Root/package/busybox/config/loginutils/Config.in

1#
2# For a description of the syntax of this configuration file,
3# see scripts/kbuild/config-language.txt.
4#
5
6menu "Login/Password Management Utilities"
7
8config BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS
9    bool "Support for shadow passwords"
10    default n
11    help
12      Build support for shadow password in /etc/shadow. This file is only
13      readable by root and thus the encrypted passwords are no longer
14      publicly readable.
15
16config BUSYBOX_CONFIG_USE_BB_PWD_GRP
17    bool "Use internal password and group functions rather than system functions"
18    default n
19    help
20      If you leave this disabled, busybox will use the system's password
21      and group functions. And if you are using the GNU C library
22      (glibc), you will then need to install the /etc/nsswitch.conf
23      configuration file and the required /lib/libnss_* libraries in
24      order for the password and group functions to work. This generally
25      makes your embedded system quite a bit larger.
26
27      Enabling this option will cause busybox to directly access the
28      system's /etc/password, /etc/group files (and your system will be
29      smaller, and I will get fewer emails asking about how glibc NSS
30      works). When this option is enabled, you will not be able to use
31      PAM to access remote LDAP password servers and whatnot. And if you
32      want hostname resolution to work with glibc, you still need the
33      /lib/libnss_* libraries.
34
35      If you need to use glibc's nsswitch.conf mechanism
36      (e.g. if user/group database is NOT stored in /etc/passwd etc),
37      you must NOT use this option.
38
39      If you enable this option, it will add about 1.5k.
40
41config BUSYBOX_CONFIG_USE_BB_SHADOW
42    bool "Use internal shadow password functions"
43    default n
44    depends on BUSYBOX_CONFIG_USE_BB_PWD_GRP && BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS
45    help
46      If you leave this disabled, busybox will use the system's shadow
47      password handling functions. And if you are using the GNU C library
48      (glibc), you will then need to install the /etc/nsswitch.conf
49      configuration file and the required /lib/libnss_* libraries in
50      order for the shadow password functions to work. This generally
51      makes your embedded system quite a bit larger.
52
53      Enabling this option will cause busybox to directly access the
54      system's /etc/shadow file when handling shadow passwords. This
55      makes your system smaller (and I will get fewer emails asking about
56      how glibc NSS works). When this option is enabled, you will not be
57      able to use PAM to access shadow passwords from remote LDAP
58      password servers and whatnot.
59
60config BUSYBOX_CONFIG_USE_BB_CRYPT
61    bool "Use internal crypt functions"
62    default n
63    help
64      Busybox has internal DES and MD5 crypt functions.
65      They produce results which are identical to corresponding
66      standard C library functions.
67
68      If you leave this disabled, busybox will use the system's
69      crypt functions. Most C libraries use large (~70k)
70      static buffers there, and also combine them with more general
71      DES encryption/decryption.
72
73      For busybox, having large static buffers is undesirable,
74      especially on NOMMU machines. Busybox also doesn't need
75      DES encryption/decryption and can do with smaller code.
76
77      If you enable this option, it will add about 4.8k of code
78      if you are building dynamically linked executable.
79      In static build, it makes code _smaller_ by about 1.2k,
80      and likely many kilobytes less of bss.
81
82config BUSYBOX_CONFIG_USE_BB_CRYPT_SHA
83    bool "Enable SHA256/512 crypt functions"
84    default n
85    depends on BUSYBOX_CONFIG_USE_BB_CRYPT
86    help
87      Enable this if you have passwords starting with "$5$" or "$6$"
88      in your /etc/passwd or /etc/shadow files. These passwords
89      are hashed using SHA256 and SHA512 algorithms. Support for them
90      was added to glibc in 2008.
91      With this option off, login will fail password check for any
92      user which has password encrypted with these algorithms.
