From: Philip Balister <philip@balister.org>
To: openembedded-devel@lists.openembedded.org
Subject: Re: [PATCH][STABLE] shadow: try to fix serial-login issue
Date: Mon, 22 Mar 2010 22:00:15 -0400 [thread overview]
Message-ID: <4BA820AF.4070307@balister.org> (raw)
In-Reply-To: <1269256016-13155-4-git-send-email-marcin@juszkiewicz.com.pl>
Acked-by: Philip Balister <philip@balister.org>
On 03/22/2010 07:06 AM, Marcin Juszkiewicz wrote:
> From: Koen Kooi<koen@openembedded.org>
>
> ---
> recipes/shadow/files/pam.d/login | 2 +-
> recipes/shadow/files/securetty | 167 ++++++++++++++++++++++++++++++++++++++
> recipes/shadow/shadow_4.1.4.2.bb | 5 +-
> 3 files changed, 172 insertions(+), 2 deletions(-)
> create mode 100644 recipes/shadow/files/securetty
>
> diff --git a/recipes/shadow/files/pam.d/login b/recipes/shadow/files/pam.d/login
> index 2186d3e..65992c6 100644
> --- a/recipes/shadow/files/pam.d/login
> +++ b/recipes/shadow/files/pam.d/login
> @@ -20,7 +20,7 @@ auth optional pam_faildelay.so delay=3000000
> # You can change it to a "required" module if you think it permits to
> # guess valid user names of your system (invalid user names are considered
> # as possibly being root).
> -auth requisite pam_securetty.so
> +auth [success=ok ignore=ignore user_unknown=ignore default=die] pam_securetty.so
>
> # Disallows other than root logins when /etc/nologin exists
> # (Replaces the `NOLOGINS_FILE' option from login.defs)
> diff --git a/recipes/shadow/files/securetty b/recipes/shadow/files/securetty
> new file mode 100644
> index 0000000..2705baa
> --- /dev/null
> +++ b/recipes/shadow/files/securetty
> @@ -0,0 +1,167 @@
> +# /etc/securetty: list of terminals on which root is allowed to login.
> +# See securetty(5) and login(1).
> +console
> +
> +# Standard serial ports
> +ttyS0
> +ttyS1
> +
> +# USB dongles
> +ttyUSB0
> +ttyUSB1
> +ttyUSB2
> +
> +# Embedded MPC platforms
> +ttyPSC0
> +ttyPSC1
> +ttyPSC2
> +ttyPSC3
> +ttyPSC4
> +ttyPSC5
> +
> +# PA-RISC mux ports
> +ttyB0
> +ttyB1
> +
> +# Standard hypervisor virtual console
> +hvc0
> +
> +# Oldstyle Xen console
> +xvc0
> +
> +# Standard consoles
> +tty1
> +tty2
> +tty3
> +tty4
> +tty5
> +tty6
> +tty7
> +tty8
> +tty9
> +tty10
> +tty11
> +tty12
> +tty13
> +tty14
> +tty15
> +tty16
> +tty17
> +tty18
> +tty19
> +tty20
> +tty21
> +tty22
> +tty23
> +tty24
> +tty25
> +tty26
> +tty27
> +tty28
> +tty29
> +tty30
> +tty31
> +tty32
> +tty33
> +tty34
> +tty35
> +tty36
> +tty37
> +tty38
> +tty39
> +tty40
> +tty41
> +tty42
> +tty43
> +tty44
> +tty45
> +tty46
> +tty47
> +tty48
> +tty49
> +tty50
> +tty51
> +tty52
> +tty53
> +tty54
> +tty55
> +tty56
> +tty57
> +tty58
> +tty59
> +tty60
> +tty61
> +tty62
> +tty63
> +
> +# devfs consoles
> +# Note: On kernels greater than 2.6.12, this is not needed.
