OpenWrt – Blame information for rev 3
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | # DO NOT EDIT. This file is generated from Config.src |
2 | # |
||
3 | # For a description of the syntax of this configuration file, |
||
3 | office | 4 | # see scripts/kbuild/config-language.txt. |
1 | office | 5 | # |
6 | |||
7 | menu "Login/Password Management Utilities" |
||
8 | |||
9 | config BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS |
||
10 | bool "Support shadow passwords" |
||
11 | default BUSYBOX_DEFAULT_FEATURE_SHADOWPASSWDS |
||
12 | help |
||
3 | office | 13 | Build support for shadow password in /etc/shadow. This file is only |
14 | readable by root and thus the encrypted passwords are no longer |
||
15 | publicly readable. |
||
1 | office | 16 | |
17 | config BUSYBOX_CONFIG_USE_BB_PWD_GRP |
||
18 | bool "Use internal password and group functions rather than system functions" |
||
19 | default BUSYBOX_DEFAULT_USE_BB_PWD_GRP |
||
20 | help |
||
3 | office | 21 | If you leave this disabled, busybox will use the system's password |
22 | and group functions. And if you are using the GNU C library |
||
23 | (glibc), you will then need to install the /etc/nsswitch.conf |
||
24 | configuration file and the required /lib/libnss_* libraries in |
||
25 | order for the password and group functions to work. This generally |
||
26 | makes your embedded system quite a bit larger. |
||
1 | office | 27 | |
3 | office | 28 | Enabling this option will cause busybox to directly access the |
29 | system's /etc/password, /etc/group files (and your system will be |
||
30 | smaller, and I will get fewer emails asking about how glibc NSS |
||
31 | works). When this option is enabled, you will not be able to use |
||
32 | PAM to access remote LDAP password servers and whatnot. And if you |
||
33 | want hostname resolution to work with glibc, you still need the |
||
34 | /lib/libnss_* libraries. |
||
1 | office | 35 | |
3 | office | 36 | If you need to use glibc's nsswitch.conf mechanism |
37 | (e.g. if user/group database is NOT stored in /etc/passwd etc), |
||
38 | you must NOT use this option. |
||
1 | office | 39 | |
3 | office | 40 | If you enable this option, it will add about 1.5k. |
1 | office | 41 | |
42 | config BUSYBOX_CONFIG_USE_BB_SHADOW |
||
43 | bool "Use internal shadow password functions" |
||
44 | default BUSYBOX_DEFAULT_USE_BB_SHADOW |
||
45 | depends on BUSYBOX_CONFIG_USE_BB_PWD_GRP && BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS |
||
46 | help |
||
3 | office | 47 | If you leave this disabled, busybox will use the system's shadow |
48 | password handling functions. And if you are using the GNU C library |
||
49 | (glibc), you will then need to install the /etc/nsswitch.conf |
||
50 | configuration file and the required /lib/libnss_* libraries in |
||
51 | order for the shadow password functions to work. This generally |
||
52 | makes your embedded system quite a bit larger. |
||
1 | office | 53 | |
3 | office | 54 | Enabling this option will cause busybox to directly access the |
55 | system's /etc/shadow file when handling shadow passwords. This |
||
56 | makes your system smaller (and I will get fewer emails asking about |
||
57 | how glibc NSS works). When this option is enabled, you will not be |
||
58 | able to use PAM to access shadow passwords from remote LDAP |
||
59 | password servers and whatnot. |
||
