diff --git a/README.md b/README.md index c37bdc2..bfaea3c 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,5 @@ # util-linux +The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. +Among others, Util-linux contains the fdisk configuration tool and the login program. + diff --git a/util-linux-2.22-su_paths.patch b/util-linux-2.22-su_paths.patch new file mode 100644 index 0000000..781b4d6 --- /dev/null +++ b/util-linux-2.22-su_paths.patch @@ -0,0 +1,18 @@ +--- a/login-utils/su.c.badpaths Tue Apr 05 14:26:55 2005 ++++ b/login-utils/su.c Tue Apr 05 14:40:21 EDT 2005 +@@ -147,6 +147,15 @@ + #define DEFAULT_ROOT_LOGIN_PATH "/usr/ucb:/bin:/usr/bin:/etc" + #endif + ++/* The default paths which get set are both bogus and oddly influenced ++ by and -D on the commands line. Just to be clear, we'll set ++ these explicitly. -ewt */ ++#undef DEFAULT_LOGIN_PATH ++#undef DEFAULT_ROOT_LOGIN_PATH ++#define DEFAULT_LOGIN_PATH "/bin:/usr/bin:/usr/local/bin" ++#define DEFAULT_ROOT_LOGIN_PATH \ ++ "/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" ++ + /* The shell to run if none is given in the user's passwd entry. */ + #define DEFAULT_SHELL "/bin/sh" + diff --git a/util-linux-login.access b/util-linux-login.access new file mode 100644 index 0000000..078e3f8 --- /dev/null +++ b/util-linux-login.access @@ -0,0 +1,54 @@ +# $Id: login.access 1342 2007-11-10 23:46:11Z nekral-guest $ +# +# Login access control table. +# +# When someone logs in, the table is scanned for the first entry that +# matches the (user, host) combination, or, in case of non-networked +# logins, the first entry that matches the (user, tty) combination. The +# permissions field of that table entry determines whether the login will +# be accepted or refused. +# +# Format of the login access control table is three fields separated by a +# ":" character: +# +# permission : users : origins +# +# The first field should be a "+" (access granted) or "-" (access denied) +# character. +# +# The second field should be a list of one or more login names, group +# names, or ALL (always matches). A pattern of the form user@host is +# matched when the login name matches the "user" part, and when the +# "host" part matches the local machine name. +# +# The third field should be a list of one or more tty names (for +# non-networked logins), host names, domain names (begin with "."), host +# addresses, internet network numbers (end with "."), ALL (always +# matches) or LOCAL (matches any string that does not contain a "." +# character). +# +# If you run NIS you can use @netgroupname in host or user patterns; this +# even works for @usergroup@@hostgroup patterns. Weird. +# +# The EXCEPT operator makes it possible to write very compact rules. +# +# The group file is searched only when a name does not match that of the +# logged-in user. Only groups are matched in which users are explicitly +# listed: the program does not look at a user's primary group id value. +# +############################################################################## +# +# Disallow console logins to all but a few accounts. +# +#-:ALL EXCEPT wheel shutdown sync:console +# +# Disallow non-local logins to privileged accounts (group wheel). +# +#-:wheel:ALL EXCEPT LOCAL .win.tue.nl +# +# Some accounts are not allowed to login from anywhere: +# +#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL +# +# All other accounts are allowed to login from anywhere. +# diff --git a/util-linux-login.defs b/util-linux-login.defs new file mode 100644 index 0000000..21f6f91 --- /dev/null +++ b/util-linux-login.defs @@ -0,0 +1,386 @@ +# +# /etc/login.defs - Configuration control definitions for the shadow package. +# +# $Id: login.defs 3038 2009-07-23 20:41:35Z nekral-guest $ +# + +# +# Delay in seconds before being allowed another attempt after a login failure +# Note: When PAM is used, some modules may enfore a minimal delay (e.g. +# pam_unix enforces a 2s delay) +# +FAIL_DELAY 3 + +# +# Enable logging and display of /var/log/faillog login failure info. +# +#FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable logging and display of /var/log/lastlog login time info. +# +#LASTLOG_ENAB yes + +# +# Enable checking and display of mailbox status upon login. +# +# Disable if the shell startup files already check for mail +# ("mailx -e" or equivalent). +# +#MAIL_CHECK_ENAB yes + +# +# Enable additional checks upon password changes. +# +#OBSCURE_CHECKS_ENAB yes + +# +# Enable checking of