1 # DO NOT EDIT. This file is generated from Config.src
3 # For a description of the syntax of this configuration file,
4 # see scripts/kbuild/config-language.txt.
7 menu "Login/Password Management Utilities"
9 config BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS
10 bool "Support for shadow passwords"
11 default BUSYBOX_DEFAULT_FEATURE_SHADOWPASSWDS
13 Build support for shadow password in /etc/shadow. This file is only
14 readable by root and thus the encrypted passwords are no longer
17 config BUSYBOX_CONFIG_USE_BB_PWD_GRP
18 bool "Use internal password and group functions rather than system functions"
19 default BUSYBOX_DEFAULT_USE_BB_PWD_GRP
21 If you leave this disabled, busybox will use the system's password
22 and group functions. And if you are using the GNU C library
23 (glibc), you will then need to install the /etc/nsswitch.conf
24 configuration file and the required /lib/libnss_* libraries in
25 order for the password and group functions to work. This generally
26 makes your embedded system quite a bit larger.
28 Enabling this option will cause busybox to directly access the
29 system's /etc/password, /etc/group files (and your system will be
30 smaller, and I will get fewer emails asking about how glibc NSS
31 works). When this option is enabled, you will not be able to use
32 PAM to access remote LDAP password servers and whatnot. And if you
33 want hostname resolution to work with glibc, you still need the
34 /lib/libnss_* libraries.
36 If you need to use glibc's nsswitch.conf mechanism
37 (e.g. if user/group database is NOT stored in /etc/passwd etc),
38 you must NOT use this option.
40 If you enable this option, it will add about 1.5k.
42 config BUSYBOX_CONFIG_USE_BB_SHADOW
43 bool "Use internal shadow password functions"
44 default BUSYBOX_DEFAULT_USE_BB_SHADOW
45 depends on BUSYBOX_CONFIG_USE_BB_PWD_GRP && BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS
47 If you leave this disabled, busybox will use the system's shadow
48 password handling functions. And if you are using the GNU C library
49 (glibc), you will then need to install the /etc/nsswitch.conf
50 configuration file and the required /lib/libnss_* libraries in
51 order for the shadow password functions to work. This generally
52 makes your embedded system quite a bit larger.
54 Enabling this option will cause busybox to directly access the
55 system's /etc/shadow file when handling shadow passwords. This
56 makes your system smaller (and I will get fewer emails asking about
57 how glibc NSS works). When this option is enabled, you will not be
58 able to use PAM to access shadow passwords from remote LDAP
59 password servers and whatnot.
61 config BUSYBOX_CONFIG_USE_BB_CRYPT
62 bool "Use internal crypt functions"
63 default BUSYBOX_DEFAULT_USE_BB_CRYPT
65 Busybox has internal DES and MD5 crypt functions.
66 They produce results which are identical to corresponding
67 standard C library functions.
69 If you leave this disabled, busybox will use the system's
70 crypt functions. Most C libraries use large (~70k)
71 static buffers there, and also combine them with more general
72 DES encryption/decryption.
74 For busybox, having large static buffers is undesirable,
75 especially on NOMMU machines. Busybox also doesn't need
76 DES encryption/decryption and can do with smaller code.
78 If you enable this option, it will add about 4.8k of code
79 if you are building dynamically linked executable.
80 In static build, it makes code _smaller_ by about 1.2k,
81 and likely many kilobytes less of bss.
83 config BUSYBOX_CONFIG_USE_BB_CRYPT_SHA
84 bool "Enable SHA256/512 crypt functions"
85 default BUSYBOX_DEFAULT_USE_BB_CRYPT_SHA
86 depends on BUSYBOX_CONFIG_USE_BB_CRYPT
88 Enable this if you have passwords starting with "$5$" or "$6$"
89 in your /etc/passwd or /etc/shadow files. These passwords
90 are hashed using SHA256 and SHA512 algorithms. Support for them
91 was added to glibc in 2008.
92 With this option off, login will fail password check for any
93 user which has password encrypted with these algorithms.
