login.defs: remove obsolete/confusing comments
This commit is contained in:
+17
-26
@@ -3,24 +3,19 @@ Date: Sun, 7 Jul 2024 14:06:39 +0200
|
||||
Subject: Adapt login.defs for Debian
|
||||
|
||||
---
|
||||
etc/login.defs | 465 ++++++++++++++++++++-------------------------------------
|
||||
1 file changed, 158 insertions(+), 307 deletions(-)
|
||||
etc/login.defs | 455 +++++++++++++++++++--------------------------------------
|
||||
1 file changed, 149 insertions(+), 306 deletions(-)
|
||||
|
||||
diff --git a/etc/login.defs b/etc/login.defs
|
||||
index 33622c2..3a933b7 100644
|
||||
index 33622c2..4f90a71 100644
|
||||
--- a/etc/login.defs
|
||||
+++ b/etc/login.defs
|
||||
@@ -1,24 +1,46 @@
|
||||
@@ -1,24 +1,38 @@
|
||||
#
|
||||
-# /etc/login.defs - Configuration control definitions for the shadow package.
|
||||
+# /etc/login.defs - Configuration control definitions for the login package.
|
||||
# /etc/login.defs - Configuration control definitions for the shadow package.
|
||||
#
|
||||
-# $Id$
|
||||
+# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
|
||||
+# If unspecified, some arbitrary (and possibly incorrect) value will
|
||||
+# be assumed. All other items are optional - if not specified then
|
||||
+# the described action or option will be inhibited.
|
||||
#
|
||||
-#
|
||||
-
|
||||
-#
|
||||
-# Delay in seconds before being allowed another attempt after a login failure
|
||||
@@ -31,10 +26,8 @@ index 33622c2..3a933b7 100644
|
||||
-
|
||||
-#
|
||||
-# Enable logging and display of /var/log/faillog login(1) failure info.
|
||||
+# Comment lines (lines beginning with "#") and blank lines are ignored.
|
||||
#
|
||||
-#
|
||||
-FAILLOG_ENAB yes
|
||||
+# Modified for Linux. --marekm
|
||||
|
||||
-#
|
||||
-# Enable display of unknown usernames when login(1) failures are recorded.
|
||||
@@ -67,13 +60,13 @@ index 33622c2..3a933b7 100644
|
||||
+#
|
||||
+# Enable display of unknown usernames when login failures are recorded.
|
||||
+#
|
||||
+# WARNING: Unknown usernames may become world readable.
|
||||
+# WARNING: Unknown usernames may become world readable.
|
||||
+# See #290803 and #298773 for details about how this could become a security
|
||||
+# concern
|
||||
LOG_UNKFAIL_ENAB no
|
||||
|
||||
#
|
||||
@@ -27,109 +49,31 @@ LOG_UNKFAIL_ENAB no
|
||||
@@ -27,109 +41,31 @@ LOG_UNKFAIL_ENAB no
|
||||
LOG_OK_LOGINS no
|
||||
|
||||
#
|
||||
@@ -189,7 +182,7 @@ index 33622c2..3a933b7 100644
|
||||
#
|
||||
# If defined, file which inhibits all the usual chatter during the login
|
||||
# sequence. If a full pathname, then hushed mode will be enabled if the
|
||||
@@ -139,27 +83,12 @@ MAIL_DIR /var/spool/mail
|
||||
@@ -139,27 +75,12 @@ MAIL_DIR /var/spool/mail
|
||||
HUSHLOGIN_FILE .hushlogin
|
||||
#HUSHLOGIN_FILE /etc/hushlogins
|
||||
|
||||
@@ -219,7 +212,7 @@ index 33622c2..3a933b7 100644
|
||||
|
||||
#
|
||||
# Terminal permissions
|
||||
@@ -167,11 +96,18 @@ ENV_PATH PATH=/bin:/usr/bin
|
||||
@@ -167,11 +88,18 @@ ENV_PATH PATH=/bin:/usr/bin
|
||||
# TTYGROUP Login tty will be assigned this group ownership.
|
||||
# TTYPERM Login tty will be set to this permission.
|
||||
#
|
||||
@@ -236,13 +229,13 @@ index 33622c2..3a933b7 100644
|
||||
+# However, the default and recommended value for TTYPERM is still 0600
|
||||
+# to not allow anyone to write to anyone else console or terminal
|
||||
+
|
||||
+# Users can still allow other people to write them by issuing
|
||||
+# Users can still allow other people to write them by issuing
|
||||
+# the "mesg y" command.
|
||||
+
|
||||
TTYGROUP tty
|
||||
TTYPERM 0600
|
||||
|
||||
@@ -180,218 +116,142 @@ TTYPERM 0600
|
||||
@@ -180,113 +108,68 @@ TTYPERM 0600
|
||||
#
|
||||
# ERASECHAR Terminal ERASE character ('\010' = backspace).
|
||||
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
|
||||
@@ -253,8 +246,7 @@ index 33622c2..3a933b7 100644
|
||||
-# (now it works with setrlimit too; ulimit is in 512-byte units)
|
||||
-#
|
||||
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
|
||||
-#
|
||||
+#
|
||||
#
|
||||
ERASECHAR 0177
|
||||
KILLCHAR 025
|
||||
-#ULIMIT 2097152
|
||||
@@ -370,8 +362,7 @@ index 33622c2..3a933b7 100644
|
||||
# any combination of letters "frwh" (full name, room number, work
|
||||
# phone, home phone). If not defined, no changes are allowed.
|
||||
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
|
||||
-#
|
||||
+#
|
||||
@@ -294,104 +177,73 @@ CHFN_AUTH yes
|
||||
CHFN_RESTRICT rwh
|
||||
|
||||
#
|
||||
@@ -516,7 +507,7 @@ index 33622c2..3a933b7 100644
|
||||
|
||||
#
|
||||
# The pwck(8) utility emits a warning for any system account with a home
|
||||
@@ -401,67 +261,12 @@ DEFAULT_HOME yes
|
||||
@@ -401,67 +253,12 @@ DEFAULT_HOME yes
|
||||
#
|
||||
NONEXISTENT /nonexistent
|
||||
|
||||
@@ -584,7 +575,7 @@ index 33622c2..3a933b7 100644
|
||||
#
|
||||
# Select the HMAC cryptography algorithm.
|
||||
# Used in pam_timestamp module to calculate the keyed-hash message
|
||||
@@ -471,3 +276,49 @@ PREVENT_NO_AUTH superuser
|
||||
@@ -471,3 +268,49 @@ PREVENT_NO_AUTH superuser
|
||||
# that are available in your system.
|
||||
#
|
||||
#HMAC_CRYPTO_ALGO SHA512
|
||||
|
||||
Reference in New Issue
Block a user