| 1 | # DO NOT EDIT. This file is generated from Config.src |
| 2 | # |
| 3 | # For a description of the syntax of this configuration file, |
| 4 | # see scripts/kbuild/config-language.txt. |
| 5 | # |
| 6 | |
| 7 | menu "Login/Password Management Utilities" |
| 8 | |
| 9 | config BUSYBOX_CONFIG_ADD_SHELL |
| 10 | bool "add-shell" |
| 11 | default n if BUSYBOX_CONFIG_DESKTOP |
| 12 | help |
| 13 | Add shells to /etc/shells. |
| 14 | |
| 15 | config BUSYBOX_CONFIG_REMOVE_SHELL |
| 16 | bool "remove-shell" |
| 17 | default n if BUSYBOX_CONFIG_DESKTOP |
| 18 | help |
| 19 | Remove shells from /etc/shells. |
| 20 | |
| 21 | config BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS |
| 22 | bool "Support for shadow passwords" |
| 23 | default y |
| 24 | help |
| 25 | Build support for shadow password in /etc/shadow. This file is only |
| 26 | readable by root and thus the encrypted passwords are no longer |
| 27 | publicly readable. |
| 28 | |
| 29 | config BUSYBOX_CONFIG_USE_BB_PWD_GRP |
| 30 | bool "Use internal password and group functions rather than system functions" |
| 31 | default n |
| 32 | help |
| 33 | If you leave this disabled, busybox will use the system's password |
| 34 | and group functions. And if you are using the GNU C library |
| 35 | (glibc), you will then need to install the /etc/nsswitch.conf |
| 36 | configuration file and the required /lib/libnss_* libraries in |
| 37 | order for the password and group functions to work. This generally |
| 38 | makes your embedded system quite a bit larger. |
| 39 | |
| 40 | Enabling this option will cause busybox to directly access the |
| 41 | system's /etc/password, /etc/group files (and your system will be |
| 42 | smaller, and I will get fewer emails asking about how glibc NSS |
| 43 | works). When this option is enabled, you will not be able to use |
| 44 | PAM to access remote LDAP password servers and whatnot. And if you |
| 45 | want hostname resolution to work with glibc, you still need the |
| 46 | /lib/libnss_* libraries. |
| 47 | |
| 48 | If you need to use glibc's nsswitch.conf mechanism |
| 49 | (e.g. if user/group database is NOT stored in /etc/passwd etc), |
| 50 | you must NOT use this option. |
| 51 | |
| 52 | If you enable this option, it will add about 1.5k. |
| 53 | |
| 54 | config BUSYBOX_CONFIG_USE_BB_SHADOW |
| 55 | bool "Use internal shadow password functions" |
| 56 | default n |
| 57 | depends on BUSYBOX_CONFIG_USE_BB_PWD_GRP && BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS |
| 58 | help |
| 59 | If you leave this disabled, busybox will use the system's shadow |
| 60 | password handling functions. And if you are using the GNU C library |
| 61 | (glibc), you will then need to install the /etc/nsswitch.conf |
| 62 | configuration file and the required /lib/libnss_* libraries in |
| 63 | order for the shadow password functions to work. This generally |
| 64 | makes your embedded system quite a bit larger. |
| 65 | |
| 66 | Enabling this option will cause busybox to directly access the |
| 67 | system's /etc/shadow file when handling shadow passwords. This |
| 68 | makes your system smaller (and I will get fewer emails asking about |
| 69 | how glibc NSS works). When this option is enabled, you will not be |
| 70 | able to use PAM to access shadow passwords from remote LDAP |