93
94config BUSYBOX_CONFIG_ADDGROUP
95    bool "addgroup"
96    default n
97    help
98      Utility for creating a new group account.
99
100config BUSYBOX_CONFIG_FEATURE_ADDGROUP_LONG_OPTIONS
101    bool "Enable long options"
102    default n
103    depends on BUSYBOX_CONFIG_ADDGROUP && BUSYBOX_CONFIG_LONG_OPTS
104    help
105      Support long options for the addgroup applet.
106
107config BUSYBOX_CONFIG_FEATURE_ADDUSER_TO_GROUP
108    bool "Support for adding users to groups"
109    default n
110    depends on BUSYBOX_CONFIG_ADDGROUP
111    help
112      If called with two non-option arguments,
113      addgroup will add an existing user to an
114      existing group.
115
116config BUSYBOX_CONFIG_DELGROUP
117    bool "delgroup"
118    default n
119    help
120      Utility for deleting a group account.
121
122config BUSYBOX_CONFIG_FEATURE_DEL_USER_FROM_GROUP
123    bool "Support for removing users from groups"
124    default n
125    depends on BUSYBOX_CONFIG_DELGROUP
126    help
127      If called with two non-option arguments, deluser
128      or delgroup will remove an user from a specified group.
129
130config BUSYBOX_CONFIG_FEATURE_CHECK_NAMES
131    bool "Enable sanity check on user/group names in adduser and addgroup"
132    default n
133    depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
134    help
135      Enable sanity check on user and group names in adduser and addgroup.
136      To avoid problems, the user or group name should consist only of
137      letters, digits, underscores, periods, at signs and dashes,
138      and not start with a dash (as defined by IEEE Std 1003.1-2001).
139      For compatibility with Samba machine accounts "$" is also supported
140      at the end of the user or group name.
141
142config BUSYBOX_CONFIG_ADDUSER
143    bool "adduser"
144    default n
145    help
146      Utility for creating a new user account.
147
148config BUSYBOX_CONFIG_FEATURE_ADDUSER_LONG_OPTIONS
149    bool "Enable long options"
150    default n
151    depends on BUSYBOX_CONFIG_ADDUSER && BUSYBOX_CONFIG_LONG_OPTS
152    help
153      Support long options for the adduser applet.
154
155config BUSYBOX_CONFIG_FIRST_SYSTEM_ID
156    int "First valid system uid or gid for adduser and addgroup"
157    depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
158    range 0 64900
159    default 100
160    help
161      First valid system uid or gid for adduser and addgroup
162
163config BUSYBOX_CONFIG_LAST_SYSTEM_ID
164    int "Last valid system uid or gid for adduser and addgroup"
165    depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
166    range 0 64900
167    default 999
168    help
169      Last valid system uid or gid for adduser and addgroup
170
171config BUSYBOX_CONFIG_DELUSER
172    bool "deluser"
173    default n
174    help
175      Utility for deleting a user account.
176
177config BUSYBOX_CONFIG_GETTY
178    bool "getty"
179    default n
180    select BUSYBOX_CONFIG_FEATURE_SYSLOG
181    help
182      getty lets you log in on a tty, it is normally invoked by init.
183
184config BUSYBOX_CONFIG_FEATURE_UTMP
185    bool "Support utmp file"
186    depends on BUSYBOX_CONFIG_GETTY || BUSYBOX_CONFIG_LOGIN || BUSYBOX_CONFIG_SU || BUSYBOX_CONFIG_WHO
187    default n
188    help
189      The file /var/run/utmp is used to track who is currently logged in.
190
191config BUSYBOX_CONFIG_FEATURE_WTMP
192    bool "Support wtmp file"
193    depends on BUSYBOX_CONFIG_GETTY || BUSYBOX_CONFIG_LOGIN || BUSYBOX_CONFIG_SU || BUSYBOX_CONFIG_LAST
194    default n
195    select BUSYBOX_CONFIG_FEATURE_UTMP
196    help
197      The file /var/run/wtmp is used to track when user's have logged into
198      and logged out of the system.
199
200config BUSYBOX_CONFIG_LOGIN
201    bool "login"
202    default n
203    select BUSYBOX_CONFIG_FEATURE_SUID
204    select BUSYBOX_CONFIG_FEATURE_SYSLOG
205    help
206      login is used when signing onto a system.
207
208      Note that Busybox binary must be setuid root for this applet to
209      work properly.