95 config BUSYBOX_CONFIG_ADD_SHELL
97 default BUSYBOX_DEFAULT_ADD_SHELL if BUSYBOX_CONFIG_DESKTOP
99 Add shells to /etc/shells.
101 config BUSYBOX_CONFIG_REMOVE_SHELL
103 default BUSYBOX_DEFAULT_REMOVE_SHELL if BUSYBOX_CONFIG_DESKTOP
105 Remove shells from /etc/shells.
106 config BUSYBOX_CONFIG_ADDGROUP
108 default BUSYBOX_DEFAULT_ADDGROUP
110 Utility for creating a new group account.
112 config BUSYBOX_CONFIG_FEATURE_ADDGROUP_LONG_OPTIONS
113 bool "Enable long options"
114 default BUSYBOX_DEFAULT_FEATURE_ADDGROUP_LONG_OPTIONS
115 depends on BUSYBOX_CONFIG_ADDGROUP && BUSYBOX_CONFIG_LONG_OPTS
117 Support long options for the addgroup applet.
119 config BUSYBOX_CONFIG_FEATURE_ADDUSER_TO_GROUP
120 bool "Support for adding users to groups"
121 default BUSYBOX_DEFAULT_FEATURE_ADDUSER_TO_GROUP
122 depends on BUSYBOX_CONFIG_ADDGROUP
124 If called with two non-option arguments,
125 addgroup will add an existing user to an
127 config BUSYBOX_CONFIG_ADDUSER
129 default BUSYBOX_DEFAULT_ADDUSER
131 Utility for creating a new user account.
133 config BUSYBOX_CONFIG_FEATURE_ADDUSER_LONG_OPTIONS
134 bool "Enable long options"
135 default BUSYBOX_DEFAULT_FEATURE_ADDUSER_LONG_OPTIONS
136 depends on BUSYBOX_CONFIG_ADDUSER && BUSYBOX_CONFIG_LONG_OPTS
138 Support long options for the adduser applet.
140 config BUSYBOX_CONFIG_FEATURE_CHECK_NAMES
141 bool "Enable sanity check on user/group names in adduser and addgroup"
142 default BUSYBOX_DEFAULT_FEATURE_CHECK_NAMES
143 depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
145 Enable sanity check on user and group names in adduser and addgroup.
146 To avoid problems, the user or group name should consist only of
147 letters, digits, underscores, periods, at signs and dashes,
148 and not start with a dash (as defined by IEEE Std 1003.1-2001).
149 For compatibility with Samba machine accounts "$" is also supported
150 at the end of the user or group name.
152 config BUSYBOX_CONFIG_LAST_ID
153 int "Last valid uid or gid for adduser and addgroup"
154 depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
155 default BUSYBOX_DEFAULT_LAST_ID
157 Last valid uid or gid for adduser and addgroup
159 config BUSYBOX_CONFIG_FIRST_SYSTEM_ID
160 int "First valid system uid or gid for adduser and addgroup"
161 depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
162 range 0 BUSYBOX_CONFIG_LAST_ID
163 default BUSYBOX_DEFAULT_FIRST_SYSTEM_ID
165 First valid system uid or gid for adduser and addgroup
167 config BUSYBOX_CONFIG_LAST_SYSTEM_ID
168 int "Last valid system uid or gid for adduser and addgroup"
169 depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
170 range BUSYBOX_CONFIG_FIRST_SYSTEM_ID BUSYBOX_CONFIG_LAST_ID
171 default BUSYBOX_DEFAULT_LAST_SYSTEM_ID
173 Last valid system uid or gid for adduser and addgroup
174 config BUSYBOX_CONFIG_CHPASSWD
176 default BUSYBOX_DEFAULT_CHPASSWD
178 Reads a file of user name and password pairs from standard input
179 and uses this information to update a group of existing users.
181 config BUSYBOX_CONFIG_FEATURE_DEFAULT_PASSWD_ALGO
182 string "Default password encryption method (passwd -a, cryptpw -m parameter)"
183 default BUSYBOX_DEFAULT_FEATURE_DEFAULT_PASSWD_ALGO
184 depends on BUSYBOX_CONFIG_PASSWD || BUSYBOX_CONFIG_CRYPTPW
186 Possible choices are "d[es]", "m[d5]", "s[ha256]" or "sha512".
187 config BUSYBOX_CONFIG_CRYPTPW
189 default BUSYBOX_DEFAULT_CRYPTPW
191 Encrypts the given password with the crypt(3) libc function
192 using the given salt.
194 config BUSYBOX_CONFIG_MKPASSWD
196 default BUSYBOX_DEFAULT_MKPASSWD
198 Encrypts the given password with the crypt(3) libc function
199 using the given salt. Debian has this utility under mkpasswd
200 name. Busybox provides mkpasswd as an alias for cryptpw.
201 config BUSYBOX_CONFIG_DELUSER
203 default BUSYBOX_DEFAULT_DELUSER
205 Utility for deleting a user account.
207 config BUSYBOX_CONFIG_DELGROUP
209 default BUSYBOX_DEFAULT_DELGROUP
211 Utility for deleting a group account.
213 config BUSYBOX_CONFIG_FEATURE_DEL_USER_FROM_GROUP
214 bool "Support for removing users from groups"
215 default BUSYBOX_DEFAULT_FEATURE_DEL_USER_FROM_GROUP
216 depends on BUSYBOX_CONFIG_DELGROUP
218 If called with two non-option arguments, deluser
219 or delgroup will remove an user from a specified group.
