From: Frank Brehm Date: Wed, 28 Dec 2016 12:01:28 +0000 (+0100) Subject: saving uncommitted changes in /etc prior to emerge run X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=8c15daf0ebe88fda5cd663884e21f5f5e4044027;p=config%2Fberta%2Fetc.git saving uncommitted changes in /etc prior to emerge run --- diff --git a/login.defs b/login.defs index d0bf19d..76dbfc8 100644 --- a/login.defs +++ b/login.defs @@ -1,23 +1,24 @@ # # /etc/login.defs - Configuration control definitions for the shadow package. # -# $Id: login.defs 3189 2010-03-26 11:53:06Z nekral-guest $ +# $Id$ # # # Delay in seconds before being allowed another attempt after a login failure -# Note: When PAM is used, some modules may enfore a minimal delay (e.g. -# pam_unix enforces a 2s delay) +# Note: When PAM is used, some modules may enforce a minimum delay (e.g. +# pam_unix(8) enforces a 2s delay) # FAIL_DELAY 3 # -# Enable logging and display of /var/log/faillog login failure info. +# Enable logging and display of /var/log/faillog login(1) failure info. # -#FAILLOG_ENAB +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. +#FAILLOG_ENAB yes # -# Enable display of unknown usernames when login failures are recorded. +# Enable display of unknown usernames when login(1) failures are recorded. # LOG_UNKFAIL_ENAB no @@ -27,9 +28,10 @@ LOG_UNKFAIL_ENAB no LOG_OK_LOGINS no # -# Enable logging and display of /var/log/lastlog login time info. +# Enable logging and display of /var/log/lastlog login(1) time info. # -#LASTLOG_ENAB +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. +#LASTLOG_ENAB yes # # Enable checking and display of mailbox status upon login. @@ -37,26 +39,30 @@ LOG_OK_LOGINS no # Disable if the shell startup files already check for mail # ("mailx -e" or equivalent). # -#MAIL_CHECK_ENAB +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. +#MAIL_CHECK_ENAB yes # # Enable additional checks upon password changes. # -#OBSCURE_CHECKS_ENAB +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. +#OBSCURE_CHECKS_ENAB yes # # Enable checking of time restrictions specified in /etc/porttime. # -#PORTTIME_CHECKS_ENAB +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. +#PORTTIME_CHECKS_ENAB yes # -# Enable setting of ulimit, umask, and niceness from passwd gecos field. +# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field. # -#QUOTAS_ENAB +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. +#QUOTAS_ENAB yes # -# Enable "syslog" logging of su activity - in addition to sulog file logging. -# SYSLOG_SG_ENAB does the same for newgrp and sg. +# Enable "syslog" logging of su(1) activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1). # SYSLOG_SU_ENAB yes SYSLOG_SG_ENAB yes @@ -64,13 +70,15 @@ SYSLOG_SG_ENAB yes # # If defined, either full pathname of a file containing device names or # a ":" delimited list of device names. Root logins will be allowed only -# upon these devices. +# from these devices. # -CONSOLE /etc/securetty +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. +#CONSOLE /etc/securetty +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. #CONSOLE console:tty01:tty02:tty03:tty04 # -# If defined, all su activity is logged to this file. +# If defined, all su(1) activity is logged to this file. # #SULOG_FILE /var/log/sulog @@ -78,37 +86,41 @@ CONSOLE /etc/securetty # If defined, ":" delimited list of "message of the day" files to # be displayed upon login. # -#MOTD_FILE -#MOTD_FILE +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. +#MOTD_FILE /etc/motd +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. +#MOTD_FILE /etc/motd:/usr/lib/news/news-motd # -# If defined, this file will be output before each login prompt. +# If defined, this file will be output before each login(1) prompt. # #ISSUE_FILE /etc/issue # # If defined, file which maps tty line to TERM environment parameter. -# Each line of the file is in a format something like "vt100 tty01". +# Each line of the file is in a format similar to "vt100 tty01". # #TTYTYPE_FILE /etc/ttytype # -# If defined, login failures will be logged here in a utmp format. -# last, when invoked as lastb, will read /var/log/btmp, so... +# If defined, login(1) failures will be logged here in a utmp format. +# last(1), when invoked as lastb(1), will read /var/log/btmp, so... # -#FTMP_FILE +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. +#FTMP_FILE /var/log/btmp # -# If defined, name of file whose presence which will