shadow: stop building su

2025-02-07 17:57:47 +08:00 · 2021-12-27 20:43:22 +08:00 · 2021-12-27 20:43:22 +08:00 · cacd76ad91
commit cacd76ad91
parent 281a21fa33
1 changed files with 27 additions and 51 deletions
--- a/postlfs/security/shadow.xml
+++ b/postlfs/security/shadow.xml
@ -133,7 +133,9 @@ sed -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \
    -e '/PATH=/{s@/sbin:@@;s@/bin:@@}'                \
    -i etc/login.defs                                 &amp;&amp;

-./configure --sysconfdir=/etc --with-group-name-max-length=32 &amp;&amp;
+./configure --sysconfdir=/etc               \
+            --with-group-name-max-length=32 \
+            --without-su                    &amp;&amp;
 make</userinput></screen>

    <para>
@ -189,6 +191,13 @@ make</userinput></screen>
      user name is 32 characters. Make the maximum group name the same.
    </para>

+    <para>
+      <parameter>--without-su</parameter>: Don't reinstall
+      <command>su</command> because the upstream recommends to use the
+      <command>su</command> command from <xref linkend='util-linux'/>
+      when <application>Linux-PAM</application> is available.
+    </para>
+
    <!-- No longer needed as of 4.8
    <para>
      <command>mv -v /usr/bin/passwd /bin</command>: The
@ -412,38 +421,6 @@ password  include     system-password
 EOF</userinput></screen>
      </sect4>

-      <sect4>
-        <title>'su'</title>
-
-<screen role="root"><userinput>cat &gt; /etc/pam.d/su &lt;&lt; "EOF"
-<literal># Begin /etc/pam.d/su
-
-# always allow root
-auth      sufficient  pam_rootok.so
-
-# Allow users in the wheel group to execute su without a password
-# disabled by default
-#auth      sufficient  pam_wheel.so trust use_uid
-
-# include system auth settings
-auth      include     system-auth
-
-# limit su to users in the wheel group
-auth      required    pam_wheel.so use_uid
-
-# include system account settings
-account   include     system-account
-
-# Set default environment variables for the service user
-session   required    pam_env.so
-
-# include system session settings
-session   include     system-session
-
-# End /etc/pam.d/su</literal>
-EOF</userinput></screen>
-      </sect4>
-
      <sect4>
        <title>'chage'</title>

@ -482,25 +459,24 @@ done</userinput></screen>
          <para>
            At this point, you should do a simple test to see if
            <application>Shadow</application> is working as expected. Open
-            another terminal and log in as a user, then <command>su</command> to
-            <systemitem class="username">root</systemitem>. If you do not see
-            any errors, then all is well and you should proceed with the rest of
-            the configuration. If you did receive errors, stop now and double
-            check the above configuration files manually. One obvious reason
-            for an error is if the user is not in group <systemitem
-            class="groupname">wheel</systemitem>. You may want to run (as
-            <systemitem class="username">root</systemitem>): <command>usermod
-            -a -G wheel <replaceable>&lt;user&gt;</replaceable></command>.
-            Any other error is the sign of an error in the above procedure.
+            another terminal and log in as
+            <systemitem class="username">root</systemitem>, and then run
+            <command>login</command> and login as another user.  If you do
+            not see any errors, then all is well and you should proceed with
+            the rest of the configuration. If you did receive errors, stop
+            now and double check the above configuration files manually.
+            Any error is the sign of an error in the above procedure.
            You can also run the
-            test suite from the <application>Linux-PAM</application> package to
-            assist you in determining the problem. If you cannot find and fix
-            the error, you should recompile <application>Shadow</application>
-            adding the <option>--without-libpam</option> switch to the
-            <command>configure</command> command in the above instructions (also
-            move the <filename>/etc/login.defs.orig</filename> backup file to
-            <filename>/etc/login.defs</filename>). If you fail to do this and
-            the errors remain, you will be unable to log into your system.
+            test suite from the <application>Linux-PAM</application> package
+            to assist you in determining the problem. If you cannot find and
+            fix the error, you should recompile
+            <application>Shadow</application> adding the
+            <option>--without-libpam</option> switch to the
+            <command>configure</command> command in the above instructions
+            (also move the <filename>/etc/login.defs.orig</filename> backup
+            file to <filename>/etc/login.defs</filename>). If you fail to do
+            this and the errors remain, you will be unable to log into your
+            system.
          </para>
        </warning>
      </sect4>