> +
> +# Standard serial ports, with devfs
> +tts/0
> +tts/1
> +
> +# Standard consoles, with devfs
> +vc/1
> +vc/2
> +vc/3
> +vc/4
> +vc/5
> +vc/6
> +vc/7
> +vc/8
> +vc/9
> +vc/10
> +vc/11
> +vc/12
> +vc/13
> +vc/14
> +vc/15
> +vc/16
> +vc/17
> +vc/18
> +vc/19
> +vc/20
> +vc/21
> +vc/22
> +vc/23
> +vc/24
> +vc/25
> +vc/26
> +vc/27
> +vc/28
> +vc/29
> +vc/30
> +vc/31
> +vc/32
> +vc/33
> +vc/34
> +vc/35
> +vc/36
> +vc/37
> +vc/38
> +vc/39
> +vc/40
> +vc/41
> +vc/42
> +vc/43
> +vc/44
> +vc/45
> +vc/46
> +vc/47
> +vc/48
> +vc/49
> +vc/50
> +vc/51
> +vc/52
> +vc/53
> +vc/54
> +vc/55
> +vc/56
> +vc/57
> +vc/58
> +vc/59
> +vc/60
> +vc/61
> +vc/62
> +vc/63
> diff --git a/recipes/shadow/shadow_4.1.4.2.bb b/recipes/shadow/shadow_4.1.4.2.bb
> index 04887a0..7f64023 100644
> --- a/recipes/shadow/shadow_4.1.4.2.bb
> +++ b/recipes/shadow/shadow_4.1.4.2.bb
> @@ -4,7 +4,7 @@ LICENSE = "GPL"
> DEPEND = "libpam"
> RDEPEND = "${DEPEND}"
>
> -PR = "r5"
> +PR = "r6"
>
> EXTRA_OECONF += " --enable-shared --enable-static --with-libpam --without-libcrack"
>
> @@ -24,6 +24,7 @@ SRC_URI_append = " \
> file://pam.d/newusers \
> file://pam.d/passwd \
> file://pam.d/su \
> + file://securetty \
> "
>
> S = "${WORKDIR}/shadow-${PV}"
> @@ -49,4 +50,6 @@ do_install_append() {
> # The system MDA will set this later anyway.
> sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
> sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
> +
> + install -m 0644 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty
> }
next prev parent reply other threads:[~2010-03-23 2:03 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-22 11:06 [STABLE] Adding shadow recipes Marcin Juszkiewicz
2010-03-22 11:06 ` [PATCH][STABLE] shadow: add 4.1.4 Marcin Juszkiewicz
2010-03-22 12:35 ` Koen Kooi
2010-03-23 1:59 ` Philip Balister
2010-03-22 11:06 ` [PATCH][STABLE] shadow: Add version 4.1.4.2 and checksum Marcin Juszkiewicz
2010-03-22 12:35 ` Koen Kooi
2010-03-23 2:00 ` Philip Balister
2010-03-22 11:06 ` [PATCH][STABLE] shadow: try to fix serial-login issue Marcin Juszkiewicz
2010-03-22 11:24 ` Koen Kooi
2010-03-23 2:00 ` Philip Balister [this message]
2010-03-22 11:06 ` [PATCH][STABLE] shadow: unbork the dependencies.. its DEPENDS, not DEPEND Marcin Juszkiewicz
2010-03-22 12:36 ` Koen Kooi
2010-03-23 2:00 ` Philip Balister
2010-03-22 11:06 ` [PATCH][STABLE] shadow: reorg into .inc, pull some mvl6 changes over, use a 'pam' distro feature Marcin Juszkiewicz
2010-03-22 12:36 ` Koen Kooi
2010-03-23 2:00 ` Philip Balister
2010-03-22 11:06 ` [PATCH][STABLE] shadow.inc: Correctly install /etc/securetty and add back support for creating /etc/skel as part of the recipe Marcin Juszkiewicz
2010-03-22 12:34 ` Koen Kooi
2010-03-23 2:00 ` Philip Balister
2010-03-22 11:06 ` [PATCH][STABLE] shadow: Extend securetty file to include more common ttys (inc. ones used on OMAP3 platforms). Small correction for login pam file Marcin Juszkiewicz
2010-03-22 12:36 ` Koen Kooi
2010-03-23 2:01 ` Philip Balister
2010-03-22 11:06 ` [PATCH][STABLE] shadow: Fix issue that stopped shadow.inc from packaging /usr/bin/passwd correctly and bump INC_PR Marcin Juszkiewicz
2010-03-22 12:36 ` Koen Kooi
2010-03-23 2:01 ` Philip Balister
2010-03-22 11:06 ` [PATCH][STABLE] shadow: run pwconv and grpconv in postinst Marcin Juszkiewicz
2010-03-22 11:24 ` Koen Kooi
2010-03-23 2:01 ` Philip Balister
2010-03-22 11:06 ` [PATCH][STABLE] shadow: use u-a on binaries that conflict with util-linux-ng Marcin Juszkiewicz
2010-03-22 11:24 ` Koen Kooi
2010-03-23 2:01 ` Philip Balister
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BA820AF.4070307@balister.org \
--to=philip@balister.org \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.