220 config BUSYBOX_CONFIG_GETTY
222 default BUSYBOX_DEFAULT_GETTY
223 select BUSYBOX_CONFIG_FEATURE_SYSLOG
225 getty lets you log in on a tty. It is normally invoked by init.
227 Note that you can save a few bytes by disabling it and
228 using login applet directly.
229 If you need to reset tty attributes before calling login,
230 this script approximates getty:
232 exec </dev/$1 >/dev/$1 2>&1 || exit 1
234 stty sane; stty ispeed 38400; stty ospeed 38400
235 printf "%s login: " "`hostname`"
237 exec /bin/login "$login"
238 config BUSYBOX_CONFIG_LOGIN
240 default BUSYBOX_DEFAULT_LOGIN
241 select BUSYBOX_CONFIG_FEATURE_SYSLOG
243 login is used when signing onto a system.
245 Note that Busybox binary must be setuid root for this applet to
248 config BUSYBOX_CONFIG_LOGIN_SESSION_AS_CHILD
249 bool "Run logged in session in a child process"
250 default BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD if BUSYBOX_CONFIG_PAM
251 depends on BUSYBOX_CONFIG_LOGIN
253 Run the logged in session in a child process. This allows
254 login to clean up things such as utmp entries or PAM sessions
255 when the login session is complete. If you use PAM, you
256 almost always would want this to be set to Y, else PAM session
257 will not be cleaned up.
259 config BUSYBOX_CONFIG_LOGIN_SCRIPTS
260 bool "Support for login scripts"
261 depends on BUSYBOX_CONFIG_LOGIN
262 default BUSYBOX_DEFAULT_LOGIN_SCRIPTS
264 Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT
265 just prior to switching from root to logged-in user.
267 config BUSYBOX_CONFIG_FEATURE_NOLOGIN
268 bool "Support for /etc/nologin"
269 default BUSYBOX_DEFAULT_FEATURE_NOLOGIN
270 depends on BUSYBOX_CONFIG_LOGIN
272 The file /etc/nologin is used by (some versions of) login(1).
273 If it exists, non-root logins are prohibited.
275 config BUSYBOX_CONFIG_FEATURE_SECURETTY
276 bool "Support for /etc/securetty"
277 default BUSYBOX_DEFAULT_FEATURE_SECURETTY
278 depends on BUSYBOX_CONFIG_LOGIN
280 The file /etc/securetty is used by (some versions of) login(1).
281 The file contains the device names of tty lines (one per line,
282 without leading /dev/) on which root is allowed to login.
283 config BUSYBOX_CONFIG_PASSWD
285 default BUSYBOX_DEFAULT_PASSWD
286 select BUSYBOX_CONFIG_FEATURE_SYSLOG
288 passwd changes passwords for user and group accounts. A normal user
289 may only change the password for his/her own account, the super user
290 may change the password for any account. The administrator of a group
291 may change the password for the group.
293 Note that Busybox binary must be setuid root for this applet to
296 config BUSYBOX_CONFIG_FEATURE_PASSWD_WEAK_CHECK
297 bool "Check new passwords for weakness"
298 default BUSYBOX_DEFAULT_FEATURE_PASSWD_WEAK_CHECK
299 depends on BUSYBOX_CONFIG_PASSWD
301 With this option passwd will refuse new passwords which are "weak".
302 config BUSYBOX_CONFIG_SU
304 default BUSYBOX_DEFAULT_SU
305 select BUSYBOX_CONFIG_FEATURE_SYSLOG
307 su is used to become another user during a login session.
308 Invoked without a username, su defaults to becoming the super user.
310 Note that Busybox binary must be setuid root for this applet to
313 config BUSYBOX_CONFIG_FEATURE_SU_SYSLOG
314 bool "Enable su to write to syslog"
315 default BUSYBOX_DEFAULT_FEATURE_SU_SYSLOG
316 depends on BUSYBOX_CONFIG_SU
318 config BUSYBOX_CONFIG_FEATURE_SU_CHECKS_SHELLS
319 bool "Enable su to check user's shell to be listed in /etc/shells"
320 depends on BUSYBOX_CONFIG_SU
321 default BUSYBOX_DEFAULT_FEATURE_SU_CHECKS_SHELLS
322 config BUSYBOX_CONFIG_SULOGIN
324 default BUSYBOX_DEFAULT_SULOGIN
325 select BUSYBOX_CONFIG_FEATURE_SYSLOG
327 sulogin is invoked when the system goes into single user
328 mode (this is done through an entry in inittab).
329 config BUSYBOX_CONFIG_VLOCK
331 default BUSYBOX_DEFAULT_VLOCK
333 Build the "vlock" applet which allows you to lock (virtual) terminals.
335 Note that Busybox binary must be setuid root for this applet to