| 71 | password servers and whatnot. |
| 72 | |
| 73 | config BUSYBOX_CONFIG_USE_BB_CRYPT |
| 74 | bool "Use internal crypt functions" |
| 75 | default n |
| 76 | help |
| 77 | Busybox has internal DES and MD5 crypt functions. |
| 78 | They produce results which are identical to corresponding |
| 79 | standard C library functions. |
| 80 | |
| 81 | If you leave this disabled, busybox will use the system's |
| 82 | crypt functions. Most C libraries use large (~70k) |
| 83 | static buffers there, and also combine them with more general |
| 84 | DES encryption/decryption. |
| 85 | |
| 86 | For busybox, having large static buffers is undesirable, |
| 87 | especially on NOMMU machines. Busybox also doesn't need |
| 88 | DES encryption/decryption and can do with smaller code. |
| 89 | |
| 90 | If you enable this option, it will add about 4.8k of code |
| 91 | if you are building dynamically linked executable. |
| 92 | In static build, it makes code _smaller_ by about 1.2k, |
| 93 | and likely many kilobytes less of bss. |
| 94 | |
| 95 | config BUSYBOX_CONFIG_USE_BB_CRYPT_SHA |
| 96 | bool "Enable SHA256/512 crypt functions" |
| 97 | default n |
| 98 | depends on BUSYBOX_CONFIG_USE_BB_CRYPT |
| 99 | help |
| 100 | Enable this if you have passwords starting with "$5$" or "$6$" |
| 101 | in your /etc/passwd or /etc/shadow files. These passwords |
| 102 | are hashed using SHA256 and SHA512 algorithms. Support for them |
| 103 | was added to glibc in 2008. |
| 104 | With this option off, login will fail password check for any |
| 105 | user which has password encrypted with these algorithms. |
| 106 | |
| 107 | config BUSYBOX_CONFIG_ADDUSER |
| 108 | bool "adduser" |
| 109 | default n |
| 110 | help |
| 111 | Utility for creating a new user account. |
| 112 | |
| 113 | config BUSYBOX_CONFIG_FEATURE_ADDUSER_LONG_OPTIONS |
| 114 | bool "Enable long options" |
| 115 | default n |
| 116 | depends on BUSYBOX_CONFIG_ADDUSER && BUSYBOX_CONFIG_LONG_OPTS |
| 117 | help |
| 118 | Support long options for the adduser applet. |
| 119 | |
| 120 | config BUSYBOX_CONFIG_FEATURE_CHECK_NAMES |
| 121 | bool "Enable sanity check on user/group names in adduser and addgroup" |
| 122 | default n |
| 123 | depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP |
| 124 | help |
| 125 | Enable sanity check on user and group names in adduser and addgroup. |
| 126 | To avoid problems, the user or group name should consist only of |
| 127 | letters, digits, underscores, periods, at signs and dashes, |
| 128 | and not start with a dash (as defined by IEEE Std 1003.1-2001). |
| 129 | For compatibility with Samba machine accounts "$" is also supported |
| 130 | at the end of the user or group name. |
| 131 | |
| 132 | config BUSYBOX_CONFIG_FIRST_SYSTEM_ID |
| 133 | int "First valid system uid or gid for adduser and addgroup" |
| 134 | depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP |
| 135 | range 0 64900 |
| 136 | default 100 |
| 137 | help |
| 138 | First valid system uid or gid for adduser and addgroup |
| 139 | |
| 140 | config BUSYBOX_CONFIG_LAST_SYSTEM_ID |
| 141 | int "Last valid system uid or gid for adduser and addgroup" |
| 142 | depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP |
| 143 | range 0 64900 |
| 144 | default 999 |
| 145 | help |
| 146 | Last valid system uid or gid for adduser and addgroup |