1 | office | 60 | |
61 | config BUSYBOX_CONFIG_USE_BB_CRYPT |
||
62 | bool "Use internal crypt functions" |
||
63 | default BUSYBOX_DEFAULT_USE_BB_CRYPT |
||
64 | help |
||
3 | office | 65 | Busybox has internal DES and MD5 crypt functions. |
66 | They produce results which are identical to corresponding |
||
67 | standard C library functions. |
||
1 | office | 68 | |
3 | office | 69 | If you leave this disabled, busybox will use the system's |
70 | crypt functions. Most C libraries use large (~70k) |
||
71 | static buffers there, and also combine them with more general |
||
72 | DES encryption/decryption. |
||
1 | office | 73 | |
3 | office | 74 | For busybox, having large static buffers is undesirable, |
75 | especially on NOMMU machines. Busybox also doesn't need |
||
76 | DES encryption/decryption and can do with smaller code. |
||
1 | office | 77 | |
3 | office | 78 | If you enable this option, it will add about 4.8k of code |
79 | if you are building dynamically linked executable. |
||
80 | In static build, it makes code _smaller_ by about 1.2k, |
||
81 | and likely many kilobytes less of bss. |
||
1 | office | 82 | |
83 | config BUSYBOX_CONFIG_USE_BB_CRYPT_SHA |
||
84 | bool "Enable SHA256/512 crypt functions" |
||
85 | default BUSYBOX_DEFAULT_USE_BB_CRYPT_SHA |
||
86 | depends on BUSYBOX_CONFIG_USE_BB_CRYPT |
||
87 | help |
||
3 | office | 88 | Enable this if you have passwords starting with "$5$" or "$6$" |
89 | in your /etc/passwd or /etc/shadow files. These passwords |
||
90 | are hashed using SHA256 and SHA512 algorithms. Support for them |
||
91 | was added to glibc in 2008. |
||
92 | With this option off, login will fail password check for any |
||
93 | user which has password encrypted with these algorithms. |
||
1 | office | 94 | |
95 | config BUSYBOX_CONFIG_ADD_SHELL |
||
3 | office | 96 | bool "add-shell" |
97 | default BUSYBOX_DEFAULT_ADD_SHELL if BUSYBOX_CONFIG_DESKTOP |
||
98 | help |
||
99 | Add shells to /etc/shells. |
||
1 | office | 100 | |
101 | config BUSYBOX_CONFIG_REMOVE_SHELL |
||
3 | office | 102 | bool "remove-shell" |
103 | default BUSYBOX_DEFAULT_REMOVE_SHELL if BUSYBOX_CONFIG_DESKTOP |
||
104 | help |
||
105 | Remove shells from /etc/shells. |
||
1 | office | 106 | config BUSYBOX_CONFIG_ADDGROUP |
3 | office | 107 | bool "addgroup" |
1 | office | 108 | default BUSYBOX_DEFAULT_ADDGROUP |
109 | help |
||
3 | office | 110 | Utility for creating a new group account. |
1 | office | 111 | |
3 | office | 112 | config BUSYBOX_CONFIG_FEATURE_ADDGROUP_LONG_OPTIONS |
113 | bool "Enable long options" |
||
114 | default BUSYBOX_DEFAULT_FEATURE_ADDGROUP_LONG_OPTIONS |
||
115 | depends on BUSYBOX_CONFIG_ADDGROUP && BUSYBOX_CONFIG_LONG_OPTS |
||
116 | |||
1 | office | 117 | config BUSYBOX_CONFIG_FEATURE_ADDUSER_TO_GROUP |
118 | bool "Support adding users to groups" |
||
119 | default BUSYBOX_DEFAULT_FEATURE_ADDUSER_TO_GROUP |
||
120 | depends on BUSYBOX_CONFIG_ADDGROUP |
||
121 | help |
||
3 | office | 122 | If called with two non-option arguments, |
123 | addgroup will add an existing user to an |
||
124 | existing group. |
||
1 | office | 125 | config BUSYBOX_CONFIG_ADDUSER |
3 | office | 126 | bool "adduser" |
1 | office | 127 | default BUSYBOX_DEFAULT_ADDUSER |
128 | help |
||
3 | office | 129 | Utility for creating a new user account. |
1 | office | 130 | |
3 | office | 131 | config BUSYBOX_CONFIG_FEATURE_ADDUSER_LONG_OPTIONS |
