabled, busybox will use the system's
71      crypt functions. Most C libraries use large (~70k)
72      static buffers there, and also combine them with more general
73      DES encryption/decryption.
74
75      For busybox, having large static buffers is undesirable,
76      especially on NOMMU machines. Busybox also doesn't need
77      DES encryption/decryption and can do with smaller code.
78
79      If you enable this option, it will add about 4.8k of code
80      if you are building dynamically linked executable.
81      In static build, it makes code _smaller_ by about 1.2k,
82      and likely many kilobytes less of bss.
83
84config USE_BB_CRYPT_SHA
85    bool "Enable SHA256/512 crypt functions"
86    default y
87    depends on USE_BB_CRYPT
88    help
89      Enable this if you have passwords starting with "$5$" or "$6$"
90      in your /etc/passwd or /etc/shadow files. These passwords
91      are hashed using SHA256 and SHA512 algorithms. Support for them
92      was added to glibc in 2008.
93      With this option off, login will fail password check for any
94      user which has password encrypted with these algorithms.
95
96config ADDUSER
97    bool "adduser"
98    default y
99    help
100      Utility for creating a new user account.
101
102config FEATURE_ADDUSER_LONG_OPTIONS
103    bool "Enable long options"
104    default y
105    depends on ADDUSER && LONG_OPTS
106    help
107      Support long options for the adduser applet.
108
109config FEATURE_CHECK_NAMES
110    bool "Enable sanity check on user/group names in adduser and addgroup"
111    default n
112    depends on ADDUSER || ADDGROUP
113    help
114      Enable sanity check on user and group names in adduser and addgroup.
115      To avoid problems, the user or group name should consist only of
116      letters, digits, underscores, periods, at signs and dashes,
117      and not start with a dash (as defined by IEEE Std 1003.1-2001).
118      For compatibility with Samba machine accounts "$" is also supported
119      at the end of the user or group name.
120
121config FIRST_SYSTEM_ID
122    int "First valid system uid or gid for adduser and addgroup"
123    depends on ADDUSER || ADDGROUP
124    range 0 64900
125    default 100
126    help
127      First valid system uid or gid for adduser and addgroup
128
129config LAST_SYSTEM_ID
130    int "Last valid system uid or gid for adduser and addgroup"
131    depends on ADDUSER || ADDGROUP
132    range 0 64900
133    default 999
134    help
135      Last valid system uid or gid for adduser and addgroup
136
137config ADDGROUP
138    bool "addgroup"
139    default y
140    help
141      Utility for creating a new group account.
142
143config FEATURE_ADDGROUP_LONG_OPTIONS
144    bool "Enable long options"
145    default y
146    depends on ADDGROUP && LONG_OPTS
147    help
148      Support long options for the addgroup applet.
149
150config FEATURE_ADDUSER_TO_GROUP
151    bool "Support for adding users to groups"
152    default y
153    depends on ADDGROUP
154    help
155      If  called  with two non-option arguments,
156      addgroup will add an existing user to an
157      existing group.
158
159config DELUSER
160    bool "deluser"
161    default y
162    help
163      Utility for deleting a user account.
164
165config DELGROUP
166    bool "delgroup"
167    default y
168    help
169      Utility for deleting a group account.
170
171config FEATURE_DEL_USER_FROM_GROUP
172    bool "Support for removing users from groups"
173    default y
174    depends on DELGROUP
175    help
176      If called with two non-option arguments, deluser
177      or delgroup will remove an user from a specified group.
178
179config GETTY
180    bool "getty"
181    default y
182    select FEATURE_SYSLOG
183    help
184      getty lets you log in on a tty. It is normally invoked by init.
185
186      Note that you can save a few bytes by disabling it and
187      using login applet directly.
188      If you need to reset tty attributes before calling login,
189      this script approximates getty:
190
191      exec </dev/$1 >/dev/$1 2>&1 || exit 1
192      reset
193      stty sane; stty ispeed 38400; stty ospeed 38400
194      printf "%s login: " "`hostname`"
195      read -r login
196      exec /bin/login "$login"
197
198config LOGIN
199    bool "login"
200    default y
201    select FEATURE_SYSLOG
202    help
203      login is used when signing onto a system.
