| 1 | # |
| 2 | # For a description of the syntax of this configuration file, |
| 3 | # see scripts/kbuild/config-language.txt. |
| 4 | # |
| 5 | |
| 6 | menu "Login/Password Management Utilities" |
| 7 | |
| 8 | config BUSYBOX_CONFIG_ADD_SHELL |
| 9 | bool "add-shell" |
| 10 | default n if BUSYBOX_CONFIG_DESKTOP |
| 11 | help |
| 12 | Add shells to /etc/shells. |
| 13 | |
| 14 | config BUSYBOX_CONFIG_REMOVE_SHELL |
| 15 | bool "remove-shell" |
| 16 | default n if BUSYBOX_CONFIG_DESKTOP |
| 17 | help |
| 18 | Remove shells from /etc/shells. |
| 19 | |
| 20 | config BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS |
| 21 | bool "Support for shadow passwords" |
| 22 | default n |
| 23 | help |
| 24 | Build support for shadow password in /etc/shadow. This file is only |
| 25 | readable by root and thus the encrypted passwords are no longer |
| 26 | publicly readable. |
| 27 | |
| 28 | config BUSYBOX_CONFIG_USE_BB_PWD_GRP |
| 29 | bool "Use internal password and group functions rather than system functions" |
| 30 | default n |
| 31 | help |
| 32 | If you leave this disabled, busybox will use the system's password |
| 33 | and group functions. And if you are using the GNU C library |
| 34 | (glibc), you will then need to install the /etc/nsswitch.conf |
| 35 | configuration file and the required /lib/libnss_* libraries in |
| 36 | order for the password and group functions to work. This generally |
| 37 | makes your embedded system quite a bit larger. |
| 38 | |
| 39 | Enabling this option will cause busybox to directly access the |
| 40 | system's /etc/password, /etc/group files (and your system will be |
| 41 | smaller, and I will get fewer emails asking about how glibc NSS |
| 42 | works). When this option is enabled, you will not be able to use |
| 43 | PAM to access remote LDAP password servers and whatnot. And if you |
| 44 | want hostname resolution to work with glibc, you still need the |
| 45 | /lib/libnss_* libraries. |
| 46 | |
| 47 | If you need to use glibc's nsswitch.conf mechanism |
| 48 | (e.g. if user/group database is NOT stored in /etc/passwd etc), |
| 49 | you must NOT use this option. |
| 50 | |
| 51 | If you enable this option, it will add about 1.5k. |
| 52 | |
| 53 | config BUSYBOX_CONFIG_USE_BB_SHADOW |
| 54 | bool "Use internal shadow password functions" |
| 55 | default n |
| 56 | depends on BUSYBOX_CONFIG_USE_BB_PWD_GRP && BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS |
| 57 | help |
| 58 | If you leave this disabled, busybox will use the system's shadow |
| 59 | password handling functions. And if you are using the GNU C library |
| 60 | (glibc), you will then need to install the /etc/nsswitch.conf |
| 61 | configuration file and the required /lib/libnss_* libraries in |
| 62 | order for the shadow password functions to work. This generally |
| 63 | makes your embedded system quite a bit larger. |
| 64 | |
| 65 | Enabling this option will cause busybox to directly access the |
| 66 | system's /etc/shadow file when handling shadow passwords. This |
| 67 | makes your system smaller (and I will get fewer emails asking about |
| 68 | how glibc NSS works). When this option is enabled, you will not be |
| 69 | able to use PAM to access shadow passwords from remote LDAP |
| 70 | password servers and whatnot. |
| 71 | |
| 72 | config BUSYBOX_CONFIG_USE_BB_CRYPT |
| 73 | bool "Use internal crypt functions" |
| 74 | default n |
| 75 | help |
| 76 | Busybox has internal DES and MD5 crypt functions. |
| 77 | They produce results which are identical to corresponding |
| 78 | standard C library functions. |
| 79 | |
| 80 | If you leave this disabled, busybox will use the system's |
| 81 | crypt functions. Most C libraries use large (~70k) |
| 82 | static buffers there, and also combine them with more general |
| 83 | DES encryption/decryption. |
| 84 | |
| 85 | For busybox, having large static buffers is undesirable, |
| 86 | especially on NOMMU machines. Busybox also doesn't need |
| 87 | DES encryption/decryption and can do with smaller code. |
| 88 | |
| 89 | If you enable this option, it will add about 4.8k of code |
| 90 | if you are building dynamically linked executable. |