132 | bool "Enable long options" |
||
133 | default BUSYBOX_DEFAULT_FEATURE_ADDUSER_LONG_OPTIONS |
||
134 | depends on BUSYBOX_CONFIG_ADDUSER && BUSYBOX_CONFIG_LONG_OPTS |
||
135 | |||
1 | office | 136 | config BUSYBOX_CONFIG_FEATURE_CHECK_NAMES |
137 | bool "Enable sanity check on user/group names in adduser and addgroup" |
||
138 | default BUSYBOX_DEFAULT_FEATURE_CHECK_NAMES |
||
139 | depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP |
||
140 | help |
||
3 | office | 141 | Enable sanity check on user and group names in adduser and addgroup. |
142 | To avoid problems, the user or group name should consist only of |
||
143 | letters, digits, underscores, periods, at signs and dashes, |
||
144 | and not start with a dash (as defined by IEEE Std 1003.1-2001). |
||
145 | For compatibility with Samba machine accounts "$" is also supported |
||
146 | at the end of the user or group name. |
||
1 | office | 147 | |
148 | config BUSYBOX_CONFIG_LAST_ID |
||
149 | int "Last valid uid or gid for adduser and addgroup" |
||
150 | depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP |
||
151 | default BUSYBOX_DEFAULT_LAST_ID |
||
152 | help |
||
3 | office | 153 | Last valid uid or gid for adduser and addgroup |
1 | office | 154 | |
155 | config BUSYBOX_CONFIG_FIRST_SYSTEM_ID |
||
156 | int "First valid system uid or gid for adduser and addgroup" |
||
157 | depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP |
||
158 | range 0 BUSYBOX_CONFIG_LAST_ID |
||
159 | default BUSYBOX_DEFAULT_FIRST_SYSTEM_ID |
||
160 | help |
||
3 | office | 161 | First valid system uid or gid for adduser and addgroup |
1 | office | 162 | |
163 | config BUSYBOX_CONFIG_LAST_SYSTEM_ID |
||
164 | int "Last valid system uid or gid for adduser and addgroup" |
||
165 | depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP |
||
166 | range BUSYBOX_CONFIG_FIRST_SYSTEM_ID BUSYBOX_CONFIG_LAST_ID |
||
167 | default BUSYBOX_DEFAULT_LAST_SYSTEM_ID |
||
168 | help |
||
3 | office | 169 | Last valid system uid or gid for adduser and addgroup |
1 | office | 170 | config BUSYBOX_CONFIG_CHPASSWD |
3 | office | 171 | bool "chpasswd" |
1 | office | 172 | default BUSYBOX_DEFAULT_CHPASSWD |
173 | help |
||
3 | office | 174 | Reads a file of user name and password pairs from standard input |
175 | and uses this information to update a group of existing users. |
||
1 | office | 176 | |
177 | config BUSYBOX_CONFIG_FEATURE_DEFAULT_PASSWD_ALGO |
||
178 | string "Default encryption method (passwd -a, cryptpw -m, chpasswd -c ALG)" |
||
179 | default BUSYBOX_DEFAULT_FEATURE_DEFAULT_PASSWD_ALGO |
||
180 | depends on BUSYBOX_CONFIG_PASSWD || BUSYBOX_CONFIG_CRYPTPW || BUSYBOX_CONFIG_CHPASSWD |
||
181 | help |
||
3 | office | 182 | Possible choices are "d[es]", "m[d5]", "s[ha256]" or "sha512". |
1 | office | 183 | config BUSYBOX_CONFIG_CRYPTPW |
3 | office | 184 | bool "cryptpw" |
1 | office | 185 | default BUSYBOX_DEFAULT_CRYPTPW |
186 | help |
||
3 | office | 187 | Encrypts the given password with the crypt(3) libc function |
188 | using the given salt. |
||
1 | office | 189 | |
190 | config BUSYBOX_CONFIG_MKPASSWD |
||
3 | office | 191 | bool "mkpasswd" |
1 | office | 192 | default BUSYBOX_DEFAULT_MKPASSWD |
193 | help |
||
3 | office | 194 | Encrypts the given password with the crypt(3) libc function |
195 | using the given salt. Debian has this utility under mkpasswd |
||
