menu "Login/Password Management Utilities"
-config CONFIG_USE_BB_PWD_GRP
- bool "Use internal password and group functions rather than system functions"
+config FEATURE_SHADOWPASSWDS
+ bool "Support for shadow passwords"
default n
help
- Please submit a patch to add help text for this item.
+ Build support for shadow password in /etc/shadow. This file is only
+ readable by root and thus the encrypted passwords are no longer
+ publicly readable.
-config CONFIG_ADDGROUP
+config USE_BB_SHADOW
+ bool " Use busybox shadow password functions"
+ default y
+ depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS
+ help
+ If you leave this disabled, busybox will use the system's shadow
+ password handling functions. And if you are using the GNU C library
+ (glibc), you will then need to install the /etc/nsswitch.conf
+ configuration file and the required /lib/libnss_* libraries in
+ order for the shadow password functions to work. This generally
+ makes your embedded system quite a bit larger.
+
+ Enabling this option will cause busybox to directly access the
+ system's /etc/shadow file when handling shadow passwords. This
+ makes your system smaller and I will get fewer emails asking about
+ how glibc NSS works). When this option is enabled, you will not be
+ able to use PAM to access shadow passwords from remote LDAP
+ password servers and whatnot.
+
+config USE_BB_PWD_GRP
+ bool "Use internal password and group functions rather than system functions"
+ default n
+ help
+ If you leave this disabled, busybox will use the system's password
+ and group functions. And if you are using the GNU C library
+ (glibc), you will then need to install the /etc/nsswitch.conf
+ configuration file and the required /lib/libnss_* libraries in
+ order for the password and group functions to work. This generally
+ makes your embedded system quite a bit larger.
+
+ Enabling this option will cause busybox to directly access the
+ system's /etc/password, /etc/group files (and your system will be
+ smaller, and I will get fewer emails asking about how glibc NSS
+ works). When this option is enabled, you will not be able to use
+ PAM to access remote LDAP password servers and whatnot. And if you
+ want hostname resolution to work with glibc, you still need the
+ /lib/libnss_* libraries.
+
+ If you enable this option, it will add about 1.5k to busybox.
+
+config ADDGROUP
bool "addgroup"
default n
help
Utility for creating a new group account.
-config CONFIG_DELGROUP
+config FEATURE_ADDUSER_TO_GROUP
+ bool "Support for adding users to groups"
+ default n
+ depends on ADDGROUP
+ help
+ If called with two non-option arguments,
+ addgroup will add an existing user to an
+ existing group.
+
+config DELGROUP
bool "delgroup"
default n
help
Utility for deleting a group account.
-config CONFIG_ADDUSER
+config FEATURE_DEL_USER_FROM_GROUP
+ bool "Support for removing users from groups."
+ default n
+ depends on DELGROUP
+ help
+ If called with two non-option arguments, deluser
+ or delgroup will remove an user from a specified group.
+
+config ADDUSER
bool "adduser"
default n
help
Utility for creating a new user account.
-config CONFIG_DELUSER
+config DELUSER
bool "deluser"
default n
help
Utility for deleting a user account.
-config CONFIG_GETTY
+config GETTY
bool "getty"
default n
+ select FEATURE_SYSLOG
+ help
+ getty lets you log in on a tty, it is normally invoked by init.
+
+config FEATURE_UTMP
+ bool "Support utmp file"
+ depends on GETTY || LOGIN || SU || WHO
+ default n
+ help
+ The file /var/run/utmp is used to track who is currently logged in.
+
+config FEATURE_WTMP
+ bool "Support wtmp file"
+ depends on GETTY || LOGIN || SU || LAST
+ default n
+ select FEATURE_UTMP
help
- Please submit a patch to add help text for this item.
+ The file /var/run/wtmp is used to track when user's have logged into
+ and logged out of the system.
-config CONFIG_LOGIN
+config LOGIN
bool "login"
default n
+ select FEATURE_SUID
+ select FEATURE_SYSLOG
+ help
+ login is used when signing onto a system.
+
+ Note that Busybox binary must be setuid root for this applet to
+ work properly.
+
+config PAM
+ bool "Support for PAM (Pluggable Authentication Modules)"
+ default n
+ depends on LOGIN
help
- Login is used when signing onto a system.
