From: Philip Balister <philip@balister.org>
To: openembedded-devel@lists.openembedded.org
Subject: Re: [PATCH][STABLE] shadow: try to fix serial-login issue
Date: Mon, 22 Mar 2010 22:00:15 -0400 [thread overview]
Message-ID: <4BA820AF.4070307@balister.org> (raw)
In-Reply-To: <1269256016-13155-4-git-send-email-marcin@juszkiewicz.com.pl>
Acked-by: Philip Balister <philip@balister.org>
On 03/22/2010 07:06 AM, Marcin Juszkiewicz wrote:
> From: Koen Kooi<koen@openembedded.org>
>
> ---
> recipes/shadow/files/pam.d/login | 2 +-
> recipes/shadow/files/securetty | 167 ++++++++++++++++++++++++++++++++++++++
> recipes/shadow/shadow_4.1.4.2.bb | 5 +-
> 3 files changed, 172 insertions(+), 2 deletions(-)
> create mode 100644 recipes/shadow/files/securetty
>
> diff --git a/recipes/shadow/files/pam.d/login b/recipes/shadow/files/pam.d/login
> index 2186d3e..65992c6 100644
> --- a/recipes/shadow/files/pam.d/login
> +++ b/recipes/shadow/files/pam.d/login
> @@ -20,7 +20,7 @@ auth optional pam_faildelay.so delay=3000000
> # You can change it to a "required" module if you think it permits to
> # guess valid user names of your system (invalid user names are considered
> # as possibly being root).
> -auth requisite pam_securetty.so
> +auth [success=ok ignore=ignore user_unknown=ignore default=die] pam_securetty.so
>
> # Disallows other than root logins when /etc/nologin exists
> # (Replaces the `NOLOGINS_FILE' option from login.defs)
> diff --git a/recipes/shadow/files/securetty b/recipes/shadow/files/securetty
> new file mode 100644
> index 0000000..2705baa
> --- /dev/null
> +++ b/recipes/shadow/files/securetty
> @@ -0,0 +1,167 @@
> +# /etc/securetty: list of terminals on which root is allowed to login.
> +# See securetty(5) and login(1).
> +console
> +
> +# Standard serial ports
> +ttyS0
> +ttyS1
> +
> +# USB dongles
> +ttyUSB0
> +ttyUSB1
> +ttyUSB2
> +
> +# Embedded MPC platforms
> +ttyPSC0
> +ttyPSC1
> +ttyPSC2
> +ttyPSC3
> +ttyPSC4
> +ttyPSC5
> +
> +# PA-RISC mux ports
> +ttyB0
> +ttyB1
> +
> +# Standard hypervisor virtual console
> +hvc0
> +
> +# Oldstyle Xen console
> +xvc0
> +
> +# Standard consoles
> +tty1
> +tty2
> +tty3
> +tty4
> +tty5
> +tty6
> +tty7
> +tty8
> +tty9
> +tty10
> +tty11
> +tty12
> +tty13
> +tty14
> +tty15
> +tty16
> +tty17
> +tty18
> +tty19
> +tty20
> +tty21
> +tty22
> +tty23
> +tty24
> +tty25
> +tty26
> +tty27
> +tty28
> +tty29
> +tty30
> +tty31
> +tty32
> +tty33
> +tty34
> +tty35
> +tty36
> +tty37
> +tty38
> +tty39
> +tty40
> +tty41
> +tty42
> +tty43
> +tty44
> +tty45
> +tty46
> +tty47
> +tty48
> +tty49
> +tty50
> +tty51
> +tty52
> +tty53
> +tty54
> +tty55
> +tty56
> +tty57
> +tty58
> +tty59
> +tty60
> +tty61
> +tty62
> +tty63
> +
> +# devfs consoles
> +# Note: On kernels greater than 2.6.12, this is not needed.