time restrictions specified in /etc/porttime. +# +#PORTTIME_CHECKS_ENAB yes + +# +# Enable setting of ulimit, umask, and niceness from passwd gecos field. +# +#QUOTAS_ENAB yes + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +CONSOLE /etc/securetty +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, ":" delimited list of "message of the day" files to +# be displayed upon login. +# +#MOTD_FILE /etc/motd +#MOTD_FILE /etc/motd:/usr/lib/news/news-motd + +# +# If defined, this file will be output before each login prompt. +# +#ISSUE_FILE /etc/issue + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format. +# last, when invoked as lastb, will read /var/log/btmp, so... +# +#FTMP_FILE /var/log/btmp + +# +# If defined, name of file whose presence which will inhibit non-root +# logins. The contents of this file should be a message indicating +# why logins are inhibited. +# +#NOLOGINS_FILE /etc/nologin + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# *REQUIRED* +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define both, MAIL_DIR takes precedence. +# +MAIL_DIR /var/spool/mail +#MAIL_FILE .mail + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# If defined, either a TZ environment parameter spec or the +# fully-rooted pathname of a file containing such a spec. +# +#ENV_TZ TZ=CST6CDT +#ENV_TZ /etc/tzname + +# +# If defined, an HZ environment parameter spec. +# +# for Linux/x86 +#ENV_HZ HZ=100 +# For Linux/Alpha... +#ENV_HZ HZ=1024 + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin +ENV_PATH PATH=/bin:/usr/bin + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# ULIMIT Default "ulimit" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# The ULIMIT is used only if the system supports it. +# (now it works with setrlimit too; ulimit is in 512-byte units) +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +#ULIMIT 2097152 + +# Default initial "umask" value for non-PAM enabled systems. +# UMASK is also used by useradd and newusers to set the mode of new home +# directories. +# 022 is the default value, but 027, or even 077, could be considered +# better for privacy. There is no One True Answer here: each sysadmin +# must make up her mind. +UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_MIN_LEN Minimum acceptable password length. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +#PASS_MIN_LEN 5 +PASS_WARN_AGE 7 + +# +# If "yes", the user must be listed as a member of the first gid 0 group +# in /etc/group (called "root" on most Linux systems) to be able to "su" +# to uid 0 accounts. If the group doesn't exist or is empty, no one +# will be able to "su" to uid 0. +# +#SU_WHEEL_ONLY no + +# +# If compiled with cracklib support, where are the dictionaries +# +#CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 +# System accounts +SYS_UID_MIN 101 +SYS_UID_MAX 999 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 1000 +GID_MAX 60000 +# System accounts +SYS_GID_MIN 101 +SYS_GID_MAX 999 + +# +# Max number of login retries if password is bad +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Maximum number of attempts to change password if rejected (too easy) +# +#PASS_CHANGE_TRIES 5 + +# +# Warn about weak passwords (but still allow them) if you are root. +# +#PASS_ALWAYS_WARN yes + +# +# Number of significant characters in the password for crypt(). +# Default is 8, don't change unless your crypt() is better. +# Ignored if MD5_CRYPT_ENAB set to "yes". +# +#PASS_MAX_LEN 8 + +# +# Require password before chfn/chsh can make any changes. +# +#CHFN_AUTH yes + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Password prompt (%s will be replaced by user name). +# +# XXX - it doesn't work correctly yet, for now leave it commented out +# to use the default which is just "Password: ". +#LOGIN_STRING "%s's Password: " + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# Note: If you use PAM, it is recommended to use a value consistent with +# the PAM modules configuration. +# +# This variable is deprecated. You should use ENCRYPT_METHOD. +# +#MD5_CRYPT_ENAB no + +# +# Only works if compiled with ENCRYPTMETHOD_SELECT defined: +# If set to MD5 , MD5-based algorithm will be used for encrypting password +# If set to SHA256, SHA256-based algorithm will be used for encrypting password +# If set to SHA512, SHA512-based algorithm will be used for encrypting password +# If set to DES, DES-based algorithm will be used for encrypting password (default) +# Overrides the