inhibit non-root -# logins. The contents of this file should be a message indicating +# If defined, name of file whose presence will inhibit non-root +# logins. The content of this file should be a message indicating # why logins are inhibited. # -#NOLOGINS_FILE +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. +#NOLOGINS_FILE /etc/nologin # # If defined, the command name to display when running "su -". For -# example, if this is defined as "su" then a "ps" will display the -# command is "-su". If not defined, then "ps" would display the +# example, if this is defined as "su" then ps(1) will display the +# command as "-su". If not defined, then ps(1) will display the # name of the shell actually being run, e.g. something like "-sh". # SU_NAME su @@ -141,9 +153,11 @@ HUSHLOGIN_FILE .hushlogin # If defined, an HZ environment parameter spec. # # for Linux/x86 -#ENV_HZ +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. +#ENV_HZ HZ=100 # For Linux/Alpha... -#ENV_HZ +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. +#ENV_HZ HZ=1024 # # *REQUIRED* The default PATH settings, for superuser and normal users. @@ -158,10 +172,10 @@ ENV_PATH PATH=/bin:/usr/bin # TTYGROUP Login tty will be assigned this group ownership. # TTYPERM Login tty will be set to this permission. # -# If you have a "write" program which is "setgid" to a special group -# which owns the terminals, define TTYGROUP to the group number and -# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign -# TTYPERM to either 622 or 600. +# If you have a write(1) program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP as the number of such group +# and TTYPERM as 0620. Otherwise leave TTYGROUP commented out and +# set TTYPERM to either 622 or 600. # TTYGROUP tty TTYPERM 0600 @@ -183,13 +197,13 @@ ERASECHAR 0177 KILLCHAR 025 #ULIMIT 2097152 -# Default initial "umask" value used by login on non-PAM enabled systems. -# Default "umask" value for pam_umask on PAM enabled systems. -# UMASK is also used by useradd and newusers to set the mode of new home -# directories. +# Default initial "umask" value used by login(1) on non-PAM enabled systems. +# Default "umask" value for pam_umask(8) on PAM enabled systems. +# UMASK is also used by useradd(8) and newusers(8) to set the mode for new +# home directories. # 022 is the default value, but 027, or even 077, could be considered -# better for privacy. There is no One True Answer here: each sysadmin -# must make up her mind. +# for increased privacy. There is no One True Answer here: each sysadmin +# must make up his/her mind. UMASK 022 # @@ -202,7 +216,8 @@ UMASK 022 # PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 -#PASS_MIN_LEN +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. +#PASS_MIN_LEN 5 PASS_WARN_AGE 7 # @@ -211,50 +226,62 @@ PASS_WARN_AGE 7 # to uid 0 accounts. If the group doesn't exist or is empty, no one # will be able to "su" to uid 0. # -#SU_WHEEL_ONLY +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. +#SU_WHEEL_ONLY no # -# If compiled with cracklib support, where are the dictionaries +# If compiled with cracklib support, sets the path to the dictionaries # -#CRACKLIB_DICTPATH +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. +#CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict # -# Min/max values for automatic uid selection in useradd +# Min/max values for automatic uid selection in useradd(8) # UID_MIN 1000 UID_MAX 60000 # System accounts SYS_UID_MIN 101 SYS_UID_MAX 999 +# Extra per user uids +SUB_UID_MIN 100000 +SUB_UID_MAX 600100000 +SUB_UID_COUNT 65536 # -# Min/max values for automatic gid selection in groupadd +# Min/max values for automatic gid selection in groupadd(8) # GID_MIN 1000 GID_MAX 60000 # System accounts SYS_GID_MIN 101 SYS_GID_MAX 999 +# Extra per user group ids +SUB_GID_MIN 100000 +SUB_GID_MAX 600100000 +SUB_GID_COUNT 65536 # -# Max number of login retries if password is bad +# Max number of login(1) retries if password is bad # LOGIN_RETRIES 5 # -# Max time in seconds for login +# Max time in seconds for login(1) # LOGIN_TIMEOUT 60 # # Maximum number of attempts to change password if rejected (too easy) # -#PASS_CHANGE_TRIES +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. +#PASS_CHANGE_TRIES 5 # # Warn about weak passwords (but still allow them) if you are root. # -#PASS_ALWAYS_WARN +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. +#PASS_ALWAYS_WARN yes # # Number of significant characters