provide pam files for runuser, runuser-l and remote (login) [release 2.24.2-2mamba;Tue May 06 2014]

This commit is contained in:
Silvan Calarco 2024-01-05 18:52:52 +01:00
parent 87ee706c9e
commit c6fe1afb59
16 changed files with 1305 additions and 0 deletions

View File

@ -1,2 +1,5 @@
# util-linux
The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function.
Among others, Util-linux contains the fdisk configuration tool and the login program.

View File

@ -0,0 +1,18 @@
--- a/login-utils/su.c.badpaths Tue Apr 05 14:26:55 2005
+++ b/login-utils/su.c Tue Apr 05 14:40:21 EDT 2005
@@ -147,6 +147,15 @@
#define DEFAULT_ROOT_LOGIN_PATH "/usr/ucb:/bin:/usr/bin:/etc"
#endif
+/* The default paths which get set are both bogus and oddly influenced
+ by <paths.h> and -D on the commands line. Just to be clear, we'll set
+ these explicitly. -ewt */
+#undef DEFAULT_LOGIN_PATH
+#undef DEFAULT_ROOT_LOGIN_PATH
+#define DEFAULT_LOGIN_PATH "/bin:/usr/bin:/usr/local/bin"
+#define DEFAULT_ROOT_LOGIN_PATH \
+ "/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin"
+
/* The shell to run if none is given in the user's passwd entry. */
#define DEFAULT_SHELL "/bin/sh"

54
util-linux-login.access Normal file
View File

@ -0,0 +1,54 @@
# $Id: login.access 1342 2007-11-10 23:46:11Z nekral-guest $
#
# Login access control table.
#
# When someone logs in, the table is scanned for the first entry that
# matches the (user, host) combination, or, in case of non-networked
# logins, the first entry that matches the (user, tty) combination. The
# permissions field of that table entry determines whether the login will
# be accepted or refused.
#
# Format of the login access control table is three fields separated by a
# ":" character:
#
# permission : users : origins
#
# The first field should be a "+" (access granted) or "-" (access denied)
# character.
#
# The second field should be a list of one or more login names, group
# names, or ALL (always matches). A pattern of the form user@host is
# matched when the login name matches the "user" part, and when the
# "host" part matches the local machine name.
#
# The third field should be a list of one or more tty names (for
# non-networked logins), host names, domain names (begin with "."), host
# addresses, internet network numbers (end with "."), ALL (always
# matches) or LOCAL (matches any string that does not contain a "."
# character).
#
# If you run NIS you can use @netgroupname in host or user patterns; this
# even works for @usergroup@@hostgroup patterns. Weird.
#
# The EXCEPT operator makes it possible to write very compact rules.
#
# The group file is searched only when a name does not match that of the
# logged-in user. Only groups are matched in which users are explicitly
# listed: the program does not look at a user's primary group id value.
#
##############################################################################
#
# Disallow console logins to all but a few accounts.
#
#-:ALL EXCEPT wheel shutdown sync:console
#
# Disallow non-local logins to privileged accounts (group wheel).
#
#-:wheel:ALL EXCEPT LOCAL .win.tue.nl
#
# Some accounts are not allowed to login from anywhere:
#
#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL
#
# All other accounts are allowed to login from anywhere.
#