MD5_CRYPT_ENAB option +# +# Note: If you use PAM, it is recommended to use a value consistent with +# the PAM modules configuration. +# +#ENCRYPT_METHOD DES + +# +# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. +# +# Define the number of SHA rounds. +# With a lot of rounds, it is more difficult to brute forcing the password. +# But note also that it more CPU resources will be needed to authenticate +# users. +# +# If not specified, the libc will choose the default number of rounds (5000). +# The values must be inside the 1000-999999999 range. +# If only one of the MIN or MAX values is set, then this value will be used. +# If MIN > MAX, the highest value will be used. +# +# SHA_CRYPT_MIN_ROUNDS 5000 +# SHA_CRYPT_MAX_ROUNDS 5000 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If this file exists and is readable, login environment will be +# read from it. Every line should be in the form name=value. +# +#ENVIRON_FILE /etc/environment + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# Enable setting of the umask group bits to be the same as owner bits +# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is +# the same as gid, and username is the same as the primary group name. +# +# This also enables userdel to remove user groups if no members exist. +# +USERGROUPS_ENAB yes + +# +# If set to a non-nul number, the shadow utilities will make sure that +# groups never have more than this number of users on one line. +# This permit to support split groups (groups split into multiple lines, +# with the same group ID, to avoid limitation of the line length in the +# group file). +# +# 0 is the default value and disables this feature. +# +#MAX_MEMBERS_PER_GROUP 0 + +# +# If useradd should create home directories for users by default (non +# system users only) +# This option is overridden with the -M or -m flags on the useradd command +# line. +# +#CREATE_HOME yes + diff --git a/util-linux-ng-2.12q-adjtime_path.patch b/util-linux-ng-2.12q-adjtime_path.patch new file mode 100644 index 0000000..8220e5b --- /dev/null +++ b/util-linux-ng-2.12q-adjtime_path.patch @@ -0,0 +1,50 @@ +diff -pur util-linux-2.12q/hwclock/hwclock.c util-linux-2.12q-fix/hwclock/hwclock.c +--- util-linux-2.12q/hwclock/hwclock.c 2004-12-15 20:13:48.000000000 +0100 ++++ util-linux-2.12q-fix/hwclock/hwclock.c 2005-09-20 10:27:49.000000000 +0200 +@@ -45,7 +45,7 @@ + * reading '/etc/clock -au' instead of '/etc/clock -u -s', this error + * is automatically corrected at every boot. + * +- * To do this job, the program reads and writes the file '/etc/adjtime' ++ * To do this job, the program reads and writes the file '/var/lib/hwclock/adjtime' + * to determine the correction, and to save its data. In this file are + * three numbers: + * +@@ -58,13 +58,13 @@ + * + * Installation and use of this program: + * +- * a) create a file '/etc/adjtime' containing as the first and only line: ++ * a) create a file '/var/lib/hwclock/adjtime' containing as the first and only line: + * '0.0 0 0.0' + * b) run 'clock -au' or 'clock -a', depending on whether your cmos is in + * universal or local time. This updates the second number. + * c) set your system time using the 'date' command. + * d) update your cmos time using 'clock -wu' or 'clock -w' +- * e) replace the first number in /etc/adjtime by your correction. ++ * e) replace the first number in /var/lib/hwclock/adjtime by your correction. + * f) put the command 'clock -au' or 'clock -a' in your '/etc/rc.local' + */ + +@@ -96,7 +96,7 @@ struct clock_ops *ur; + #define FLOOR(arg) ((arg >= 0 ? (int) arg : ((int) arg) - 1)); + + /* Here the information for time adjustments is kept. */ +-#define ADJPATH "/etc/adjtime" ++#define ADJPATH "/var/lib/hwclock/adjtime" + + /* Store the date here when "badyear" flag is set. */ + #define LASTDATE "/var/lib/lastdate" +@@ -231,10 +231,10 @@ hw_clock_is_utc(const bool utc, const bo + static int + read_adjtime(struct adjtime *adjtime_p) { + /*---------------------------------------------------------------------------- +- Read the adjustment parameters out of the /etc/adjtime file. ++ Read the adjustment parameters out of the /var/lib/hwclock/adjtime file. + + Return them as the adjtime structure <*adjtime_p>. +- If there is no /etc/adjtime file, return defaults. ++ If there is no /var/lib/hwclock/adjtime file, return defaults. + If values are missing from the file, return defaults for them. + + return value 0 if all OK, !