diff options
| author |   Martin Schlemmer <azarah@gentoo.org> | 2002-12-03 07:35:59 +0000 |
|---|---|---|
| committer | Martin Schlemmer <azarah@gentoo.org> | 2002-12-03 07:35:59 +0000 |
| commit | 573b954e53309ea341c332fe09f17a583a0f6a0a (patch) | |
| tree | a62acf144e41b8a5d08e8e468beda9d56ce265a0 /sys-apps | |
| parent | fix to libtoolize a convenience library (libgimpi.a) in gimp so gimp can (diff) | |
| download | historical-573b954e53309ea341c332fe09f17a583a0f6a0a.tar.gz historical-573b954e53309ea341c332fe09f17a583a0f6a0a.tar.bz2 historical-573b954e53309ea341c332fe09f17a583a0f6a0a.zip | |
bug 4210
Diffstat (limited to 'sys-apps')
| -rw-r--r-- | sys-apps/shadow/ChangeLog | 7 | ||||
| -rw-r--r-- | sys-apps/shadow/files/pam.d/su | 20 | ||||
| -rw-r--r-- | sys-apps/shadow/shadow-4.0.3-r2.ebuild | 24 |
3 files changed, 38 insertions, 13 deletions
diff --git a/sys-apps/shadow/ChangeLog b/sys-apps/shadow/ChangeLog index 64fe167af175..f990d2f7bbf6 100644 --- a/sys-apps/shadow/ChangeLog +++ b/sys-apps/shadow/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for sys-apps/shadow # Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL -# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.17 2002/10/20 15:16:50 azarah Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.18 2002/12/03 07:35:59 azarah Exp $ + + 03 Dec 2002; Martin Schlemmer <azarah@gentoo.org> shadow-4.0.3-r2.ebuild : + + Mark as stable. Update pam.d/su to use pam_filelist.so if uncommented. + This can be used as a type of /etc/suauth. Should close bug #4210. *shadow-4.0.3-r1 (20 Oct 2002) diff --git a/sys-apps/shadow/files/pam.d/su b/sys-apps/shadow/files/pam.d/su index 13862c3003f4..00cd3bdcca3a 100644 --- a/sys-apps/shadow/files/pam.d/su +++ b/sys-apps/shadow/files/pam.d/su @@ -1,7 +1,25 @@ #%PAM-1.0 auth sufficient /lib/security/pam_rootok.so -auth required /lib/security/pam_wheel.so use_uid + +# If you want to restrict users begin allowed to su even more, +# create /etc/security/suauth.allow (or to that matter) that is only +# writable by root, and add users that are allowed to su to that +# file, one per line. +#auth required /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow + +# Uncomment this to allow users in the wheel group to su without +# entering a passwd. +#auth sufficient /lib/security/pam_wheel.so use_uid trust + +# Alternatively to above, you can implement a list of users that do +# not need to supply a passwd with a list. +#auth sufficient /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass + +# Comment this to allow any user, even those not in the 'wheel' +# group to su +auth required /lib/security/pam_wheel.so use_uid + auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth diff --git a/sys-apps/shadow/shadow-4.0.3-r2.ebuild b/sys-apps/shadow/shadow-4.0.3-r2.ebuild index bb1740f438c3..70308f605ce4 100644 --- a/sys-apps/shadow/shadow-4.0.3-r2.ebuild +++ b/sys-apps/shadow/shadow-4.0.3-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2002 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.3-r2.ebuild,v 1.2 2002/10/24 23:23:45 blizzy Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.3-r2.ebuild,v 1.3 2002/12/03 07:35:59 azarah Exp $ IUSE="" @@ -15,7 +15,7 @@ SRC_URI="ftp://ftp.pld.org.pl/software/shadow/${P}.tar.gz" LICENSE="BSD" SLOT="0" -KEYWORDS="~x86 ~ppc ~sparc ~sparc64 ~alpha" +KEYWORDS="x86 ppc sparc sparc64 alpha" DEPEND=">=sys-libs/pam-0.75-r4 >=sys-libs/cracklib-2.7-r3 @@ -67,9 +67,9 @@ src_install() { mandir=${D}/usr/share/man \ install || die "install problem" - #do not install this login, but rather the one from - #pam-login, as this one have a serious root exploit - #with pam_limits in use. + # Do not install this login, but rather the one from + # pam-login, as this one have a serious root exploit + # with pam_limits in use. rm ${D}/bin/login mv ${D}/lib ${D}/usr @@ -80,7 +80,7 @@ src_install() { dosym /usr/bin/newgrp /usr/bin/sg dosym /usr/sbin/useradd /usr/sbin/adduser dosym /usr/sbin/vipw /usr/sbin/vigr - # remove dead links + # Remove dead links rm -f ${D}/bin/{sg,vipw} insinto /etc @@ -109,8 +109,8 @@ src_install() { newins shadow groupadd cd ${S} - # the manpage install is beyond my comprehension, and also broken. - # just do it over. + # The manpage install is beyond my comprehension, and + # also broken. Just do it over. rm -rf ${D}/usr/share/man/* for x in man/*.[0-9] do @@ -120,9 +120,11 @@ src_install() { cp ${x} ${dir} done - #dont install the manpage, since we dont use - #login with shadow - rm ${D}/usr/share/man/man1/login.* + # Dont install the manpage, since we dont use + # login with shadow + rm -f ${D}/usr/share/man/man1/login.* + # We use pam, so this is not applicable. + rm -f ${D}/usr/share/man/man5/suauth.* cd ${S}/doc dodoc ANNOUNCE INSTALL LICENSE README WISHLIST |