386
util-linux-login.defs Normal file
View File

@ -0,0 +1,386 @@
#
# /etc/login.defs - Configuration control definitions for the shadow package.
#
# $Id: login.defs 3038 2009-07-23 20:41:35Z nekral-guest $
#
#
# Delay in seconds before being allowed another attempt after a login failure
# Note: When PAM is used, some modules may enfore a minimal delay (e.g.
# pam_unix enforces a 2s delay)
#
FAIL_DELAY 3
#
# Enable logging and display of /var/log/faillog login failure info.
#
#FAILLOG_ENAB yes
#
# Enable display of unknown usernames when login failures are recorded.
#
LOG_UNKFAIL_ENAB no
#
# Enable logging of successful logins
#
LOG_OK_LOGINS no
#
# Enable logging and display of /var/log/lastlog login time info.
#
#LASTLOG_ENAB yes
#
# Enable checking and display of mailbox status upon login.
#
# Disable if the shell startup files already check for mail
# ("mailx -e" or equivalent).
#
#MAIL_CHECK_ENAB yes
#
# Enable additional checks upon password changes.
#
#OBSCURE_CHECKS_ENAB yes
#
# Enable checking of time restrictions specified in /etc/porttime.
#
#PORTTIME_CHECKS_ENAB yes
#
# Enable setting of ulimit, umask, and niceness from passwd gecos field.
#
#QUOTAS_ENAB yes
#
# Enable "syslog" logging of su activity - in addition to sulog file logging.
# SYSLOG_SG_ENAB does the same for newgrp and sg.
#
SYSLOG_SU_ENAB yes
SYSLOG_SG_ENAB yes
#
# If defined, either full pathname of a file containing device names or
# a ":" delimited list of device names. Root logins will be allowed only
# upon these devices.
#
CONSOLE /etc/securetty
#CONSOLE console:tty01:tty02:tty03:tty04
#
# If defined, all su activity is logged to this file.
#
#SULOG_FILE /var/log/sulog
#
# If defined, ":" delimited list of "message of the day" files to
# be displayed upon login.
#
#MOTD_FILE /etc/motd
#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
#
# If defined, this file will be output before each login prompt.
#
#ISSUE_FILE /etc/issue
#
# If defined, file which maps tty line to TERM environment parameter.
# Each line of the file is in a format something like "vt100 tty01".
#
#TTYTYPE_FILE /etc/ttytype
#
# If defined, login failures will be logged here in a utmp format.
# last, when invoked as lastb, will read /var/log/btmp, so...
#
#FTMP_FILE /var/log/btmp
#
# If defined, name of file whose presence which will inhibit non-root
# logins. The contents of this file should be a message indicating
# why logins are inhibited.
#
#NOLOGINS_FILE /etc/nologin
#
# If defined, the command name to display when running "su -". For
# example, if this is defined as "su" then a "ps" will display the
# command is "-su". If not defined, then "ps" would display the
# name of the shell actually being run, e.g. something like "-sh".
#
SU_NAME su
#
# *REQUIRED*
# Directory where mailboxes reside, _or_ name of file, relative to the
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
#
MAIL_DIR /var/spool/mail
#MAIL_FILE .mail
#
# If defined, file which inhibits all the usual chatter during the login
# sequence. If a full pathname, then hushed mode will be enabled if the
# user's name or shell are found in the file. If not a full pathname, then
# hushed mode will be enabled if the file exists in the user's home directory.
#
HUSHLOGIN_FILE .hushlogin
#HUSHLOGIN_FILE /etc/hushlogins
#
# If defined, either a TZ environment parameter spec or the
# fully-rooted pathname of a file containing such a spec.
#
#ENV_TZ TZ=CST6CDT
#ENV_TZ /etc/tzname
#
# If defined, an HZ environment parameter spec.
#
# for Linux/x86
#ENV_HZ HZ=100
# For Linux/Alpha...
#ENV_HZ HZ=1024
#
# *REQUIRED* The default PATH settings, for superuser and normal users.
#
# (they are minimal, add the rest in the shell startup files)
ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
ENV_PATH PATH=/bin:/usr/bin
#
# Terminal permissions
#
# TTYGROUP Login tty will be assigned this group ownership.
# TTYPERM Login tty will be set to this permission.
#
# If you have a "write" program which is "setgid" to a special group
# which owns the terminals, define TTYGROUP to the group number and
# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
# TTYPERM to either 622 or 600.
#
TTYGROUP tty
TTYPERM 0600
#
# Login configuration initializations:
#
# ERASECHAR Terminal ERASE character ('\010' = backspace).
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
# ULIMIT Default "ulimit" value.
#
# The ERASECHAR and KILLCHAR are used only on System V machines.
# The ULIMIT is used only if the system supports it.
# (now it works with setrlimit too; ulimit is in 512-byte units)
#
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
#
ERASECHAR 0177
KILLCHAR 025
#ULIMIT 2097152
# Default initial "umask" value for non-PAM enabled systems.
# UMASK is also used by useradd and newusers to set the mode of new home
# directories.
# 022 is the default value, but 027, or even 077, could be considered
# better for privacy. There is no One True Answer here: each sysadmin
# must make up her mind.
UMASK 022
#
# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
#PASS_MIN_LEN 5
PASS_WARN_AGE 7
#
# If "yes", the user must be listed as a member of the first gid 0 group
# in /etc/group (called "root" on most Linux systems) to be able to "su"
# to uid 0 accounts. If the group doesn't exist or is empty, no one
# will be able to "su" to uid 0.
#
#SU_WHEEL_ONLY no
#
# If compiled with cracklib support, where are the dictionaries
#
#CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
#
# Min/max values for automatic uid selection in useradd
#
UID_MIN 1000
UID_MAX 60000
# System accounts
SYS_UID_MIN 101
SYS_UID_MAX 999
#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 1000
GID_MAX 60000
# System accounts
SYS_GID_MIN 101
SYS_GID_MAX 999
#
# Max number of login retries if password is bad
#
LOGIN_RETRIES 5
#
# Max time in seconds for login
#
LOGIN_TIMEOUT 60
#
# Maximum number of attempts to change password if rejected (too easy)
#
#PASS_CHANGE_TRIES 5
#
# Warn about weak passwords (but still allow them) if you are root.
#
#PASS_ALWAYS_WARN yes
#
# Number of significant characters in the password for crypt().
# Default is 8, don't change unless your crypt() is better.
# Ignored if MD5_CRYPT_ENAB set to "yes".
#
#PASS_MAX_LEN 8
#
# Require password before chfn/chsh can make any changes.
#
#CHFN_AUTH yes
#
# Which fields may be changed by regular users using chfn - use
# any combination of letters "frwh" (full name, room number, work
# phone, home phone). If not defined, no changes are allowed.
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
#
CHFN_RESTRICT rwh
#
# Password prompt (%s will be replaced by user name).
#
# XXX - it doesn't work correctly yet, for now leave it commented out
# to use the default which is just "Password: ".
#LOGIN_STRING "%s's Password: "
#
# Only works if compiled with MD5_CRYPT defined:
# If set to "yes", new passwords will be encrypted using the MD5-based
# algorithm compatible with the one used by recent releases of FreeBSD.
# It supports passwords of unlimited length and longer salt strings.
# Set to "no" if you need to copy encrypted passwords to other systems
# which don't understand the new algorithm. Default is "no".
#
# Note: If you use PAM, it is recommended to use a value consistent with
# the PAM modules configuration.
#
# This variable is deprecated. You should use ENCRYPT_METHOD.
#
#MD5_CRYPT_ENAB no
#
# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
# If set to MD5 , MD5-based algorithm will be used for encrypting password
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
# If set to DES, DES-based algorithm will be used for encrypting password (default)
# Overrides the MD5_CRYPT_ENAB option
#
# Note: If you use PAM, it is recommended to use a value consistent with
# the PAM modules configuration.
#
#ENCRYPT_METHOD DES
#
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
#
# Define the number of SHA rounds.
# With a lot of rounds, it is more difficult to brute forcing the password.
# But note also that it more CPU resources will be needed to authenticate
# users.
#
# If not specified, the libc will choose the default number of rounds (5000).
# The values must be inside the 1000-999999999 range.
# If only one of the MIN or MAX values is set, then this value will be used.
# If MIN > MAX, the highest value will be used.
#
# SHA_CRYPT_MIN_ROUNDS 5000
# SHA_CRYPT_MAX_ROUNDS 5000
#
# List of groups to add to the user's supplementary group set
# when logging in on the console (as determined by the CONSOLE
# setting). Default is none.
#
# Use with caution - it is possible for users to gain permanent
# access to these groups, even when not logged in on the console.
# How to do it is left as an exercise for the reader...
#
#CONSOLE_GROUPS floppy:audio:cdrom
#
# Should login be allowed if we can't cd to the home directory?
# Default in no.
#
DEFAULT_HOME yes
#
# If this file exists and is readable, login environment will be
# read from it. Every line should be in the form name=value.
#
#ENVIRON_FILE /etc/environment
#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD /usr/sbin/userdel_local
#
# Enable setting of the umask group bits to be the same as owner bits
# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
# the same as gid, and username is the same as the primary group name.
#
# This also enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes
#
# If set to a non-nul number, the shadow utilities will make sure that
# groups never have more than this number of users on one line.
# This permit to support split groups (groups split into multiple lines,
# with the same group ID, to avoid limitation of the line length in the
# group file).
#
# 0 is the default value and disables this feature.
#
#MAX_MEMBERS_PER_GROUP 0
#
# If useradd should create home directories for users by default (non
# system users only)
# This option is overridden with the -M or -m flags on the useradd command
# line.
#
#CREATE_HOME yes