204
205      Note that Busybox binary must be setuid root for this applet to
206      work properly.
207
208config LOGIN_SESSION_AS_CHILD
209    bool "Run logged in session in a child process"
210    default y if PAM
211    depends on LOGIN
212    help
213      Run the logged in session in a child process.  This allows
214      login to clean up things such as utmp entries or PAM sessions
215      when the login session is complete.  If you use PAM, you
216      almost always would want this to be set to Y, else PAM session
217      will not be cleaned up.
218
219config PAM
220    bool "Support for PAM (Pluggable Authentication Modules)"
221    default n
222    depends on LOGIN
223    help
224      Use PAM in login(1) instead of direct access to password database.
225
226config LOGIN_SCRIPTS
227    bool "Support for login scripts"
228    depends on LOGIN
229    default y
230    help
231      Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT
232      just prior to switching from root to logged-in user.
233
234config FEATURE_NOLOGIN
235    bool "Support for /etc/nologin"
236    default y
237    depends on LOGIN
238    help
239      The file /etc/nologin is used by (some versions of) login(1).
240      If it exists, non-root logins are prohibited.
241
242config FEATURE_SECURETTY
243    bool "Support for /etc/securetty"
244    default y
245    depends on LOGIN
246    help
247      The file /etc/securetty is used by (some versions of) login(1).
248      The file contains the device names of tty lines (one per line,
249      without leading /dev/) on which root is allowed to login.
250
251config PASSWD
252    bool "passwd"
253    default y
254    select FEATURE_SYSLOG
255    help
256      passwd changes passwords for user and group accounts. A normal user
257      may only change the password for his/her own account, the super user
258      may change the password for any account. The administrator of a group
259      may change the password for the group.
260
261      Note that Busybox binary must be setuid root for this applet to
262      work properly.
263
264config FEATURE_PASSWD_WEAK_CHECK
265    bool "Check new passwords for weakness"
266    default y
267    depends on PASSWD
268    help
269      With this option passwd will refuse new passwords which are "weak".
270
271config CRYPTPW
272    bool "cryptpw"
273    default y
274    help
275      Encrypts the given password with the crypt(3) libc function
276      using the given salt. Debian has this utility under mkpasswd
277      name. Busybox provides mkpasswd as an alias for cryptpw.
278
279config CHPASSWD
280    bool "chpasswd"
281    default y
282    help
283      Reads a file of user name and password pairs from standard input
284      and uses this information to update a group of existing users.
285
286config FEATURE_DEFAULT_PASSWD_ALGO
287    string "Default password encryption method (passwd -a, cryptpw -m parameter)"
288    default "des"
289    depends on PASSWD || CRYPTPW
290    help
291      Possible choices are "d[es]", "m[d5]", "s[ha256]" or "sha512".
292
293config SU
294    bool "su"
295    default y
296    select FEATURE_SYSLOG
297    help
298      su is used to become another user during a login session.
299      Invoked without a username, su defaults to becoming the super user.
300
301      Note that Busybox binary must be setuid root for this applet to
302      work properly.
303
304config FEATURE_SU_SYSLOG
305    bool "Enable su to write to syslog"
306    default y
307    depends on SU
308
309config FEATURE_SU_CHECKS_SHELLS
310    bool "Enable su to check user's shell to be listed in /etc/shells"
311    depends on SU
312    default y
313
314config SULOGIN
315    bool "sulogin"
316    default y
317    select FEATURE_SYSLOG
318    help
319      sulogin is invoked when the system goes into single user
320      mode (this is done through an entry in inittab).
321
322config VLOCK
323    bool "vlock"
324    default y
325    help
326      Build the "vlock" applet which allows you to lock (virtual) terminals.
327
328      Note that Busybox binary must be setuid root for this applet to
329      work properly.
330
331endmenu
Note: See TracBrowser for help on using the repository browser.