| 91 | In static build, it makes code _smaller_ by about 1.2k, |
| 92 | and likely many kilobytes less of bss. |
| 93 | |
| 94 | config BUSYBOX_CONFIG_USE_BB_CRYPT_SHA |
| 95 | bool "Enable SHA256/512 crypt functions" |
| 96 | default n |
| 97 | depends on BUSYBOX_CONFIG_USE_BB_CRYPT |
| 98 | help |
| 99 | Enable this if you have passwords starting with "$5$" or "$6$" |
| 100 | in your /etc/passwd or /etc/shadow files. These passwords |
| 101 | are hashed using SHA256 and SHA512 algorithms. Support for them |
| 102 | was added to glibc in 2008. |
| 103 | With this option off, login will fail password check for any |
| 104 | user which has password encrypted with these algorithms. |
| 105 | |
| 106 | config BUSYBOX_CONFIG_ADDUSER |
| 107 | bool "adduser" |
| 108 | default n |
| 109 | help |
| 110 | Utility for creating a new user account. |
| 111 | |
| 112 | config BUSYBOX_CONFIG_FEATURE_ADDUSER_LONG_OPTIONS |
| 113 | bool "Enable long options" |
| 114 | default n |
| 115 | depends on BUSYBOX_CONFIG_ADDUSER && BUSYBOX_CONFIG_LONG_OPTS |
| 116 | help |
| 117 | Support long options for the adduser applet. |
| 118 | |
| 119 | config BUSYBOX_CONFIG_FEATURE_CHECK_NAMES |
| 120 | bool "Enable sanity check on user/group names in adduser and addgroup" |
| 121 | default n |
| 122 | depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP |
| 123 | help |
| 124 | Enable sanity check on user and group names in adduser and addgroup. |
| 125 | To avoid problems, the user or group name should consist only of |
| 126 | letters, digits, underscores, periods, at signs and dashes, |
| 127 | and not start with a dash (as defined by IEEE Std 1003.1-2001). |
| 128 | For compatibility with Samba machine accounts "$" is also supported |
| 129 | at the end of the user or group name. |
| 130 | |
| 131 | config BUSYBOX_CONFIG_FIRST_SYSTEM_ID |
| 132 | int "First valid system uid or gid for adduser and addgroup" |
| 133 | depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP |
| 134 | range 0 64900 |
| 135 | default 100 |
| 136 | help |
| 137 | First valid system uid or gid for adduser and addgroup |
| 138 | |
| 139 | config BUSYBOX_CONFIG_LAST_SYSTEM_ID |
| 140 | int "Last valid system uid or gid for adduser and addgroup" |
| 141 | depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP |
| 142 | range 0 64900 |
| 143 | default 999 |
| 144 | help |
| 145 | Last valid system uid or gid for adduser and addgroup |
| 146 | |
| 147 | config BUSYBOX_CONFIG_ADDGROUP |
| 148 | bool "addgroup" |
| 149 | default n |
| 150 | help |
| 151 | Utility for creating a new group account. |
| 152 | |
| 153 | config BUSYBOX_CONFIG_FEATURE_ADDGROUP_LONG_OPTIONS |
| 154 | bool "Enable long options" |
| 155 | default n |
| 156 | depends on BUSYBOX_CONFIG_ADDGROUP && BUSYBOX_CONFIG_LONG_OPTS |
| 157 | help |
| 158 | Support long options for the addgroup applet. |
| 159 | |
| 160 | config BUSYBOX_CONFIG_FEATURE_ADDUSER_TO_GROUP |
| 161 | bool "Support for adding users to groups" |
| 162 | default n |
| 163 | depends on BUSYBOX_CONFIG_ADDGROUP |
| 164 | help |
| 165 | If called with two non-option arguments, |
| 166 | addgroup will add an existing user to an |
| 167 | existing group. |
| 168 | |
| 169 | config BUSYBOX_CONFIG_DELUSER |
| 170 | bool "deluser" |
| 171 | default n |
| 172 | help |
| 173 | Utility for deleting a user account. |
| 174 | |
| 175 | config BUSYBOX_CONFIG_DELGROUP |
| 176 | bool "delgroup" |
| 177 | default n |
| 178 | help |
| 179 | Utility for deleting a group account. |
| 180 | |
| 181 | config BUSYBOX_CONFIG_FEATURE_DEL_USER_FROM_GROUP |
| 182 | bool "Support for removing users from groups" |
| 183 | default n |
| 184 | depends on BUSYBOX_CONFIG_DELGROUP |
| 185 | help |
| 186 | If called with two non-option arguments, deluser |
| 187 | or delgroup will remove an user from a specified group. |
| 188 | |
| 189 | config BUSYBOX_CONFIG_GETTY |
| 190 | bool "getty" |
| 191 | default n |
| 192 | select BUSYBOX_CONFIG_FEATURE_SYSLOG |
| 193 | help |
| 194 | getty lets you log in on a tty, it is normally invoked by init. |
| 195 | |
| 196 | config BUSYBOX_CONFIG_LOGIN |
| 197 | bool "login" |
| 198 | default n |
| 199 | select BUSYBOX_CONFIG_FEATURE_SYSLOG |
| 200 | help |