View File

@ -0,0 +1,50 @@
diff -pur util-linux-2.12q/hwclock/hwclock.c util-linux-2.12q-fix/hwclock/hwclock.c
--- util-linux-2.12q/hwclock/hwclock.c 2004-12-15 20:13:48.000000000 +0100
+++ util-linux-2.12q-fix/hwclock/hwclock.c 2005-09-20 10:27:49.000000000 +0200
@@ -45,7 +45,7 @@
* reading '/etc/clock -au' instead of '/etc/clock -u -s', this error
* is automatically corrected at every boot.
*
- * To do this job, the program reads and writes the file '/etc/adjtime'
+ * To do this job, the program reads and writes the file '/var/lib/hwclock/adjtime'
* to determine the correction, and to save its data. In this file are
* three numbers:
*
@@ -58,13 +58,13 @@
*
* Installation and use of this program:
*
- * a) create a file '/etc/adjtime' containing as the first and only line:
+ * a) create a file '/var/lib/hwclock/adjtime' containing as the first and only line:
* '0.0 0 0.0'
* b) run 'clock -au' or 'clock -a', depending on whether your cmos is in
* universal or local time. This updates the second number.
* c) set your system time using the 'date' command.
* d) update your cmos time using 'clock -wu' or 'clock -w'
- * e) replace the first number in /etc/adjtime by your correction.
+ * e) replace the first number in /var/lib/hwclock/adjtime by your correction.
* f) put the command 'clock -au' or 'clock -a' in your '/etc/rc.local'
*/
@@ -96,7 +96,7 @@ struct clock_ops *ur;
#define FLOOR(arg) ((arg >= 0 ? (int) arg : ((int) arg) - 1));
/* Here the information for time adjustments is kept. */
-#define ADJPATH "/etc/adjtime"
+#define ADJPATH "/var/lib/hwclock/adjtime"
/* Store the date here when "badyear" flag is set. */
#define LASTDATE "/var/lib/lastdate"
@@ -231,10 +231,10 @@ hw_clock_is_utc(const bool utc, const bo
static int
read_adjtime(struct adjtime *adjtime_p) {
/*----------------------------------------------------------------------------
- Read the adjustment parameters out of the /etc/adjtime file.
+ Read the adjustment parameters out of the /var/lib/hwclock/adjtime file.
Return them as the adjtime structure <*adjtime_p>.
- If there is no /etc/adjtime file, return defaults.
+ If there is no /var/lib/hwclock/adjtime file, return defaults.
If values are missing from the file, return defaults for them.
return value 0 if all OK, !=0 otherwise.

View File

@ -0,0 +1,12 @@
diff -Nru util-linux-ng-2.15/libs/blkid/src/probers/reiserfs.c util-linux-ng-2.15.patched/libs/blkid/src/probers/reiserfs.c
--- util-linux-ng-2.15/libs/blkid/src/probers/reiserfs.c 2009-03-25 13:20:17.000000000 +0100
+++ util-linux-ng-2.15.patched/libs/blkid/src/probers/reiserfs.c 2009-05-20 02:42:54.000000000 +0200
@@ -95,7 +95,7 @@
const struct blkid_idinfo reiser_idinfo =
{
- .name = "reiser",
+ .name = "reiserfs",
.usage = BLKID_USAGE_FILESYSTEM,
.probefunc = probe_reiser,
.magics =

View File

@ -0,0 +1,11 @@
# This file and interface are deprecated.
# Applications needing raw device access should open regular
# block devices with O_DIRECT.
#
# Enter raw device bindings here.
#
# An example would be:
# ACTION=="add", KERNEL=="sda", RUN+="/bin/raw /dev/raw/raw1 %N"
# to bind /dev/raw/raw1 to /dev/sda, or
# ACTION=="add", ENV{MAJOR}=="8", ENV{MINOR}=="1", RUN+="/bin/raw /dev/raw/raw2 %M %m"
# to bind /dev/raw/raw2 to the device with major 8, minor 1.