+ Use PAM in login(1) instead of direct access to password database.
-config CONFIG_FEATURE_SECURETTY
- bool " Support for /etc/securetty"
+config LOGIN_SCRIPTS
+ bool "Support for login scripts"
+ depends on LOGIN
+ default n
+ help
+ Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT
+ just prior to switching from root to logged-in user.
+
+config FEATURE_NOLOGIN
+ bool "Support for /etc/nologin"
+ default y
+ depends on LOGIN
+ help
+ The file /etc/nologin is used by (some versions of) login(1).
+ If it exists, non-root logins are prohibited.
+
+config FEATURE_SECURETTY
+ bool "Support for /etc/securetty"
default y
- depends on CONFIG_LOGIN
+ depends on LOGIN
help
- The file /etc/securetty is used by (some versions of) login(1). The
- file contains the device names of tty lines (one per line, without
- leading /dev/) on which root is allowed to login.
+ The file /etc/securetty is used by (some versions of) login(1).
+ The file contains the device names of tty lines (one per line,
+ without leading /dev/) on which root is allowed to login.
-config CONFIG_PASSWD
+config PASSWD
bool "passwd"
default n
+ select FEATURE_SUID
+ select FEATURE_SYSLOG
help
- Passwd changes passwords for user and group accounts. A normal user
- may only change the password for his/her own account, the super user
- may change the password for any account. The administrator of a group
+ passwd changes passwords for user and group accounts. A normal user
+ may only change the password for his/her own account, the super user
+ may change the password for any account. The administrator of a group
may change the password for the group.
-config CONFIG_SU
- bool "su"
- default n
+ Note that Busybox binary must be setuid root for this applet to
+ work properly.
+
+config FEATURE_PASSWD_WEAK_CHECK
+ bool "Check new passwords for weakness"
+ default y
+ depends on PASSWD
help
- su is used to become another user during a login session. Invoked with-
- out a username, su defaults to becoming the super user.
+ With this option passwd will refuse new passwords which are "weak".
-config CONFIG_SULOGIN
- bool "sulogin"
+config CRYPTPW
+ bool "cryptpw"
default n
help
- Sulogin is invoked when the system goes into single user
- mode (this is done through an entry in inittab).
+ Applet for crypting a string.
-config CONFIG_VLOCK
- bool "vlock"
+config CHPASSWD
+ bool "chpasswd"
+ default n
+ help
+ chpasswd reads a file of user name and password pairs from
+ standard input and uses this information to update a group of
+ existing users.
+
+config SU
+ bool "su"
default n
+ select FEATURE_SUID
+ select FEATURE_SYSLOG
help
- Please submit a patch to add help text for this item.
+ su is used to become another user during a login session.
+ Invoked without a username, su defaults to becoming the super user.
-comment "Common options for adduser, deluser, login, su"
- depends on CONFIG_ADDUSER || CONFIG_DELUSER || CONFIG_LOGIN || CONFIG_SU
+ Note that Busybox binary must be setuid root for this applet to
+ work properly.
-config CONFIG_FEATURE_SHADOWPASSWDS
- bool "Support for shadow passwords"
+config FEATURE_SU_SYSLOG
+ bool "Enable su to write to syslog"
+ default y
+ depends on SU
+
+config FEATURE_SU_CHECKS_SHELLS
+ bool "Enable su to check user's shell to be listed in /etc/shells"
+ depends on SU
+ default y
+
+config SULOGIN
+ bool "sulogin"
default n
- depends on CONFIG_ADDUSER || CONFIG_DELUSER || CONFIG_LOGIN || CONFIG_SU
+ select FEATURE_SYSLOG
help
- Please submit a patch to add help text for this item.
+ sulogin is invoked when the system goes into single user
+ mode (this is done through an entry in inittab).
-config CONFIG_USE_BB_SHADOW
- bool " Use busybox shadow password functions"
+config VLOCK
+ bool "vlock"
default n
- depends on CONFIG_USE_BB_PWD_GRP && CONFIG_FEATURE_SHADOWPASSWDS
+ select FEATURE_SUID
help
- Please submit a patch to add help text for this item.
+ Build the "vlock" applet which allows you to lock (virtual) terminals.
+
+ Note that Busybox binary must be setuid root for this applet to
+ work properly.
endmenu