| 201 | login is used when signing onto a system. |
| 202 | |
| 203 | Note that Busybox binary must be setuid root for this applet to |
| 204 | work properly. |
| 205 | |
| 206 | config BUSYBOX_CONFIG_PAM |
| 207 | bool "Support for PAM (Pluggable Authentication Modules)" |
| 208 | default n |
| 209 | depends on BUSYBOX_CONFIG_LOGIN |
| 210 | help |
| 211 | Use PAM in login(1) instead of direct access to password database. |
| 212 | |
| 213 | config BUSYBOX_CONFIG_LOGIN_SCRIPTS |
| 214 | bool "Support for login scripts" |
| 215 | depends on BUSYBOX_CONFIG_LOGIN |
| 216 | default n |
| 217 | help |
| 218 | Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT |
| 219 | just prior to switching from root to logged-in user. |
| 220 | |
| 221 | config BUSYBOX_CONFIG_FEATURE_NOLOGIN |
| 222 | bool "Support for /etc/nologin" |
| 223 | default n |
| 224 | depends on BUSYBOX_CONFIG_LOGIN |
| 225 | help |
| 226 | The file /etc/nologin is used by (some versions of) login(1). |
| 227 | If it exists, non-root logins are prohibited. |
| 228 | |
| 229 | config BUSYBOX_CONFIG_FEATURE_SECURETTY |
| 230 | bool "Support for /etc/securetty" |
| 231 | default n |
| 232 | depends on BUSYBOX_CONFIG_LOGIN |
| 233 | help |
| 234 | The file /etc/securetty is used by (some versions of) login(1). |
| 235 | The file contains the device names of tty lines (one per line, |
| 236 | without leading /dev/) on which root is allowed to login. |
| 237 | |
| 238 | config BUSYBOX_CONFIG_PASSWD |
| 239 | bool "passwd" |
| 240 | default y |
| 241 | select BUSYBOX_CONFIG_FEATURE_SYSLOG |
| 242 | help |
| 243 | passwd changes passwords for user and group accounts. A normal user |
| 244 | may only change the password for his/her own account, the super user |
| 245 | may change the password for any account. The administrator of a group |
| 246 | may change the password for the group. |
| 247 | |
| 248 | Note that Busybox binary must be setuid root for this applet to |
| 249 | work properly. |
| 250 | |
| 251 | config BUSYBOX_CONFIG_FEATURE_PASSWD_WEAK_CHECK |
| 252 | bool "Check new passwords for weakness" |
| 253 | default y |
| 254 | depends on BUSYBOX_CONFIG_PASSWD |
| 255 | help |
| 256 | With this option passwd will refuse new passwords which are "weak". |
| 257 | |
| 258 | config BUSYBOX_CONFIG_CRYPTPW |
| 259 | bool "cryptpw" |
| 260 | default n |
| 261 | help |
| 262 | Encrypts the given password with the crypt(3) libc function |
| 263 | using the given salt. Debian has this utility under mkpasswd |
| 264 | name. Busybox provides mkpasswd as an alias for cryptpw. |
| 265 | |
| 266 | config BUSYBOX_CONFIG_CHPASSWD |
| 267 | bool "chpasswd" |
| 268 | default n |
| 269 | help |
| 270 | Reads a file of user name and password pairs from standard input |
| 271 | and uses this information to update a group of existing users. |
| 272 | |
| 273 | config BUSYBOX_CONFIG_SU |
| 274 | bool "su" |
| 275 | default n |
| 276 | select BUSYBOX_CONFIG_FEATURE_SYSLOG |
| 277 | help |
| 278 | su is used to become another user during a login session. |
| 279 | Invoked without a username, su defaults to becoming the super user. |
| 280 | |
| 281 | Note that Busybox binary must be setuid root for this applet to |
| 282 | work properly. |
| 283 | |
| 284 | config BUSYBOX_CONFIG_FEATURE_SU_SYSLOG |
| 285 | bool "Enable su to write to syslog" |
| 286 | default n |
| 287 | depends on BUSYBOX_CONFIG_SU |
| 288 | |
| 289 | config BUSYBOX_CONFIG_FEATURE_SU_CHECKS_SHELLS |
| 290 | bool "Enable su to check user's shell to be listed in /etc/shells" |
| 291 | depends on BUSYBOX_CONFIG_SU |
| 292 | default n |
| 293 | |
| 294 | config BUSYBOX_CONFIG_SULOGIN |
| 295 | bool "sulogin" |
| 296 | default n |
| 297 | select BUSYBOX_CONFIG_FEATURE_SYSLOG |
| 298 | help |
| 299 | sulogin is invoked when the system goes into single user |
| 300 | mode (this is done through an entry in inittab). |
| 301 | |
| 302 | config BUSYBOX_CONFIG_VLOCK |
| 303 | bool "vlock" |
| 304 | default n |
| 305 | help |
| 306 | Build the "vlock" applet which allows you to lock (virtual) terminals. |
| 307 | |
| 308 | Note that Busybox binary must be setuid root for this applet to |
| 309 | work properly. |
| 310 | |
| 311 | endmenu |
| 312 | |