in the password for crypt(). @@ -264,12 +291,13 @@ LOGIN_TIMEOUT 60 #PASS_MAX_LEN 8 # -# Require password before chfn/chsh can make any changes. +# Require password before chfn(1)/chsh(1) can make any changes. # -#CHFN_AUTH +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. +#CHFN_AUTH yes # -# Which fields may be changed by regular users using chfn - use +# Which fields may be changed by regular users using chfn(1) - use # any combination of letters "frwh" (full name, room number, work # phone, home phone). If not defined, no changes are allowed. # For backward compatibility, "yes" = "rwh" and "no" = "frwh". @@ -294,13 +322,13 @@ CHFN_RESTRICT rwh # Note: If you use PAM, it is recommended to use a value consistent with # the PAM modules configuration. # -# This variable is deprecated. You should use ENCRYPT_METHOD. +# This variable is deprecated. You should use ENCRYPT_METHOD instead. # #MD5_CRYPT_ENAB no # # Only works if compiled with ENCRYPTMETHOD_SELECT defined: -# If set to MD5 , MD5-based algorithm will be used for encrypting password +# If set to MD5, MD5-based algorithm will be used for encrypting password # If set to SHA256, SHA256-based algorithm will be used for encrypting password # If set to SHA512, SHA512-based algorithm will be used for encrypting password # If set to DES, DES-based algorithm will be used for encrypting password (default) @@ -315,12 +343,12 @@ CHFN_RESTRICT rwh # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. # # Define the number of SHA rounds. -# With a lot of rounds, it is more difficult to brute forcing the password. -# But note also that it more CPU resources will be needed to authenticate -# users. +# With a lot of rounds, it is more difficult to brute-force the password. +# However, more CPU resources will be needed to authenticate users if +# this value is increased. # # If not specified, the libc will choose the default number of rounds (5000). -# The values must be inside the 1000-999999999 range. +# The values must be within the 1000-999999999 range. # If only one of the MIN or MAX values is set, then this value will be used. # If MIN > MAX, the highest value will be used. # @@ -329,18 +357,18 @@ CHFN_RESTRICT rwh # # List of groups to add to the user's supplementary group set -# when logging in on the console (as determined by the CONSOLE +# when logging in from the console (as determined by the CONSOLE # setting). Default is none. # # Use with caution - it is possible for users to gain permanent -# access to these groups, even when not logged in on the console. +# access to these groups, even when not logged in from the console. # How to do it is left as an exercise for the reader... # #CONSOLE_GROUPS floppy:audio:cdrom # # Should login be allowed if we can't cd to the home directory? -# Default in no. +# Default is no. # DEFAULT_HOME yes @@ -348,7 +376,8 @@ DEFAULT_HOME yes # If this file exists and is readable, login environment will be # read from it. Every line should be in the form name=value. # -#ENVIRON_FILE +# NOTE: This setting should be configured via /etc/pam.d/ and not in this file. +#ENVIRON_FILE /etc/environment # # If defined, this command is run when removing a user. @@ -362,14 +391,14 @@ DEFAULT_HOME yes # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is # the same as gid, and username is the same as the primary group name. # -# This also enables userdel to remove user groups if no members exist. +# This also enables userdel(8) to remove user groups if no members exist. # USERGROUPS_ENAB yes # -# If set to a non-nul number, the shadow utilities will make sure that +# If set to a non-zero number, the shadow utilities will make sure that # groups never have more than this number of users on one line. -# This permit to support split groups (groups split into multiple lines, +# This permits to support split groups (groups split into multiple lines, # with the same group ID, to avoid limitation of the line length in the # group file). # @@ -378,10 +407,10 @@ USERGROUPS_ENAB yes #MAX_MEMBERS_PER_GROUP 0 # -# If useradd should create home directories for users by default (non -# system users only) -# This option is overridden with the -M or -m flags on the useradd command -# line. +# If useradd(8) should create home directories for users by default (non +# system users only). +# This option is overridden with the -M or -m flags on the useradd(8) +# command-line. # -#CREATE_HOME yes +CREATE_HOME yes