63
util-linux-nologin.8 Normal file
View File

@ -0,0 +1,63 @@
.\" $OpenBSD: nologin.8,v 1.8 1999/06/04 02:45:19 aaron Exp $
.\" $NetBSD: nologin.8,v 1.3 1995/03/18 14:59:09 cgd Exp $
.\"
.\" Copyright (c) 1993
.\" The Regents of the University of California. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by the University of
.\" California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" @(#)nologin.8 8.1 (Berkeley) 6/19/93
.\"
.Dd February 15, 1997
.Dt NOLOGIN 8
.Os
.Sh NAME
.Nm nologin
.Nd politely refuse a login
.Sh SYNOPSIS
.Nm nologin
.Sh DESCRIPTION
.Nm
displays a message that an account is not available and
exits non-zero.
It is intended as a replacement shell field for accounts that
have been disabled.
.Pp
If the file
.Pa /etc/nologin.txt
exists,
.Nm
displays its contents to the user instead of the default message.
.Sh SEE ALSO
.Xr login 1
.Sh HISTORY
The
.Nm
command appeared in
.Bx 4.4 .

58
util-linux-nologin.c Normal file
View File

@ -0,0 +1,58 @@
/* $OpenBSD: nologin.c,v 1.2 1997/04/04 16:51:37 millert Exp $ */
/*
* Copyright (c) 1997, Jason Downs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/types.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
/* Distinctly different from _PATH_NOLOGIN. */
#define _PATH_NOLOGIN_TXT "/etc/nologin.txt"
#define DEFAULT_MESG "This account is currently not available.\n"
/*ARGSUSED*/
int main(argc, argv)
int argc;
char *argv[];
{
int nfd, nrd;
char nbuf[128];
nfd = open(_PATH_NOLOGIN_TXT, O_RDONLY);
if (nfd < 0) {
write(STDOUT_FILENO, DEFAULT_MESG, strlen(DEFAULT_MESG));
exit (1);
}
while ((nrd = read(nfd, nbuf, sizeof(nbuf))) > 0)
write(STDOUT_FILENO, nbuf, nrd);
close (nfd);
exit (1);
}

8
util-linux-pam-login Normal file
View File

@ -0,0 +1,8 @@
#%PAM-1.0
auth sufficient pam_unix.so
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
session required pam_limits.so
#session optional pam_console.so

8
util-linux-pam-remote Normal file
View File

@ -0,0 +1,8 @@
#%PAM-1.0
auth sufficient pam_unix.so
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
session required pam_limits.so
#session optional pam_console.so

8
util-linux-pam-runuser Normal file
View File

@ -0,0 +1,8 @@
#%PAM-1.0
auth sufficient pam_unix.so
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
session required pam_limits.so
#session optional pam_console.so

8
util-linux-pam-runuser-l Normal file
View File

@ -0,0 +1,8 @@
#%PAM-1.0
auth sufficient pam_unix.so
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
session required pam_limits.so
#session optional pam_console.so

9
util-linux-pam-su Normal file
View File

@ -0,0 +1,9 @@
#%PAM-1.0
auth sufficient pam_rootok.so
auth include system-auth
auth required pam_nologin.so
account include system-auth
password include system-auth
session include system-auth
session required pam_limits.so
#session optional pam_console.so

9
util-linux-pam-su-l Normal file
View File

@ -0,0 +1,9 @@
#%PAM-1.0
auth sufficient pam_rootok.so
auth include system-auth
auth required pam_nologin.so
account include system-auth
password include system-auth
session include system-auth
session required pam_limits.so
#session optional pam_console.so