> +
> +# Standard serial ports, with devfs
> +tts/0
> +tts/1
> +
> +# Standard consoles, with devfs
> +vc/1
> +vc/2
> +vc/3
> +vc/4
> +vc/5
> +vc/6
> +vc/7
> +vc/8
> +vc/9
> +vc/10
> +vc/11
> +vc/12
> +vc/13
> +vc/14
> +vc/15
> +vc/16
> +vc/17
> +vc/18
> +vc/19
> +vc/20
> +vc/21
> +vc/22
> +vc/23
> +vc/24
> +vc/25
> +vc/26
> +vc/27
> +vc/28
> +vc/29
> +vc/30
> +vc/31
> +vc/32
> +vc/33
> +vc/34
> +vc/35
> +vc/36
> +vc/37
> +vc/38
> +vc/39
> +vc/40
> +vc/41
> +vc/42
> +vc/43
> +vc/44
> +vc/45
> +vc/46
> +vc/47
> +vc/48
> +vc/49
> +vc/50
> +vc/51
> +vc/52
> +vc/53
> +vc/54
> +vc/55
> +vc/56
> +vc/57
> +vc/58
> +vc/59
> +vc/60
> +vc/61
> +vc/62
> +vc/63
> diff --git a/recipes/shadow/shadow_4.1.4.2.bb b/recipes/shadow/shadow_4.1.4.2.bb
> index 04887a0..7f64023 100644
> --- a/recipes/shadow/shadow_4.1.4.2.bb
> +++ b/recipes/shadow/shadow_4.1.4.2.bb
> @@ -4,7 +4,7 @@ LICENSE = "GPL"
> DEPEND = "libpam"
> RDEPEND = "${DEPEND}"
>
> -PR = "r5"
> +PR = "r6"
>
> EXTRA_OECONF += " --enable-shared --enable-static --with-libpam --without-libcrack"
>
> @@ -24,6 +24,7 @@ SRC_URI_append = " \
> file://pam.d/newusers \
> file://pam.d/passwd \
> file://pam.d/su \
> + file://securetty \
> "
>
> S = "${WORKDIR}/shadow-${PV}"
> @@ -49,4 +50,6 @@ do_install_append() {
> # The system MDA will set this later anyway.
> sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
> sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
> +
> + install -m 0644 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty
> }
next prev parent reply other threads:[~2010-03-23 2:03 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-22 11:06 [STABLE] Adding shadow recipes Marcin Juszkiewicz
2010-03-22 11:06 ` [PATCH][STABLE] shadow: add 4.1.4 Marcin Juszkiewicz
2010-03-22 12:35 ` Koen Kooi
2010-03-23 1:59 ` Philip Balister
2010-03-22 11:06 ` [PATCH][STABLE] shadow: Add version 4.1.4.2 and checksum Marcin Juszkiewicz
2010-03-22 12:35 ` Koen Kooi
2010-03-23 2:00 ` Philip Balister
2010-03-22 11:06 ` [PATCH][STABLE] shadow: try to fix serial-login issue Marcin Juszkiewicz
2010-03-22 11:24 ` Koen Kooi
2010-03-23 2:00 ` Philip Balister [this message]
2010-03-22 11:06 ` [PATCH][STABLE] shadow: unbork the dependencies.. its DEPENDS, not DEPEND Marcin Juszkiewicz
2010-03-22 12:36 ` Koen Kooi
2010-03-23 2:00 ` Philip Balister
2010-03-22 11:06 ` [PATCH][STABLE] shadow: reorg into .inc, pull some mvl6 changes over, use a 'pam' distro feature Marcin Juszkiewicz
2010-03-22 12:36 ` Koen Kooi
2010-03-23 2:00 ` Philip Balister
2010-03-22 11:06 ` [PATCH][STABLE] shadow.inc: Correctly install /etc/securetty and add back support for creating /etc/skel as part of the recipe Marcin Juszkiewicz
2010-03-22 12:34 ` Koen Kooi
2010-03-23 2:00 ` Philip Balister
2010-03-22 11:06 ` [PATCH][STABLE] shadow: Extend securetty file to include more common ttys (inc. ones used on OMAP3 platforms). Small correction for login pam file Marcin Juszkiewicz
2010-03-22 12:36 ` Koen Kooi
2010-03-23 2:01 ` Philip Balister
2010-03-22 11:06 ` [PATCH][STABLE] shadow: Fix issue that stopped shadow.inc from packaging /usr/bin/passwd correctly and bump INC_PR Marcin Juszkiewicz
2010-03-22 12:36 ` Koen Kooi
2010-03-23 2:01 ` Philip Balister
2010-03-22 11:06 ` [PATCH][STABLE] shadow: run pwconv and grpconv in postinst Marcin Juszkiewicz
2010-03-22 11:24 ` Koen Kooi
2010-03-23 2:01 ` Philip Balister
2010-03-22 11:06 ` [PATCH][STABLE] shadow: use u-a on binaries that conflict with util-linux-ng Marcin Juszkiewicz
2010-03-22 11:24 ` Koen Kooi
2010-03-23 2:01 ` Philip Balister
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BA820AF.4070307@balister.org \
--to=philip@balister.org \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox