mirror of
https://github.com/sheumann/hush.git
synced 2024-11-05 06:07:00 +00:00
138791050d
when people really ought to make busybox setuid root. -Erik
162 lines
5.0 KiB
Plaintext
162 lines
5.0 KiB
Plaintext
#
|
|
# For a description of the syntax of this configuration file,
|
|
# see scripts/kbuild/config-language.txt.
|
|
#
|
|
|
|
menu "Login/Password Management Utilities"
|
|
|
|
config CONFIG_USE_BB_PWD_GRP
|
|
bool "Use internal password and group functions rather than system functions"
|
|
default n
|
|
help
|
|
If you leave this disabled, busybox will use the system's password
|
|
and group functions. And if you are using the GNU C library
|
|
(glibc), you will then need to install the /etc/nsswitch.conf
|
|
configuration file and the required /lib/libnss_* libraries in
|
|
order for the password and group functions to work. This generally
|
|
makes your embedded system quite a bit larger.
|
|
|
|
Enabling this option will cause busybox to directly access the
|
|
system's /etc/password, /etc/group files (and your system will be
|
|
smaller, and I will get fewer emails asking about how glibc NSS
|
|
works). When this option is enabled, you will not be able to use
|
|
PAM to access remote LDAP password servers and whatnot. And if you
|
|
want hostname resolution to work with glibc, you still need the
|
|
/lib/libnss_* libraries.
|
|
|
|
If you enable this option, it will add about 1.5k to busybox.
|
|
|
|
|
|
config CONFIG_ADDGROUP
|
|
bool "addgroup"
|
|
default n
|
|
help
|
|
Utility for creating a new group account.
|
|
|
|
config CONFIG_DELGROUP
|
|
bool "delgroup"
|
|
default n
|
|
help
|
|
Utility for deleting a group account.
|
|
|
|
config CONFIG_ADDUSER
|
|
bool "adduser"
|
|
default n
|
|
help
|
|
Utility for creating a new user account.
|
|
|
|
config CONFIG_DELUSER
|
|
bool "deluser"
|
|
default n
|
|
help
|
|
Utility for deleting a user account.
|
|
|
|
config CONFIG_GETTY
|
|
bool "getty"
|
|
default n
|
|
help
|
|
getty lets you log in on a tty, it is normally invoked by init.
|
|
|
|
config CONFIG_FEATURE_U_W_TMP
|
|
bool " Support utmp and wtmp files"
|
|
depends on CONFIG_GETTY || CONFIG_LOGIN || CONFIG_SU || CONFIG_WHO || CONFIG_LAST
|
|
default n
|
|
help
|
|
The files /var/run/utmp and /var/run/wtmp can be used to track when
|
|
user's have logged into and logged out of the system, allowing programs
|
|
such as 'who' and 'last' to list who is currently logged in.
|
|
|
|
config CONFIG_LOGIN
|
|
bool "login"
|
|
default n
|
|
select CONFIG_FEATURE_SUID
|
|
help
|
|
login is used when signing onto a system.
|
|
|
|
Note that Busybox binary must be setuid root for this applet to
|
|
work properly.
|
|
|
|
config CONFIG_FEATURE_SECURETTY
|
|
bool " Support for /etc/securetty"
|
|
default y
|
|
depends on CONFIG_LOGIN
|
|
help
|
|
The file /etc/securetty is used by (some versions of) login(1).
|
|
The file contains the device names of tty lines (one per line,
|
|
without leading /dev/) on which root is allowed to login.
|
|
|
|
config CONFIG_PASSWD
|
|
bool "passwd"
|
|
default n
|
|
select CONFIG_FEATURE_SUID
|
|
help
|
|
passwd changes passwords for user and group accounts. A normal user
|
|
may only change the password for his/her own account, the super user
|
|
may change the password for any account. The administrator of a group
|
|
may change the password for the group.
|
|
|
|
Note that Busybox binary must be setuid root for this applet to
|
|
work properly.
|
|
|
|
config CONFIG_SU
|
|
bool "su"
|
|
default n
|
|
select CONFIG_FEATURE_SUID
|
|
help
|
|
su is used to become another user during a login session.
|
|
Invoked without a username, su defaults to becoming the super user.
|
|
|
|
Note that Busybox binary must be setuid root for this applet to
|
|
work properly.
|
|
|
|
config CONFIG_SULOGIN
|
|
bool "sulogin"
|
|
default n
|
|
help
|
|
sulogin is invoked when the system goes into single user
|
|
mode (this is done through an entry in inittab).
|
|
|
|
config CONFIG_VLOCK
|
|
bool "vlock"
|
|
default n
|
|
select CONFIG_FEATURE_SUID
|
|
help
|
|
Build the "vlock" applet which allows you to lock (virtual) terminals.
|
|
|
|
Note that Busybox binary must be setuid root for this applet to
|
|
work properly.
|
|
|
|
comment "Common options for adduser, deluser, login, su"
|
|
depends on CONFIG_ADDUSER || CONFIG_DELUSER || CONFIG_LOGIN || CONFIG_SU
|
|
|
|
config CONFIG_FEATURE_SHADOWPASSWDS
|
|
bool "Support for shadow passwords"
|
|
default n
|
|
depends on CONFIG_ADDUSER || CONFIG_DELUSER || CONFIG_LOGIN || CONFIG_SU
|
|
help
|
|
Build support for shadow password in /etc/shadow. This file is only
|
|
readable by root and thus the encrypted passwords are no longer
|
|
publicly readable.
|
|
|
|
config CONFIG_USE_BB_SHADOW
|
|
bool " Use busybox shadow password functions"
|
|
default n
|
|
depends on CONFIG_USE_BB_PWD_GRP && CONFIG_FEATURE_SHADOWPASSWDS
|
|
help
|
|
If you leave this disabled, busybox will use the system's shadow
|
|
password handling functions. And if you are using the GNU C library
|
|
(glibc), you will then need to install the /etc/nsswitch.conf
|
|
configuration file and the required /lib/libnss_* libraries in
|
|
order for the shadow password functions to work. This generally
|
|
makes your embedded system quite a bit larger.
|
|
|
|
Enabling this option will cause busybox to directly access the
|
|
system's /etc/shadow file when handling shadow passwords. This
|
|
makes your system smaller and I will get fewer emails asking about
|
|
how glibc NSS works). When this option is enabled, you will not be
|
|
able to use PAM to access shadow passwords from remote LDAP
|
|
password servers and whatnot.
|
|
|
|
endmenu
|
|
|