600
util-linux.spec Normal file
View File

@ -0,0 +1,600 @@
%define majorminor %(echo %version | cut -d. -f 1-2)
# '/bin/raw' is deprecated (applications needing raw device access
# should open regular block devices with O_DIRECT)
%define build_raw 1
%define uuidd_groupid 65052
%define uuidd_userid 65052
Name: util-linux
Version: 2.24.2
Release: 2mamba
Epoch: 1
Summary: Miscellaneous utilities for Linux
Group: System/Tools
Vendor: openmamba
Distribution: openmamba
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
URL: http://www.kernel.org/pub/linux/utils/util-linux/
Source0: http://www.kernel.org/pub/linux/utils/util-linux/v%{majorminor}/util-linux-%{version}.tar.xz
Source1: util-linux-nologin.c
Source2: util-linux-nologin.8
Source3: util-linux-ng-60-raw.rules
Source4: util-linux-pam-su
Source5: util-linux-pam-login
Source6: util-linux-pam-su-l
Source7: util-linux-login.access
Source8: util-linux-login.defs
Source9: util-linux-pam-runuser
Source10: util-linux-pam-runuser-l
Source11: util-linux-pam-remote
Patch0: %{name}-ng-2.12q-adjtime_path.patch
Patch1: %{name}-ng-2.15-reiserfs_fix_name.patch
Patch2: util-linux-2.22-su_paths.patch
License: GPL
BuildRequires: bash
BuildRequires: gettext-devel
BuildRequires: libsepol-devel
BuildRequires: libslang-devel
BuildRequires: pam-devel
BuildRequires: perl-devel
BuildRequires: texinfo
BuildRequires: zlib-devel
## AUTOBUILDREQ-BEGIN
BuildRequires: glibc-devel
BuildRequires: libncurses-devel
%if "%{stage1}" != "1"
BuildRequires: libselinux-devel
%endif
BuildRequires: libsepol-devel
BuildRequires: libz-devel
BuildRequires: pam-devel
BuildRequires: pkg-config
BuildRequires: udev-devel
## AUTOBUILDREQ-END
Requires(post):%{__install_info}
Provides: util-linux-ng = %{?epoch:%epoch:}%{version}-%{release}
Obsoletes: util-linux-ng
Provides: uuidd
Obsoletes: uuidd
Provides: eject
Obsoletes: eject
Requires: libuuid = %{?epoch:%epoch:}%{version}-%{release}
Requires: libblkid = %{?epoch:%epoch:}%{version}-%{release}
Requires: libmount = %{?epoch:%epoch:}%{version}-%{release}
BuildRoot: %{_tmppath}/%{name}-%{version}-root
%description
The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function.
Among others, Util-linux contains the fdisk configuration tool and the login program.
%package -n libblkid
Summary: Block device identification library
Group: System/Libraries
Requires: libmount = %{?epoch:%epoch:}%{version}-%{release}
%description -n libblkid
Block device identification library.
%package -n libblkid-devel
Summary: The development file for application which use libblkid
Group: Development/Libraries
Requires: libblkid = %{?epoch:%epoch:}%{version}-%{release}
%description -n libblkid-devel
Block device identification library.
This package provides the development file for application which use libblkid.
%package -n libuuid
Summary: Universal unique id library
Group: System/Libraries
%description -n libuuid
Universal unique id library.
%package -n libuuid-devel
Summary: The development file for application which use libuuid
Group: Development/Libraries
Requires: libuuid = %{?epoch:%epoch:}%{version}-%{release}
%description -n libuuid-devel
Universal unique id library.
This package provides the development file for application which use libuuid.
%package -n libmount
Summary: Mount library
Group: System/Libraries
Requires: libblkid = %{?epoch:%epoch:}%{version}-%{release}
%description -n libmount
Mount library.
%package -n libmount-devel
Summary: The development file for application which use libmount
Group: Development/Libraries
Requires: libmount = %{?epoch:%epoch:}%{version}-%{release}
%description -n libmount-devel
Mount library.
This package provides the development file for application which use libmount.
%prep
%setup -q
#%patch0 -p1 -b .adjtime_path
#%patch1 -p1
#%patch2 -p1
cp %{S:1} nologin.c
%build
%configure \
--bindir=/bin \
--sbindir=/sbin \
--libdir=/%{_lib} \
--disable-use-tty-group \
--disable-elvtune \
--disable-login-utils \
--disable-kill \
--enable-partx \
%if %{build_raw}
--enable-raw \
%endif
--enable-wall \
--enable-write \
--enable-arch \
%if "%{stage1}" != "1"
--with-selinux \
%endif
--disable-makeinstall-chown \
--disable-rpath
%make CC="%{_target_platform}-gcc -std=gnu99"
# build nologin
%{_target_platform}-gcc %{optflags} -o nologin nologin.c
%install
[ "%{buildroot}" != / ] && rm -rf %{buildroot}
#install -d %{buildroot}/var/lib/hwclock
%makeinstall