=0 otherwise. diff --git a/util-linux-ng-2.15-reiserfs_fix_name.patch b/util-linux-ng-2.15-reiserfs_fix_name.patch new file mode 100644 index 0000000..6491a6d --- /dev/null +++ b/util-linux-ng-2.15-reiserfs_fix_name.patch @@ -0,0 +1,12 @@ +diff -Nru util-linux-ng-2.15/libs/blkid/src/probers/reiserfs.c util-linux-ng-2.15.patched/libs/blkid/src/probers/reiserfs.c +--- util-linux-ng-2.15/libs/blkid/src/probers/reiserfs.c 2009-03-25 13:20:17.000000000 +0100 ++++ util-linux-ng-2.15.patched/libs/blkid/src/probers/reiserfs.c 2009-05-20 02:42:54.000000000 +0200 +@@ -95,7 +95,7 @@ + + const struct blkid_idinfo reiser_idinfo = + { +- .name = "reiser", ++ .name = "reiserfs", + .usage = BLKID_USAGE_FILESYSTEM, + .probefunc = probe_reiser, + .magics = diff --git a/util-linux-ng-60-raw.rules b/util-linux-ng-60-raw.rules new file mode 100644 index 0000000..2279c91 --- /dev/null +++ b/util-linux-ng-60-raw.rules @@ -0,0 +1,11 @@ +# This file and interface are deprecated. +# Applications needing raw device access should open regular +# block devices with O_DIRECT. +# +# Enter raw device bindings here. +# +# An example would be: +# ACTION=="add", KERNEL=="sda", RUN+="/bin/raw /dev/raw/raw1 %N" +# to bind /dev/raw/raw1 to /dev/sda, or +# ACTION=="add", ENV{MAJOR}=="8", ENV{MINOR}=="1", RUN+="/bin/raw /dev/raw/raw2 %M %m" +# to bind /dev/raw/raw2 to the device with major 8, minor 1. diff --git a/util-linux-nologin.8 b/util-linux-nologin.8 new file mode 100644 index 0000000..5cb1601 --- /dev/null +++ b/util-linux-nologin.8 @@ -0,0 +1,63 @@ +.\" $OpenBSD: nologin.8,v 1.8 1999/06/04 02:45:19 aaron Exp $ +.\" $NetBSD: nologin.8,v 1.3 1995/03/18 14:59:09 cgd Exp $ +.\" +.\" Copyright (c) 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)nologin.8 8.1 (Berkeley) 6/19/93 +.\" +.Dd February 15, 1997 +.Dt NOLOGIN 8 +.Os +.Sh NAME +.Nm nologin +.Nd politely refuse a login +.Sh SYNOPSIS +.Nm nologin +.Sh DESCRIPTION +.Nm +displays a message that an account is not available and +exits non-zero. +It is intended as a replacement shell field for accounts that +have been disabled. +.Pp +If the file +.Pa /etc/nologin.txt +exists, +.Nm +displays its contents to the user instead of the default message. +.Sh SEE ALSO +.Xr login 1 +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.4 . diff --git a/util-linux-nologin.c b/util-linux-nologin.c new file mode 100644 index 0000000..8a51ba9 --- /dev/null +++ b/util-linux-nologin.c @@ -0,0 +1,58 @@ +/* $OpenBSD: nologin.c,v 1.2 1997/04/04 16:51:37 millert Exp $ */ + +/* + * Copyright (c) 1997, Jason Downs. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include + +/* Distinctly different from _PATH_NOLOGIN. */ +#define _PATH_NOLOGIN_TXT "/etc/nologin.txt" + +#define DEFAULT_MESG "This account is currently not available.\n" + +/*ARGSUSED*/ +int main(argc, argv) + int argc; + char *argv[]; +{ + int nfd, nrd; + char nbuf[128]; + + nfd = open(_PATH_NOLOGIN_TXT, O_RDONLY); + if (nfd < 0) { + write(STDOUT_FILENO, DEFAULT_MESG, strlen(DEFAULT_MESG)); + exit (1); + } + + while ((nrd = read(nfd, nbuf, sizeof(nbuf))) > 0) + write(STDOUT_FILENO, nbuf, nrd); + close (nfd); + + exit (1); +} diff --git a/util-linux-pam-login b/util-linux-pam-login new file mode 100644 index 0000000..2a5c808 --- /dev/null +++ b/util-linux-pam-login @@ -0,0 +1,8 @@ +#%PAM-1.0 +auth sufficient pam_unix.so +auth include system-auth +account include system-auth +password include system-auth +session include system-auth +session required pam_limits.so +#session optional pam_console.so diff --git a/util-linux-pam-remote b/util-linux-pam-remote new file mode 100644 index 0000000..2a5c808 --- /dev/null +++ b/util-linux-pam-remote @@ -0,0 +1,8 @@ +#%PAM-1.0 +auth sufficient pam_unix.so +auth include system-auth +account include system-auth +password include system-auth +session include system-auth +session required pam_limits.so +#session optional pam_console.so diff --git a/util-linux-pam-runuser b/util-linux-pam-runuser new file mode 100644 index 0000000..2a5c808 --- /dev/null +++ b/util-linux-pam-runuser @@ -0,0 +1,8 @@ +#%PAM-1.0 +auth sufficient pam_unix.so +auth include system-auth +account include system-auth +password include system-auth +session include system-auth +session required pam_limits.so +#session optional pam_console.so diff --git a/util-linux-pam-runuser-l b/util-linux-pam-runuser-l new file mode 100644 index 0000000..2a5c808 --- /dev/null +++ b/util-linux-pam-runuser-l @@ -0,0 +1,8 @@ +#%PAM-1.0 +auth sufficient pam_unix.so +auth