196 | name. Busybox provides mkpasswd as an alias for cryptpw. |
||
1 | office | 197 | config BUSYBOX_CONFIG_DELUSER |
3 | office | 198 | bool "deluser" |
1 | office | 199 | default BUSYBOX_DEFAULT_DELUSER |
200 | help |
||
3 | office | 201 | Utility for deleting a user account. |
1 | office | 202 | |
203 | config BUSYBOX_CONFIG_DELGROUP |
||
3 | office | 204 | bool "delgroup" |
1 | office | 205 | default BUSYBOX_DEFAULT_DELGROUP |
206 | help |
||
3 | office | 207 | Utility for deleting a group account. |
1 | office | 208 | |
209 | config BUSYBOX_CONFIG_FEATURE_DEL_USER_FROM_GROUP |
||
210 | bool "Support removing users from groups" |
||
211 | default BUSYBOX_DEFAULT_FEATURE_DEL_USER_FROM_GROUP |
||
212 | depends on BUSYBOX_CONFIG_DELGROUP |
||
213 | help |
||
3 | office | 214 | If called with two non-option arguments, deluser |
215 | or delgroup will remove an user from a specified group. |
||
1 | office | 216 | config BUSYBOX_CONFIG_GETTY |
3 | office | 217 | bool "getty" |
1 | office | 218 | default BUSYBOX_DEFAULT_GETTY |
219 | select BUSYBOX_CONFIG_FEATURE_SYSLOG |
||
220 | help |
||
3 | office | 221 | getty lets you log in on a tty. It is normally invoked by init. |
1 | office | 222 | |
3 | office | 223 | Note that you can save a few bytes by disabling it and |
224 | using login applet directly. |
||
225 | If you need to reset tty attributes before calling login, |
||
226 | this script approximates getty: |
||
1 | office | 227 | |
3 | office | 228 | exec </dev/$1 >/dev/$1 2>&1 || exit 1 |
229 | reset |
||
230 | stty sane; stty ispeed 38400; stty ospeed 38400 |
||
231 | printf "%s login: " "`hostname`" |
||
232 | read -r login |
||
233 | exec /bin/login "$login" |
||
1 | office | 234 | config BUSYBOX_CONFIG_LOGIN |
3 | office | 235 | bool "login" |
1 | office | 236 | default BUSYBOX_DEFAULT_LOGIN |
237 | select BUSYBOX_CONFIG_FEATURE_SYSLOG |
||
238 | help |
||
3 | office | 239 | login is used when signing onto a system. |
1 | office | 240 | |
3 | office | 241 | Note that Busybox binary must be setuid root for this applet to |
242 | work properly. |
||
1 | office | 243 | |
244 | config BUSYBOX_CONFIG_LOGIN_SESSION_AS_CHILD |
||
245 | bool "Run logged in session in a child process" |
||
246 | default BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD if BUSYBOX_CONFIG_PAM |
||
247 | depends on BUSYBOX_CONFIG_LOGIN |
||
248 | help |
||
3 | office | 249 | Run the logged in session in a child process. This allows |
250 | login to clean up things such as utmp entries or PAM sessions |
||
251 | when the login session is complete. If you use PAM, you |
||
252 | almost always would want this to be set to Y, else PAM session |
||
253 | will not be cleaned up. |
||
1 | office | 254 | |
255 | config BUSYBOX_CONFIG_LOGIN_SCRIPTS |
||
256 | bool "Support login scripts" |
||
257 | depends on BUSYBOX_CONFIG_LOGIN |
||
258 | default BUSYBOX_DEFAULT_LOGIN_SCRIPTS |
||
259 | help |
||
3 | office | 260 | Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT |
261 | just prior to switching from root to logged-in user. |
||
1 | office | 262 | |
263 | config BUSYBOX_CONFIG_FEATURE_NOLOGIN |
||
264 | bool "Support /etc/nologin" |
||
265 | default BUSYBOX_DEFAULT_FEATURE_NOLOGIN |
||
266 | depends on BUSYBOX_CONFIG_LOGIN |
||
267 | help |
||
3 | office | 268 | The file /etc/nologin is used by (some versions of) login(1). |
269 | If it exists, non-root logins are prohibited. |