# note: versions <=2.12 use path "%{_datadir}/misc/getopt/*"
install -d %{buildroot}%{_datadir}/misc/getopt/
#mv %{buildroot}%{_datadir}/getopt/* \
# %{buildroot}%{_datadir}/misc/getopt/
## note: do not install tcsh scripts to avoid dependencies on tcsh
#rm %{buildroot}%{_datadir}/misc/getopt/getopt-parse.tcsh
# fix some wrong paths
install -d %{buildroot}/sbin
for f in addpart delpart partx; do
mv %{buildroot}%{_sbindir}/$f %{buildroot}/sbin/$f
done
install -d %{buildroot}/bin
%if %{build_raw}
mv %{buildroot}/sbin/raw %{buildroot}/bin/raw
install -D -m644 %{S:3} %{buildroot}%{_sysconfdir}/udev/rules.d/60-raw.rules
%endif
mv %{buildroot}%{_bindir}/taskset %{buildroot}/bin/taskset
# install nologin
install -D -m 755 nologin %{buildroot}/sbin/nologin
install -D -m 644 %{S:2} %{buildroot}%{_mandir}/man8/nologin.8
%if %{build_raw}
echo '.so man8/raw.8' > %{buildroot}%{_mandir}/man8/rawdevices.8
%endif
%find_lang %{name}
# remove unpackaged files
rm %{buildroot}/sbin/fsck.minix
rm %{buildroot}/sbin/mkfs.{bfs,minix}
install -d %{buildroot}/%{_localstatedir}/lib/libuuid
# clock.txt from uuidd is a ghost file
touch %{buildroot}%{_localstatedir}/lib/libuuid/clock.txt
# install su and login pam files
install -D -m 0644 %{S:4} %{buildroot}%{_sysconfdir}/pam.d/su
install -D -m 0644 %{S:5} %{buildroot}%{_sysconfdir}/pam.d/login
install -D -m 0644 %{S:6} %{buildroot}%{_sysconfdir}/pam.d/su-l
install -D -m 0644 %{S:7} %{buildroot}%{_sysconfdir}/login.access
install -D -m 0644 %{S:8} %{buildroot}%{_sysconfdir}/login.defs
install -D -m 0644 %{S:9} %{buildroot}%{_sysconfdir}/pam.d/runuser
install -D -m 0644 %{S:10} %{buildroot}%{_sysconfdir}/pam.d/runuser-l
install -D -m 0644 %{S:11} %{buildroot}%{_sysconfdir}/pam.d/remote
# socket directory (see systemd file)
install -d %{buildroot}%{_localstatedir}/uuid
%clean
[ "%{buildroot}" != / ] && rm -rf %{buildroot}
%pre
/usr/sbin/groupadd -g %{uuidd_groupid} uuidd 2>/dev/null
/usr/sbin/useradd -u %{uuidd_userid} -g uuidd \
-d /var/lib/libuuid -s /bin/false -c "UUID generator helper daemon" uuidd 2>/dev/null
exit 0
%post -n libblkid -p /sbin/ldconfig
%postun -n libblkid -p /sbin/ldconfig
%post -n libmount -p /sbin/ldconfig
%postun -n libmount -p /sbin/ldconfig
%post -n libuuid -p /sbin/ldconfig
%postun -n libuuid -p /sbin/ldconfig
%files -f %{name}.lang
%defattr(-,root,root)
%{_sysconfdir}/pam.d/login
%{_sysconfdir}/pam.d/remote
%{_sysconfdir}/pam.d/runuser
%{_sysconfdir}/pam.d/runuser-l
%{_sysconfdir}/pam.d/su
%{_sysconfdir}/pam.d/su-l
%config %{_sysconfdir}/login.access
%config %{_sysconfdir}/login.defs
#/bin/arch
/bin/dmesg
/bin/findmnt
/bin/lsblk
/bin/login
/bin/su
/bin/wdctl
/sbin/sulogin
/bin/more
/bin/mountpoint
%if %{build_raw}
/bin/raw
%config(noreplace) %{_sysconfdir}/udev/rules.d/60-raw.rules
%endif
/bin/taskset
%attr(4755,root,root) /bin/mount
%attr(4755,root,root) /bin/umount
/sbin/addpart
/sbin/agetty
/sbin/blkdiscard
/sbin/blkid
/sbin/blockdev
/sbin/cfdisk
/sbin/ctrlaltdel
/sbin/chcpu
/sbin/delpart
/sbin/fdisk
/sbin/findfs
/sbin/fsck
/sbin/fsck.cramfs
#/sbin/fsck.minix
/sbin/fstrim
/sbin/fsfreeze
/sbin/hwclock
/sbin/losetup
/sbin/mkfs
#/sbin/mkfs.bfs
/sbin/mkfs.cramfs
#/sbin/mkfs.minix
/sbin/mkswap
/sbin/nologin
/sbin/partx
/sbin/pivot_root
/sbin/runuser
/sbin/sfdisk
/sbin/swapoff
/sbin/swapon
/sbin/swaplabel
/sbin/switch_root
/sbin/wipefs
%{_bindir}/cal
%{_bindir}/chrt
%{_bindir}/col
%{_bindir}/colcrt
%{_bindir}/colrm
%{_bindir}/column
%{_bindir}/cytune
#%{_bindir}/ddate
#%{_bindir}/fdformat
%{_bindir}/eject
%{_bindir}/fallocate
%{_bindir}/flock
%{_bindir}/getopt
%{_bindir}/hexdump
%ifarch i586 x86_64
%{_bindir}/i386
%endif
%ifarch x86_64
%{_bindir}/x86_64
%endif
%ifarch ppc
%{_bindir}/ppc*
%endif
%{_bindir}/ionice
%{_bindir}/ipcrm
%{_bindir}/ipcs
%{_bindir}/ipcmk
%{_bindir}/isosize
%{_bindir}/last
%{_bindir}/lastb
#%{_bindir}/line
%{_bindir}/linux32
%{_bindir}/linux64
%{_bindir}/logger
%{_bindir}/look
%{_bindir}/lscpu
%{_bindir}/lslocks
%{_bindir}/mcookie
%{_bindir}/mesg
%{_bindir}/namei
%{_bindir}/nsenter
%{_bindir}/setpriv
%{_bindir}/pg
%{_bindir}/prlimit
%{_bindir}/rename
%{_bindir}/renice
%{_bindir}/rev
%{_bindir}/script
%{_bindir}/scriptreplay
%{_bindir}/setarch
%{_bindir}/setsid
%{_bindir}/setterm
%{_bindir}/tailf
%{_bindir}/ul
%{_bindir}/unshare
%{_bindir}/utmpdump
%{_bindir}/uuidgen
%{_bindir}/wall
%{_bindir}/whereis
%{_bindir}/write
%{_sbindir}/fdformat
%{_sbindir}/ldattach