include system-auth +account include system-auth +password include system-auth +session include system-auth +session required pam_limits.so +#session optional pam_console.so diff --git a/util-linux-pam-su b/util-linux-pam-su new file mode 100644 index 0000000..a107012 --- /dev/null +++ b/util-linux-pam-su @@ -0,0 +1,9 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth include system-auth +auth required pam_nologin.so +account include system-auth +password include system-auth +session include system-auth +session required pam_limits.so +#session optional pam_console.so diff --git a/util-linux-pam-su-l b/util-linux-pam-su-l new file mode 100644 index 0000000..a107012 --- /dev/null +++ b/util-linux-pam-su-l @@ -0,0 +1,9 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth include system-auth +auth required pam_nologin.so +account include system-auth +password include system-auth +session include system-auth +session required pam_limits.so +#session optional pam_console.so diff --git a/util-linux.spec b/util-linux.spec new file mode 100644 index 0000000..7bc0600 --- /dev/null +++ b/util-linux.spec @@ -0,0 +1,600 @@ +%define majorminor %(echo %version | cut -d. -f 1-2) + +# '/bin/raw' is deprecated (applications needing raw device access +# should open regular block devices with O_DIRECT) +%define build_raw 1 +%define uuidd_groupid 65052 +%define uuidd_userid 65052 + +Name: util-linux +Version: 2.24.2 +Release: 2mamba +Epoch: 1 +Summary: Miscellaneous utilities for Linux +Group: System/Tools +Vendor: openmamba +Distribution: openmamba +Packager: Silvan Calarco +URL: http://www.kernel.org/pub/linux/utils/util-linux/ +Source0: http://www.kernel.org/pub/linux/utils/util-linux/v%{majorminor}/util-linux-%{version}.tar.xz +Source1: util-linux-nologin.c +Source2: util-linux-nologin.8 +Source3: util-linux-ng-60-raw.rules +Source4: util-linux-pam-su +Source5: util-linux-pam-login +Source6: util-linux-pam-su-l +Source7: util-linux-login.access +Source8: util-linux-login.defs +Source9: util-linux-pam-runuser +Source10: util-linux-pam-runuser-l +Source11: util-linux-pam-remote +Patch0: %{name}-ng-2.12q-adjtime_path.patch +Patch1: %{name}-ng-2.15-reiserfs_fix_name.patch +Patch2: util-linux-2.22-su_paths.patch +License: GPL +BuildRequires: bash +BuildRequires: gettext-devel +BuildRequires: libsepol-devel +BuildRequires: libslang-devel +BuildRequires: pam-devel +BuildRequires: perl-devel +BuildRequires: texinfo +BuildRequires: zlib-devel +## AUTOBUILDREQ-BEGIN +BuildRequires: glibc-devel +BuildRequires: libncurses-devel +%if "%{stage1}" != "1" +BuildRequires: libselinux-devel +%endif +BuildRequires: libsepol-devel +BuildRequires: libz-devel +BuildRequires: pam-devel +BuildRequires: pkg-config +BuildRequires: udev-devel +## AUTOBUILDREQ-END +Requires(post):%{__install_info} +Provides: util-linux-ng = %{?epoch:%epoch:}%{version}-%{release} +Obsoletes: util-linux-ng +Provides: uuidd +Obsoletes: uuidd +Provides: eject +Obsoletes: eject +Requires: libuuid = %{?epoch:%epoch:}%{version}-%{release} +Requires: libblkid = %{?epoch:%epoch:}%{version}-%{release} +Requires: libmount = %{?epoch:%epoch:}%{version}-%{release} +BuildRoot: %{_tmppath}/%{name}-%{version}-root + +%description +The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. +Among others, Util-linux contains the fdisk configuration tool and the login program. + +%package -n libblkid +Summary: Block device identification library +Group: System/Libraries +Requires: libmount = %{?epoch:%epoch:}%{version}-%{release} + +%description -n libblkid +Block device identification library. + +%package -n libblkid-devel +Summary: The development file for application which use libblkid +Group: Development/Libraries +Requires: libblkid = %{?epoch:%epoch:}%{version}-%{release} + +%description -n libblkid-devel +Block device identification library. +This package provides the development file for application which use libblkid. + +%package -n libuuid +Summary: Universal unique id library +Group: System/Libraries + +%description -n libuuid +Universal unique id library. + +%package -n libuuid-devel +Summary: The development file for application which use libuuid +Group: Development/Libraries +Requires: libuuid = %{?epoch:%epoch:}%{version}-%{release} + +%description -n libuuid-devel +Universal unique id library. +This package provides the development file for application which use libuuid. + +%package -n libmount +Summary: Mount library +Group: System/Libraries +Requires: libblkid = %{?epoch:%epoch:}%{version}-%{release} + +%description -n libmount +Mount library. + +%package -n libmount-devel +Summary: The development file for application which use libmount +Group: Development/Libraries +Requires: libmount = %{?epoch:%epoch:}%{version}-%{release} + +%description -n libmount-devel +Mount library. +This package provides the development file for application which use libmount. + +%prep +%setup -q +#%patch0 -p1 -b .adjtime_path +#%patch1 -p1 +#%patch2 -p1 + +cp %{S:1} nologin.c + +%build +%configure \ + --bindir=/bin \ + --sbindir=/sbin \ + --libdir=/%{_lib} \ + --disable-use-tty-group \ + --disable-elvtune \ + --disable-login-utils \ + --disable-kill \ + --enable-partx \ +%if %{build_raw} + --enable-raw \ +%endif + --enable-wall \ + --enable-write \ + --enable-arch \ +%if "%{stage1}" != "1" + --with-selinux \ +%endif + --disable-makeinstall-chown \ + --disable-rpath + +%make CC="%{_target_platform}-gcc -std=gnu99" + +# build nologin +%{_target_platform}-gcc %{optflags} -o nologin nologin.c + +%install +[ "%{buildroot}" != / ] && rm -rf %{buildroot} +#install -d %{buildroot}/var/lib/hwclock +%makeinstall + +# note: versions <=2.12 use path "%{_datadir}/misc/getopt/*" +install -d %{buildroot}%{_datadir}/misc/getopt/ +#mv %{buildroot}%{_datadir}/getopt/* \ +# %{buildroot}%{_datadir}/misc/getopt/ + +## note: do not install tcsh scripts to avoid dependencies on tcsh +#rm %{buildroot}%{_datadir}/misc/getopt/getopt-parse.tcsh + +# fix some wrong paths +install -d %{buildroot}/sbin +for f in addpart delpart partx; do + mv %{buildroot}%{_sbindir}/$f %{buildroot}/sbin/$f +done +install -d %{buildroot}/bin +%if %{build_raw} +mv %{buildroot}/sbin/raw %{buildroot}/bin/raw +install -D -m644 %{S:3} %{buildroot}%{_sysconfdir}/udev/rules.d/60-raw.rules +%endif +mv %{buildroot}%{_bindir}/taskset %{buildroot}/bin/taskset + +# install nologin +install -D -m 755 nologin %{buildroot}/sbin/nologin +install -D -m 644 %{S:2} %{buildroot}%{_mandir}/man8/nologin.8 + +%if %{build_raw} +echo '.so man8/raw.8' > %{buildroot}%{_mandir}/man8/rawdevices.8 +%endif + +%find_lang %{name} + +# remove unpackaged files +rm %{buildroot}/sbin/fsck.minix +rm %{buildroot}/sbin/mkfs.{bfs,minix} + +install -d %{buildroot}/%{_localstatedir}/lib/libuuid +# clock.txt from uuidd is a ghost file +touch %{buildroot}%{_localstatedir}/lib/libuuid/clock.txt + +# install su and login pam files +install -D -m 0644 %{S:4} %{buildroot}%{_sysconfdir}/pam.d/su +install -D -m 0644 %{S:5} %{buildroot}%{_sysconfdir}/pam.d/login +install -D -m 0644 %{S:6} %{buildroot}%{_sysconfdir}/pam.d/su-l +install -D -m 0644 %{S:7} %{buildroot}%{_sysconfdir}/login.access +install -D -m 0644 %{S:8} %{buildroot}%{_sysconfdir}/login.defs +install -D -m 0644 %{S:9} %{buildroot}%{_sysconfdir}/pam.d/runuser +install -D -m 0644 %{S:10} %{buildroot}%{_sysconfdir}/pam.d/runuser-l +install -D -m 0644 %{S:11} %{buildroot}%{_sysconfdir}/pam.d/remote + +# socket directory (see systemd file) +install -d %{buildroot}%{_localstatedir}/uuid + +%clean +[ "%{buildroot}" != / ] && rm -rf %{buildroot} + +%pre +/usr/sbin/groupadd -g %{uuidd_groupid} uuidd 2>/dev/null +/usr/sbin/useradd -u %{uuidd_userid} -g uuidd \ + -d /var/lib/libuuid -s /bin/false -c "UUID generator helper daemon" uuidd 2>/dev/null +exit 0 + +%post -n libblkid -p /sbin/ldconfig +%postun -n libblkid -p /sbin/ldconfig + +%post -n libmount -p /sbin/ldconfig +%postun -n libmount -p /sbin/ldconfig + +%post -n libuuid -p /sbin/ldconfig +%postun -n libuuid -p /sbin/ldconfig + +%files -f %{name}.lang +%defattr(-,root,root) +%{_sysconfdir}/pam.d/login +%{_sysconfdir}/pam.d/remote +%{_sysconfdir}/pam.d/runuser +%{_sysconfdir}/pam.d/runuser-l +%{_sysconfdir}/pam.d/su +%{_sysconfdir}/pam.d/su-l +%config %{_sysconfdir}/login.access +%config %{_sysconfdir}/login.defs +#/bin/arch +/bin/dmesg +/bin/findmnt +/bin/lsblk +/bin/login +/bin/su +/bin/wdctl +/sbin/sulogin +/bin/more +/bin/mountpoint +%if %{build_raw} +/bin/raw +%config(noreplace) %{_sysconfdir}/udev/rules.d/60-raw.rules +%endif +/bin/taskset +%attr(4755,root,root) /bin/mount +%attr(4755,root,root) /bin/umount +/sbin/addpart +/sbin/agetty +/sbin/blkdiscard +/sbin/blkid +/sbin/blockdev +/sbin/cfdisk +/sbin/ctrlaltdel +/sbin/chcpu +/sbin/delpart +/sbin/fdisk +/sbin/findfs +/sbin/fsck +/sbin/fsck.cramfs +#/sbin/fsck.minix +/sbin/fstrim +/sbin/fsfreeze +/sbin/hwclock +/sbin/losetup +/sbin/mkfs +#/sbin/mkfs.bfs +/sbin/mkfs.cramfs +#/sbin/mkfs.minix +/sbin/mkswap +/sbin/nologin +/sbin/partx +/sbin/pivot_root +/sbin/runuser +/sbin/sfdisk +/sbin/swapoff +/sbin/swapon +/sbin/swaplabel +/sbin/switch_root +/sbin/wipefs +%{_bindir}/cal +%{_bindir}/chrt +%{_bindir}/col +%{_bindir}/colcrt +%{_bindir}/colrm +%{_bindir}/column +%{_bindir}/cytune +#%{_bindir}/ddate +#%{_bindir}/fdformat +%{_bindir}/eject +%{_bindir}/fallocate +%{_bindir}/flock +%{_bindir}/getopt +%{_bindir}/hexdump +%ifarch i586 x86_64 +%{_bindir}/i386 +%endif +%ifarch x86_64 +%{_bindir}/x86_64 +%endif +%ifarch ppc +%{_bindir}/ppc* +%endif +%{_bindir}/ionice +%{_bindir}/ipcrm +%{_bindir}/ipcs +%{_bindir}/ipcmk +%{_bindir}/isosize +%{_bindir}/last +%{_bindir}/lastb +#%{_bindir}/line +%{_bindir}/linux32 +%{_bindir}/linux64 +%{_bindir}/logger +%{_bindir}/look +%{_bindir}/lscpu +%{_bindir}/lslocks +%{_bindir}/mcookie +%{_bindir}/mesg +%{_bindir}/namei +%{_bindir}/nsenter +%{_bindir}/setpriv +%{_bindir}/pg +%{_bindir}/prlimit +%{_bindir}/rename +%{_bindir}/renice +%{_bindir}/rev +%{_bindir}/script +%{_bindir}/scriptreplay +%{_bindir}/setarch +%{_bindir}/setsid +%{_bindir}/setterm +%{_bindir}/tailf +%{_bindir}/ul +%{_bindir}/unshare +%{_bindir}/utmpdump +%{_bindir}/uuidgen +%{_bindir}/wall +%{_bindir}/whereis +%{_bindir}/write +%{_sbindir}/fdformat +%{_sbindir}/ldattach +#%{_sbindir}/ramsize +#%{_sbindir}/rdev +%{_sbindir}/readprofile +%{_sbindir}/resizepart +#%{_sbindir}/rootflags +%{_sbindir}/rtcwake +#%{_sbindir}/tunelp +%{_sbindir}/uuidd +#%{_sbindir}/vidmode +/lib/systemd/system/uuidd.service +/lib/systemd/system/uuidd.socket +#%{_infodir}/ipc.info.* +%{_datadir}/bash-completion/completions/* +%dir %{_localstatedir}/uuid +%dir %{_localstatedir}/lib/libuuid +%ghost %{_localstatedir}/lib/libuuid/clock.txt +%{_mandir}/man1/* +%{_mandir}/man5/fstab.* +%{_mandir}/man8/* +#%lang(ru) %{_mandir}/ru/man1/ddate.* +#%dir /var/lib/hwclock +%dir %{_docdir}/util-linux/getopt +%{_docdir}/util-linux/getopt/getopt-parse.bash +%{_docdir}/util-linux/getopt/getopt-parse.tcsh +%doc AUTHORS README.licensing + +%files -n libblkid +%defattr(-,root,root) +/%{_lib}/libblkid.so.* + +%files -n libblkid-devel +%defattr(-,root,root) +%{_includedir}/blkid/blkid.h +/%{_libdir}/libblkid.a +/%{_libdir}/libblkid.la +/%{_libdir}/libblkid.so +%{_libdir}/pkgconfig/blkid.pc +%{_mandir}/man3/libblkid.* +%doc NEWS README + +%files -n libmount +%defattr(-,root,root) +/%{_lib}/libmount.so.* + +%files -n libmount-devel +%defattr(-,root,root) +%{_includedir}/libmount/libmount.h +/%{_libdir}/libmount.a +/%{_libdir}/libmount.la +/%{_libdir}/libmount.so +%{_libdir}/pkgconfig/mount.pc + +%files -n libuuid +%defattr(-,root,root) +/%{_lib}/libuuid.so.* + +%files -n libuuid-devel +%defattr(-,root,root) +#%{_bindir}/chkdupexe +%{_includedir}/uuid/uuid.h +/%{_libdir}/libuuid.a +/%{_libdir}/libuuid.la +/%{_libdir}/libuuid.so +%{_libdir}/pkgconfig/uuid.pc +%{_mandir}/man3/uuid*.* + +%changelog +* Tue May 06 2014 Silvan Calarco 2.24.2-2mamba +- provide pam files for runuser, runuser-l and remote (login) + +* Thu Apr 24 2014 Automatic Build System 2.24.2-1mamba +- automatic version update by autodist + +* Tue Jan 21 2014 Automatic Build System 2.24.1-1mamba +- automatic version update by autodist + +* Sun Oct 27 2013 Automatic Build System 2.24-1mamba +- automatic version update by autodist + +* Wed Jul 31 2013 Automatic Build System 2.23.2-1mamba +- automatic version update by autodist + +* Thu Jun 27 2013 Silvan Calarco 2.23.1-2mamba +- add %{_localstatedir}/uuid dir required by uuidd.socket + +* Tue May 28 2013 Automatic Build System 2.23.1-1mamba +- automatic version update by autodist + +* Mon Apr 29 2013 Automatic Build System 2.23-1mamba +- automatic version update by autodist + +* Thu Dec 13 2012 Automatic Build System 2.22.2-1mamba +- automatic version update by autodist + +* Thu Oct 11 2012 Automatic Build System 2.22.1-1mamba +- automatic version update by autodist + +* Sat Sep 15 2012 Silvan Calarco 2.22-4mamba +- install /etc/login.defs and /etc/login.access taken from shadow + +* Wed Sep 12 2012 Silvan Calarco 2.22-3mamba +- install su-l pam file required by su + +* Sun Sep 09 2012 Silvan Calarco 2.22-2mamba +- obsolete eject +- added pam file for login (moved from shadow-common) + +* Sat Sep 08 2012 Automatic Build System 2.22-1mamba +- automatic version update by autodist + +* Fri May 25 2012 Automatic Build System 2.21.2-1mamba +- automatic version update by autodist + +* Mon Apr 02 2012 Automatic Build System 2.21.1-1mamba +- automatic version update by autodist + +* Sat Mar 24 2012 Automatic Build System 2.21-1mamba +- update to 2.21 + +* Sat Jan 28 2012 Davide Madrisan 2.20-3mamba +- move libraries to /lib because they are used by binaries located in /bin and /sbin + +* Sat Oct 22 2011 Silvan Calarco 2.20-2mamba +- enable maintained wall and remove from sysvinit + +* Fri Oct 21 2011 Automatic Build System 2.20-1mamba +- automatic version update by autodist + +* Fri May 13 2011 Automatic Build System 2.19.1-1mamba +- automatic update by autodist + +* Sat Feb 12 2011 Silvan Calarco 2.19-1mamba +- update to 2.19 +- upstream renamed back to util-linux from util-linux-ng + +* Wed Dec 01 2010 Silvan Calarco 2.18-2mamba +- move chkdupexe to devel package to remove whole package dependency on perl + +* Thu Jul 01 2010 Automatic Build System 2.18-1mamba +- automatic update to 2.18 by autodist + +* Mon Mar 29 2010 Automatic Build System 2.17.2-1mamba +- automatic update to 2.17.2 by autodist + +* Mon Feb 22 2010 Automatic Build System 2.17.1-1mamba +- automatic update to 2.17.1 by autodist + +* Wed Jan 27 2010 Automatic Build System 2.17-1mamba +- automatic update to 2.17 by autodist + +* Tue Dec 01 2009 Automatic Build System 2.16.2-1mamba +- automatic update to 2.16.2 by autodist + +* Mon Sep 07 2009 Automatic Build System 2.16.1-1mamba +- automatic update to 2.16.1 by autodist + +* Sun Jul 26 2009 Silvan Calarco 2.16-2mamba +- uuidd: port pre script from e2fsprogs and obsolete uuidd package + +* Sat Jul 25 2009 Automatic Build System 2.16-1mamba +- automatic update to 2.16 by autodist + +* Sat Jun 13 2009 Automatic Build System 2.15.1-1mamba +- automatic update to 2.15.1 by autodist + +* Wed May 20 2009 Silvan Calarco 2.15-3mamba +- blkid: added patch to detect reiserfs with name 'reiserfs' instead of 'reiser' + +* Mon May 18 2009 Silvan Calarco 2.15-2mamba +- rebuilt with internal libblkid; added library packages + +* Wed May 06 2009 Automatic Build System 2.15-1mamba +- automatic update to 2.15 by autodist + +* Mon Feb 09 2009 Silvan Calarco 2.14.2-1mamba +- automatic update by autodist + +* Thu Sep 11 2008 Silvan Calarco 2.14.1-1mamba +- automatic update to 2.14.1 by autodist + +* Tue Jun 10 2008 Aleph0 2.14-1mamba +- update to 2.14 (also fixes CVE-2008-1926) +- add missing build requirement: libsepol-devel +- fdformat: install to /usr/sbin instead to /usr/bin + +* Wed Apr 30 2008 Aleph0 2.13.1.1-1mamba +- update to 2.13.1.1 (also fixes CVE-2007-3102) + +* Sat Feb 23 2008 Silvan Calarco 2.13.1-2mamba +- fix installation of udev raw rules file + +* Thu Jan 17 2008 Aleph0 2.13.1-1mamba +- update to 2.13.1 +- package renamed to util-linux-ng +- fixes CVE-2007-5191, CVE-2007-0822, CVE-2006-7108 +- enable build of the arch tool (superseeded our patch) +- enable support for selinux +- conditionally build the deprecated tool /bin/raw + +* Sat Jul 07 2007 Silvan Calarco 2.13-4mamba +- nfs.5 man entry renamed to fstab-nfs.5 + +* Mon Apr 02 2007 Aleph0 2.13pre7-3mamba +- security fix against CVE-2007-0822 + +* Thu Feb 01 2007 Aleph0 2.13pre7-2qilnx +- removed minix and sco (mkfs.bfs) filesystems stuff + +* Wed Jan 24 2007 Aleph0 2.13pre7-1qilnx +- update to version 2.13pre7 by autospec +- added nologin binary and manpage +- disable elvtune: only works with 2.2 and 2.4 kernels + +* Mon Sep 26 2005 Davide Madrisan 2.12r-1qilnx +- update to version 2.12r by autospec +- patch for QSA-2005-107 removed (merged upstream) + +* Tue Sep 20 2005 Davide Madrisan 2.12q-3qilnx +- specfile fixes: use %%find_lang, install/uninstall info pages +- security fix: QSA-2005-107 (CAN-2005-2876) + +* Fri Sep 09 2005 Silvan Calarco 2.12q-2qilnx +- added cross-platform build options + +* Mon Sep 05 2005 Silvan Calarco 2.12q-1qilnx +- update to version 2.12q by autospec +- add cross-build support +- give system default build options + +* Thu Aug 26 2004 Davide Madrisan 2.12b-1qilnx +- update to version 2.12b by autospec + +* Tue Jul 27 2004 Davide Madrisan 2.12a-1qilnx +- version update +- %%install: forced USE_TTY_GROUP=no for the 'wall' and 'write' tools + +* Mon Mar 01 2004 Davide Madrisan 2.12-1qilnx +- new version rebuild + +* Sat Nov 30 2003 Davide Madrisan 2.11z-3qilnx +- specfile updates + +* Tue Apr 22 2003 Silvan Calarco 2.11z-2qilnx +- removed tcsh scripts to avoid a tcsh dependance +- added directory /var/lib/hwclock +- removed build of kill because it's in procps package + +* Wed Apr 09 2003 Luca Tinelli 2.11z-1qilnx +- first build