2 # For a description of the syntax of this configuration file,
3 # see scripts/kbuild/config-language.txt.
6 menu "Login/Password Management Utilities"
8 config FEATURE_SHADOWPASSWDS
9 bool "Support for shadow passwords"
12 Build support for shadow password in /etc/shadow. This file is only
13 readable by root and thus the encrypted passwords are no longer
17 bool "Use internal password and group functions rather than system functions"
20 If you leave this disabled, busybox will use the system's password
21 and group functions. And if you are using the GNU C library
22 (glibc), you will then need to install the /etc/nsswitch.conf
23 configuration file and the required /lib/libnss_* libraries in
24 order for the password and group functions to work. This generally
25 makes your embedded system quite a bit larger.
27 Enabling this option will cause busybox to directly access the
28 system's /etc/password, /etc/group files (and your system will be
29 smaller, and I will get fewer emails asking about how glibc NSS
30 works). When this option is enabled, you will not be able to use
31 PAM to access remote LDAP password servers and whatnot. And if you
32 want hostname resolution to work with glibc, you still need the
33 /lib/libnss_* libraries.
35 If you need to use glibc's nsswitch.conf mechanism
36 (e.g. if user/group database is NOT stored in /etc/passwd etc),
37 you must NOT use this option.
39 If you enable this option, it will add about 1.5k to busybox.
42 bool "Use busybox shadow password functions"
44 depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS
46 If you leave this disabled, busybox will use the system's shadow
47 password handling functions. And if you are using the GNU C library
48 (glibc), you will then need to install the /etc/nsswitch.conf
49 configuration file and the required /lib/libnss_* libraries in
50 order for the shadow password functions to work. This generally
51 makes your embedded system quite a bit larger.
53 Enabling this option will cause busybox to directly access the
54 system's /etc/shadow file when handling shadow passwords. This
55 makes your system smaller and I will get fewer emails asking about
56 how glibc NSS works). When this option is enabled, you will not be
57 able to use PAM to access shadow passwords from remote LDAP
58 password servers and whatnot.
61 bool "Use internal DES and MD5 crypt functions rather than system functions"
64 If you leave this disabled, busybox will use the system's
65 crypt functions. Most C libraries use large (~70k)
66 static buffers in these functions, and also combine them
67 with more general DES encryption/decryption routines.
68 For busybox, having large static buffers is undesirable,
69 especially on NOMMU machines.
71 These functions produce results which are identical
72 to corresponding C library functions.
74 If you enable this option, it will add about 4.8k to busybox
75 if you are building dynamically linked executable.
76 In static build, it makes executable _smaller_ by about 1.2k.
82 Utility for creating a new group account.
84 config FEATURE_ADDUSER_TO_GROUP
85 bool "Support for adding users to groups"
89 If called with two non-option arguments,
90 addgroup will add an existing user to an
97 Utility for deleting a group account.
99 config FEATURE_DEL_USER_FROM_GROUP
100 bool "Support for removing users from groups."
104 If called with two non-option arguments, deluser
105 or delgroup will remove an user from a specified group.
107 config FEATURE_CHECK_NAMES
108 bool "Enable sanity check on user/group names in adduser and addgroup"
110 depends on ADDUSER || ADDGROUP
112 Enable sanity check on user and group names in adduser and addgroup.
113 To avoid problems, the user or group name should consist only of
114 letters, digits, underscores, periods, at signs and dashes,
115 and not start with a dash (as defined by IEEE Std 1003.1-2001).
116 For compatibility with Samba machine accounts "$" is also supported
117 at the end of the user or group name.
123 Utility for creating a new user account.
125 config FEATURE_ADDUSER_LONG_OPTIONS
126 bool "Enable long options"
128 depends on ADDUSER && GETOPT_LONG
130 Support long options for the adduser applet.
136 Utility for deleting a user account.
141 select FEATURE_SYSLOG
143 getty lets you log in on a tty, it is normally invoked by init.
146 bool "Support utmp file"
147 depends on GETTY || LOGIN || SU || WHO
150 The file /var/run/utmp is used to track who is currently logged in.
153 bool "Support wtmp file"
154 depends on GETTY || LOGIN || SU || LAST
158 The file /var/run/wtmp is used to track when user's have logged into
159 and logged out of the system.
165 select FEATURE_SYSLOG
167 login is used when signing onto a system.
169 Note that Busybox binary must be setuid root for this applet to
173 bool "Support for PAM (Pluggable Authentication Modules)"
177 Use PAM in login(1) instead of direct access to password database.
180 bool "Support for login scripts"
184 Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT
185 just prior to switching from root to logged-in user.
187 config FEATURE_NOLOGIN
188 bool "Support for /etc/nologin"
192 The file /etc/nologin is used by (some versions of) login(1).
193 If it exists, non-root logins are prohibited.
195 config FEATURE_SECURETTY
196 bool "Support for /etc/securetty"
200 The file /etc/securetty is used by (some versions of) login(1).
201 The file contains the device names of tty lines (one per line,
202 without leading /dev/) on which root is allowed to login.
208 select FEATURE_SYSLOG
210 passwd changes passwords for user and group accounts. A normal user
211 may only change the password for his/her own account, the super user
212 may change the password for any account. The administrator of a group
213 may change the password for the group.
215 Note that Busybox binary must be setuid root for this applet to
218 config FEATURE_PASSWD_WEAK_CHECK
219 bool "Check new passwords for weakness"
223 With this option passwd will refuse new passwords which are "weak".
229 Applet for crypting a string.
235 chpasswd reads a file of user name and password pairs from
236 standard input and uses this information to update a group of
243 select FEATURE_SYSLOG
245 su is used to become another user during a login session.
246 Invoked without a username, su defaults to becoming the super user.
248 Note that Busybox binary must be setuid root for this applet to
251 config FEATURE_SU_SYSLOG
252 bool "Enable su to write to syslog"
256 config FEATURE_SU_CHECKS_SHELLS
257 bool "Enable su to check user's shell to be listed in /etc/shells"
264 select FEATURE_SYSLOG
266 sulogin is invoked when the system goes into single user
267 mode (this is done through an entry in inittab).
274 Build the "vlock" applet which allows you to lock (virtual) terminals.
276 Note that Busybox binary must be setuid root for this applet to