#%{_sbindir}/ramsize
#%{_sbindir}/rdev
%{_sbindir}/readprofile
%{_sbindir}/resizepart
#%{_sbindir}/rootflags
%{_sbindir}/rtcwake
#%{_sbindir}/tunelp
%{_sbindir}/uuidd
#%{_sbindir}/vidmode
/lib/systemd/system/uuidd.service
/lib/systemd/system/uuidd.socket
#%{_infodir}/ipc.info.*
%{_datadir}/bash-completion/completions/*
%dir %{_localstatedir}/uuid
%dir %{_localstatedir}/lib/libuuid
%ghost %{_localstatedir}/lib/libuuid/clock.txt
%{_mandir}/man1/*
%{_mandir}/man5/fstab.*
%{_mandir}/man8/*
#%lang(ru) %{_mandir}/ru/man1/ddate.*
#%dir /var/lib/hwclock
%dir %{_docdir}/util-linux/getopt
%{_docdir}/util-linux/getopt/getopt-parse.bash
%{_docdir}/util-linux/getopt/getopt-parse.tcsh
%doc AUTHORS README.licensing
%files -n libblkid
%defattr(-,root,root)
/%{_lib}/libblkid.so.*
%files -n libblkid-devel
%defattr(-,root,root)
%{_includedir}/blkid/blkid.h
/%{_libdir}/libblkid.a
/%{_libdir}/libblkid.la
/%{_libdir}/libblkid.so
%{_libdir}/pkgconfig/blkid.pc
%{_mandir}/man3/libblkid.*
%doc NEWS README
%files -n libmount
%defattr(-,root,root)
/%{_lib}/libmount.so.*
%files -n libmount-devel
%defattr(-,root,root)
%{_includedir}/libmount/libmount.h
/%{_libdir}/libmount.a
/%{_libdir}/libmount.la
/%{_libdir}/libmount.so
%{_libdir}/pkgconfig/mount.pc
%files -n libuuid
%defattr(-,root,root)
/%{_lib}/libuuid.so.*
%files -n libuuid-devel
%defattr(-,root,root)
#%{_bindir}/chkdupexe
%{_includedir}/uuid/uuid.h
/%{_libdir}/libuuid.a
/%{_libdir}/libuuid.la
/%{_libdir}/libuuid.so
%{_libdir}/pkgconfig/uuid.pc
%{_mandir}/man3/uuid*.*
%changelog
* Tue May 06 2014 Silvan Calarco <silvan.calarco@mambasoft.it> 2.24.2-2mamba
- provide pam files for runuser, runuser-l and remote (login)
* Thu Apr 24 2014 Automatic Build System <autodist@mambasoft.it> 2.24.2-1mamba
- automatic version update by autodist
* Tue Jan 21 2014 Automatic Build System <autodist@mambasoft.it> 2.24.1-1mamba
- automatic version update by autodist
* Sun Oct 27 2013 Automatic Build System <autodist@mambasoft.it> 2.24-1mamba
- automatic version update by autodist
* Wed Jul 31 2013 Automatic Build System <autodist@mambasoft.it> 2.23.2-1mamba
- automatic version update by autodist
* Thu Jun 27 2013 Silvan Calarco <silvan.calarco@mambasoft.it> 2.23.1-2mamba
- add %{_localstatedir}/uuid dir required by uuidd.socket
* Tue May 28 2013 Automatic Build System <autodist@mambasoft.it> 2.23.1-1mamba
- automatic version update by autodist
* Mon Apr 29 2013 Automatic Build System <autodist@mambasoft.it> 2.23-1mamba
- automatic version update by autodist
* Thu Dec 13 2012 Automatic Build System <autodist@mambasoft.it> 2.22.2-1mamba
- automatic version update by autodist
* Thu Oct 11 2012 Automatic Build System <autodist@mambasoft.it> 2.22.1-1mamba
- automatic version update by autodist
* Sat Sep 15 2012 Silvan Calarco <silvan.calarco@mambasoft.it> 2.22-4mamba
- install /etc/login.defs and /etc/login.access taken from shadow
* Wed Sep 12 2012 Silvan Calarco <silvan.calarco@mambasoft.it> 2.22-3mamba
- install su-l pam file required by su
* Sun Sep 09 2012 Silvan Calarco <silvan.calarco@mambasoft.it> 2.22-2mamba
- obsolete eject
- added pam file for login (moved from shadow-common)
* Sat Sep 08 2012 Automatic Build System <autodist@mambasoft.it> 2.22-1mamba
- automatic version update by autodist
* Fri May 25 2012 Automatic Build System <autodist@mambasoft.it> 2.21.2-1mamba
- automatic version update by autodist
* Mon Apr 02 2012 Automatic Build System <autodist@mambasoft.it> 2.21.1-1mamba
- automatic version update by autodist
* Sat Mar 24 2012 Automatic Build System <autodist@mambasoft.it> 2.21-1mamba
- update to 2.21
* Sat Jan 28 2012 Davide Madrisan <davide.madrisan@gmail.com> 2.20-3mamba
- move libraries to /lib because they are used by binaries located in /bin and /sbin
* Sat Oct 22 2011 Silvan Calarco <silvan.calarco@mambasoft.it> 2.20-2mamba
- enable maintained wall and remove from sysvinit
* Fri Oct 21 2011 Automatic Build System <autodist@mambasoft.it> 2.20-1mamba
- automatic version update by autodist
* Fri May 13 2011 Automatic Build System <autodist@mambasoft.it> 2.19.1-1mamba
- automatic update by autodist
* Sat Feb 12 2011 Silvan Calarco <silvan.calarco@mambasoft.it> 2.19-1mamba
- update to 2.19
- upstream renamed back to util-linux from util-linux-ng
* Wed Dec 01 2010 Silvan Calarco <silvan.calarco@mambasoft.it> 2.18-2mamba
- move chkdupexe to devel package to remove whole package dependency on perl