||
1 | office | 270 | |
271 | config BUSYBOX_CONFIG_FEATURE_SECURETTY |
||
272 | bool "Support /etc/securetty" |
||
273 | default BUSYBOX_DEFAULT_FEATURE_SECURETTY |
||
274 | depends on BUSYBOX_CONFIG_LOGIN |
||
275 | help |
||
3 | office | 276 | The file /etc/securetty is used by (some versions of) login(1). |
277 | The file contains the device names of tty lines (one per line, |
||
278 | without leading /dev/) on which root is allowed to login. |
||
1 | office | 279 | config BUSYBOX_CONFIG_PASSWD |
3 | office | 280 | bool "passwd" |
1 | office | 281 | default BUSYBOX_DEFAULT_PASSWD |
282 | select BUSYBOX_CONFIG_FEATURE_SYSLOG |
||
283 | help |
||
3 | office | 284 | passwd changes passwords for user and group accounts. A normal user |
285 | may only change the password for his/her own account, the super user |
||
286 | may change the password for any account. The administrator of a group |
||
287 | may change the password for the group. |
||
1 | office | 288 | |
3 | office | 289 | Note that Busybox binary must be setuid root for this applet to |
290 | work properly. |
||
1 | office | 291 | |
292 | config BUSYBOX_CONFIG_FEATURE_PASSWD_WEAK_CHECK |
||
293 | bool "Check new passwords for weakness" |
||
294 | default BUSYBOX_DEFAULT_FEATURE_PASSWD_WEAK_CHECK |
||
295 | depends on BUSYBOX_CONFIG_PASSWD |
||
296 | help |
||
3 | office | 297 | With this option passwd will refuse new passwords which are "weak". |
1 | office | 298 | config BUSYBOX_CONFIG_SU |
3 | office | 299 | bool "su" |
1 | office | 300 | default BUSYBOX_DEFAULT_SU |
301 | select BUSYBOX_CONFIG_FEATURE_SYSLOG |
||
302 | help |
||
3 | office | 303 | su is used to become another user during a login session. |
304 | Invoked without a username, su defaults to becoming the super user. |
||
305 | Note that busybox binary must be setuid root for this applet to |
||
306 | work properly. |
||
1 | office | 307 | |
308 | config BUSYBOX_CONFIG_FEATURE_SU_SYSLOG |
||
309 | bool "Log to syslog all attempts to use su" |
||
310 | default BUSYBOX_DEFAULT_FEATURE_SU_SYSLOG |
||
311 | depends on BUSYBOX_CONFIG_SU |
||
312 | |||
313 | config BUSYBOX_CONFIG_FEATURE_SU_CHECKS_SHELLS |
||
314 | bool "If user's shell is not in /etc/shells, disallow -s PROG" |
||
315 | default BUSYBOX_DEFAULT_FEATURE_SU_CHECKS_SHELLS |
||
316 | depends on BUSYBOX_CONFIG_SU |
||
317 | |||
318 | config BUSYBOX_CONFIG_FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY |
||
319 | bool "Allow blank passwords only on TTYs in /etc/securetty" |
||
320 | default BUSYBOX_DEFAULT_FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY |
||
321 | depends on BUSYBOX_CONFIG_SU |
||
322 | config BUSYBOX_CONFIG_SULOGIN |
||
3 | office | 323 | bool "sulogin" |
1 | office | 324 | default BUSYBOX_DEFAULT_SULOGIN |
325 | select BUSYBOX_CONFIG_FEATURE_SYSLOG |
||
326 | help |
||
3 | office | 327 | sulogin is invoked when the system goes into single user |
328 | mode (this is done through an entry in inittab). |
||
1 | office | 329 | config BUSYBOX_CONFIG_VLOCK |
3 | office | 330 | bool "vlock" |
1 | office | 331 | default BUSYBOX_DEFAULT_VLOCK |
332 | help |
||
3 | office | 333 | Build the "vlock" applet which allows you to lock (virtual) terminals. |
1 | office | 334 | |
3 | office | 335 | Note that Busybox binary must be setuid root for this applet to |
336 | work properly. |
||
1 | office | 337 | |
338 | endmenu |