210
211config BUSYBOX_CONFIG_PAM
212    bool "Support for PAM (Pluggable Authentication Modules)"
213    default n
214    depends on BUSYBOX_CONFIG_LOGIN
215    help
216      Use PAM in login(1) instead of direct access to password database.
217
218config BUSYBOX_CONFIG_LOGIN_SCRIPTS
219    bool "Support for login scripts"
220    depends on BUSYBOX_CONFIG_LOGIN
221    default n
222    help
223      Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT
224      just prior to switching from root to logged-in user.
225
226config BUSYBOX_CONFIG_FEATURE_NOLOGIN
227    bool "Support for /etc/nologin"
228    default n
229    depends on BUSYBOX_CONFIG_LOGIN
230    help
231      The file /etc/nologin is used by (some versions of) login(1).
232      If it exists, non-root logins are prohibited.
233
234config BUSYBOX_CONFIG_FEATURE_SECURETTY
235    bool "Support for /etc/securetty"
236    default n
237    depends on BUSYBOX_CONFIG_LOGIN
238    help
239      The file /etc/securetty is used by (some versions of) login(1).
240      The file contains the device names of tty lines (one per line,
241      without leading /dev/) on which root is allowed to login.
242
243config BUSYBOX_CONFIG_PASSWD
244    bool "passwd"
245    default y
246    select BUSYBOX_CONFIG_FEATURE_SUID
247    select BUSYBOX_CONFIG_FEATURE_SYSLOG
248    help
249      passwd changes passwords for user and group accounts. A normal user
250      may only change the password for his/her own account, the super user
251      may change the password for any account. The administrator of a group
252      may change the password for the group.
253
254      Note that Busybox binary must be setuid root for this applet to
255      work properly.
256
257config BUSYBOX_CONFIG_FEATURE_PASSWD_WEAK_CHECK
258    bool "Check new passwords for weakness"
259    default y
260    depends on BUSYBOX_CONFIG_PASSWD
261    help
262      With this option passwd will refuse new passwords which are "weak".
263
264config BUSYBOX_CONFIG_CRYPTPW
265    bool "cryptpw"
266    default n
267    help
268      Encrypts the given password with the crypt(3) libc function
269      using the given salt. Debian has this utility under mkpasswd
270      name. Busybox provides mkpasswd as an alias for cryptpw.
271
272config BUSYBOX_CONFIG_CHPASSWD
273    bool "chpasswd"
274    default n
275    help
276      Reads a file of user name and password pairs from standard input
277      and uses this information to update a group of existing users.
278
279config BUSYBOX_CONFIG_SU
280    bool "su"
281    default n
282    select BUSYBOX_CONFIG_FEATURE_SUID
283    select BUSYBOX_CONFIG_FEATURE_SYSLOG
284    help
285      su is used to become another user during a login session.
286      Invoked without a username, su defaults to becoming the super user.
287
288      Note that Busybox binary must be setuid root for this applet to
289      work properly.
290
291config BUSYBOX_CONFIG_FEATURE_SU_SYSLOG
292    bool "Enable su to write to syslog"
293    default n
294    depends on BUSYBOX_CONFIG_SU
295
296config BUSYBOX_CONFIG_FEATURE_SU_CHECKS_SHELLS
297    bool "Enable su to check user's shell to be listed in /etc/shells"
298    depends on BUSYBOX_CONFIG_SU
299    default n
300
301config BUSYBOX_CONFIG_SULOGIN
302    bool "sulogin"
303    default n
304    select BUSYBOX_CONFIG_FEATURE_SYSLOG
305    help
306      sulogin is invoked when the system goes into single user
307      mode (this is done through an entry in inittab).
308
309config BUSYBOX_CONFIG_VLOCK
310    bool "vlock"
311    default n
312    select BUSYBOX_CONFIG_FEATURE_SUID
313    help
314      Build the "vlock" applet which allows you to lock (virtual) terminals.
315
316      Note that Busybox binary must be setuid root for this applet to
317      work properly.
318
319endmenu
320

Archive Download this file



interactive