| 147 | |
| 148 | config BUSYBOX_CONFIG_ADDGROUP |
| 149 | bool "addgroup" |
| 150 | default n |
| 151 | help |
| 152 | Utility for creating a new group account. |
| 153 | |
| 154 | config BUSYBOX_CONFIG_FEATURE_ADDGROUP_LONG_OPTIONS |
| 155 | bool "Enable long options" |
| 156 | default n |
| 157 | depends on BUSYBOX_CONFIG_ADDGROUP && BUSYBOX_CONFIG_LONG_OPTS |
| 158 | help |
| 159 | Support long options for the addgroup applet. |
| 160 | |
| 161 | config BUSYBOX_CONFIG_FEATURE_ADDUSER_TO_GROUP |
| 162 | bool "Support for adding users to groups" |
| 163 | default n |
| 164 | depends on BUSYBOX_CONFIG_ADDGROUP |
| 165 | help |
| 166 | If called with two non-option arguments, |
| 167 | addgroup will add an existing user to an |
| 168 | existing group. |
| 169 | |
| 170 | config BUSYBOX_CONFIG_DELUSER |
| 171 | bool "deluser" |
| 172 | default n |
| 173 | help |
| 174 | Utility for deleting a user account. |
| 175 | |
| 176 | config BUSYBOX_CONFIG_DELGROUP |
| 177 | bool "delgroup" |
| 178 | default n |
| 179 | help |
| 180 | Utility for deleting a group account. |
| 181 | |
| 182 | config BUSYBOX_CONFIG_FEATURE_DEL_USER_FROM_GROUP |
| 183 | bool "Support for removing users from groups" |
| 184 | default n |
| 185 | depends on BUSYBOX_CONFIG_DELGROUP |
| 186 | help |
| 187 | If called with two non-option arguments, deluser |
| 188 | or delgroup will remove an user from a specified group. |
| 189 | |
| 190 | config BUSYBOX_CONFIG_GETTY |
| 191 | bool "getty" |
| 192 | default n |
| 193 | select BUSYBOX_CONFIG_FEATURE_SYSLOG |
| 194 | help |
| 195 | getty lets you log in on a tty. It is normally invoked by init. |
| 196 | |
| 197 | Note that you can save a few bytes by disabling it and |
| 198 | using login applet directly. |
| 199 | If you need to reset tty attributes before calling login, |
| 200 | this script approximates getty: |
| 201 | |
| 202 | exec </dev/$1 >/dev/$1 2>&1 || exit 1 |
| 203 | reset |
| 204 | stty sane; stty ispeed 38400; stty ospeed 38400 |
| 205 | printf "%s login: " "`hostname`" |
| 206 | read -r login |
| 207 | exec /bin/login "$login" |
| 208 | |
| 209 | config BUSYBOX_CONFIG_LOGIN |
| 210 | bool "login" |
| 211 | default n |
| 212 | select BUSYBOX_CONFIG_FEATURE_SYSLOG |
| 213 | help |
| 214 | login is used when signing onto a system. |
| 215 | |
| 216 | Note that Busybox binary must be setuid root for this applet to |
| 217 | work properly. |
| 218 | |
| 219 | config BUSYBOX_CONFIG_PAM |
| 220 | bool "Support for PAM (Pluggable Authentication Modules)" |
| 221 | default n |
| 222 | depends on DEVEL |
| 223 | depends on BUSYBOX_CONFIG_LOGIN |
| 224 | help |
| 225 | Use PAM in login(1) instead of direct access to password database. |
| 226 | |
| 227 | OpenWrt specific: |
| 228 | You should install libpam from the packages feed and compile it |
| 229 | before trying to build busysbox. |
| 230 | |
| 231 | config BUSYBOX_CONFIG_LOGIN_SCRIPTS |
| 232 | bool "Support for login scripts" |
| 233 | depends on BUSYBOX_CONFIG_LOGIN |
| 234 | default n |
| 235 | help |
| 236 | Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT |
| 237 | just prior to switching from root to logged-in user. |
| 238 | |
| 239 | config BUSYBOX_CONFIG_FEATURE_NOLOGIN |
| 240 | bool "Support for /etc/nologin" |
| 241 | default n |
| 242 | depends on BUSYBOX_CONFIG_LOGIN |