* Thu Jul 01 2010 Automatic Build System <autodist@mambasoft.it> 2.18-1mamba
- automatic update to 2.18 by autodist
* Mon Mar 29 2010 Automatic Build System <autodist@mambasoft.it> 2.17.2-1mamba
- automatic update to 2.17.2 by autodist
* Mon Feb 22 2010 Automatic Build System <autodist@mambasoft.it> 2.17.1-1mamba
- automatic update to 2.17.1 by autodist
* Wed Jan 27 2010 Automatic Build System <autodist@mambasoft.it> 2.17-1mamba
- automatic update to 2.17 by autodist
* Tue Dec 01 2009 Automatic Build System <autodist@mambasoft.it> 2.16.2-1mamba
- automatic update to 2.16.2 by autodist
* Mon Sep 07 2009 Automatic Build System <autodist@mambasoft.it> 2.16.1-1mamba
- automatic update to 2.16.1 by autodist
* Sun Jul 26 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 2.16-2mamba
- uuidd: port pre script from e2fsprogs and obsolete uuidd package
* Sat Jul 25 2009 Automatic Build System <autodist@mambasoft.it> 2.16-1mamba
- automatic update to 2.16 by autodist
* Sat Jun 13 2009 Automatic Build System <autodist@mambasoft.it> 2.15.1-1mamba
- automatic update to 2.15.1 by autodist
* Wed May 20 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 2.15-3mamba
- blkid: added patch to detect reiserfs with name 'reiserfs' instead of 'reiser'
* Mon May 18 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 2.15-2mamba
- rebuilt with internal libblkid; added library packages
* Wed May 06 2009 Automatic Build System <autodist@mambasoft.it> 2.15-1mamba
- automatic update to 2.15 by autodist
* Mon Feb 09 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 2.14.2-1mamba
- automatic update by autodist
* Thu Sep 11 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 2.14.1-1mamba
- automatic update to 2.14.1 by autodist
* Tue Jun 10 2008 Aleph0 <aleph0@openmamba.org> 2.14-1mamba
- update to 2.14 (also fixes CVE-2008-1926)
- add missing build requirement: libsepol-devel
- fdformat: install to /usr/sbin instead to /usr/bin
* Wed Apr 30 2008 Aleph0 <aleph0@openmamba.org> 2.13.1.1-1mamba
- update to 2.13.1.1 (also fixes CVE-2007-3102)
* Sat Feb 23 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 2.13.1-2mamba
- fix installation of udev raw rules file
* Thu Jan 17 2008 Aleph0 <aleph0@openmamba.org> 2.13.1-1mamba
- update to 2.13.1
- package renamed to util-linux-ng
- fixes CVE-2007-5191, CVE-2007-0822, CVE-2006-7108
- enable build of the arch tool (superseeded our patch)
- enable support for selinux
- conditionally build the deprecated tool /bin/raw
* Sat Jul 07 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 2.13-4mamba
- nfs.5 man entry renamed to fstab-nfs.5
* Mon Apr 02 2007 Aleph0 <aleph0@openmamba.org> 2.13pre7-3mamba
- security fix against CVE-2007-0822
* Thu Feb 01 2007 Aleph0 <aleph0@openmamba.org> 2.13pre7-2qilnx
- removed minix and sco (mkfs.bfs) filesystems stuff
* Wed Jan 24 2007 Aleph0 <aleph0@openmamba.org> 2.13pre7-1qilnx
- update to version 2.13pre7 by autospec
- added nologin binary and manpage
- disable elvtune: only works with 2.2 and 2.4 kernels
* Mon Sep 26 2005 Davide Madrisan <davide.madrisan@qilinux.it> 2.12r-1qilnx
- update to version 2.12r by autospec
- patch for QSA-2005-107 removed (merged upstream)
* Tue Sep 20 2005 Davide Madrisan <davide.madrisan@qilinux.it> 2.12q-3qilnx
- specfile fixes: use %%find_lang, install/uninstall info pages
- security fix: QSA-2005-107 (CAN-2005-2876)
* Fri Sep 09 2005 Silvan Calarco <silvan.calarco@mambasoft.it> 2.12q-2qilnx
- added cross-platform build options
* Mon Sep 05 2005 Silvan Calarco <silvan.calarco@mambasoft.it> 2.12q-1qilnx
- update to version 2.12q by autospec
- add cross-build support
- give system default build options
* Thu Aug 26 2004 Davide Madrisan <davide.madrisan@qilinux.it> 2.12b-1qilnx
- update to version 2.12b by autospec
* Tue Jul 27 2004 Davide Madrisan <davide.madrisan@qilinux.it> 2.12a-1qilnx
- version update
- %%install: forced USE_TTY_GROUP=no for the 'wall' and 'write' tools
* Mon Mar 01 2004 Davide Madrisan <davide.madrisan@qilinux.it> 2.12-1qilnx
- new version rebuild
* Sat Nov 30 2003 Davide Madrisan <davide.madrisan@qilinux.it> 2.11z-3qilnx
- specfile updates
* Tue Apr 22 2003 Silvan Calarco <silvan.calarco@qinet.it> 2.11z-2qilnx
- removed tcsh scripts to avoid a tcsh dependance
- added directory /var/lib/hwclock
- removed build of kill because it's in procps package
* Wed Apr 09 2003 Luca Tinelli <luca.tinelli@qinet.it> 2.11z-1qilnx
- first build