| 243 | help |
| 244 | The file /etc/nologin is used by (some versions of) login(1). |
| 245 | If it exists, non-root logins are prohibited. |
| 246 | |
| 247 | config BUSYBOX_CONFIG_FEATURE_SECURETTY |
| 248 | bool "Support for /etc/securetty" |
| 249 | default n |
| 250 | depends on BUSYBOX_CONFIG_LOGIN |
| 251 | help |
| 252 | The file /etc/securetty is used by (some versions of) login(1). |
| 253 | The file contains the device names of tty lines (one per line, |
| 254 | without leading /dev/) on which root is allowed to login. |
| 255 | |
| 256 | config BUSYBOX_CONFIG_PASSWD |
| 257 | bool "passwd" |
| 258 | default y |
| 259 | select BUSYBOX_CONFIG_FEATURE_SYSLOG |
| 260 | help |
| 261 | passwd changes passwords for user and group accounts. A normal user |
| 262 | may only change the password for his/her own account, the super user |
| 263 | may change the password for any account. The administrator of a group |
| 264 | may change the password for the group. |
| 265 | |
| 266 | Note that Busybox binary must be setuid root for this applet to |
| 267 | work properly. |
| 268 | |
| 269 | config BUSYBOX_CONFIG_FEATURE_PASSWD_WEAK_CHECK |
| 270 | bool "Check new passwords for weakness" |
| 271 | default y |
| 272 | depends on BUSYBOX_CONFIG_PASSWD |
| 273 | help |
| 274 | With this option passwd will refuse new passwords which are "weak". |
| 275 | |
| 276 | config BUSYBOX_CONFIG_CRYPTPW |
| 277 | bool "cryptpw" |
| 278 | default n |
| 279 | help |
| 280 | Encrypts the given password with the crypt(3) libc function |
| 281 | using the given salt. Debian has this utility under mkpasswd |
| 282 | name. Busybox provides mkpasswd as an alias for cryptpw. |
| 283 | |
| 284 | config BUSYBOX_CONFIG_CHPASSWD |
| 285 | bool "chpasswd" |
| 286 | default n |
| 287 | help |
| 288 | Reads a file of user name and password pairs from standard input |
| 289 | and uses this information to update a group of existing users. |
| 290 | |
| 291 | config BUSYBOX_CONFIG_SU |
| 292 | bool "su" |
| 293 | default n |
| 294 | select BUSYBOX_CONFIG_FEATURE_SYSLOG |
| 295 | help |
| 296 | su is used to become another user during a login session. |
| 297 | Invoked without a username, su defaults to becoming the super user. |
| 298 | |
| 299 | Note that Busybox binary must be setuid root for this applet to |
| 300 | work properly. |
| 301 | |
| 302 | config BUSYBOX_CONFIG_FEATURE_SU_SYSLOG |
| 303 | bool "Enable su to write to syslog" |
| 304 | default n |
| 305 | depends on BUSYBOX_CONFIG_SU |
| 306 | |
| 307 | config BUSYBOX_CONFIG_FEATURE_SU_CHECKS_SHELLS |
| 308 | bool "Enable su to check user's shell to be listed in /etc/shells" |
| 309 | depends on BUSYBOX_CONFIG_SU |
| 310 | default n |
| 311 | |
| 312 | config BUSYBOX_CONFIG_SULOGIN |
| 313 | bool "sulogin" |
| 314 | default n |
| 315 | select BUSYBOX_CONFIG_FEATURE_SYSLOG |
| 316 | help |
| 317 | sulogin is invoked when the system goes into single user |
| 318 | mode (this is done through an entry in inittab). |
| 319 | |
| 320 | config BUSYBOX_CONFIG_VLOCK |
| 321 | bool "vlock" |
| 322 | default n |
| 323 | help |
| 324 | Build the "vlock" applet which allows you to lock (virtual) terminals. |
| 325 | |
| 326 | Note that Busybox binary must be setuid root for this applet to |
| 327 | work properly. |
| 328 | |
| 329 | endmenu |
| 330 | |
