1 # DO NOT EDIT. This file is generated from Config.src
3 # For a description of the syntax of this configuration file,
4 # see scripts/kbuild/config-language.txt.
7 menu "Login/Password Management Utilities"
9 config BUSYBOX_CONFIG_ADD_SHELL
11 default BUSYBOX_DEFAULT_ADD_SHELL if BUSYBOX_CONFIG_DESKTOP
13 Add shells to /etc/shells.
15 config BUSYBOX_CONFIG_REMOVE_SHELL
17 default BUSYBOX_DEFAULT_REMOVE_SHELL if BUSYBOX_CONFIG_DESKTOP
19 Remove shells from /etc/shells.
21 config BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS
22 bool "Support for shadow passwords"
23 default BUSYBOX_DEFAULT_FEATURE_SHADOWPASSWDS
25 Build support for shadow password in /etc/shadow. This file is only
26 readable by root and thus the encrypted passwords are no longer
29 config BUSYBOX_CONFIG_USE_BB_PWD_GRP
30 bool "Use internal password and group functions rather than system functions"
31 default BUSYBOX_DEFAULT_USE_BB_PWD_GRP
33 If you leave this disabled, busybox will use the system's password
34 and group functions. And if you are using the GNU C library
35 (glibc), you will then need to install the /etc/nsswitch.conf
36 configuration file and the required /lib/libnss_* libraries in
37 order for the password and group functions to work. This generally
38 makes your embedded system quite a bit larger.
40 Enabling this option will cause busybox to directly access the
41 system's /etc/password, /etc/group files (and your system will be
42 smaller, and I will get fewer emails asking about how glibc NSS
43 works). When this option is enabled, you will not be able to use
44 PAM to access remote LDAP password servers and whatnot. And if you
45 want hostname resolution to work with glibc, you still need the
46 /lib/libnss_* libraries.
48 If you need to use glibc's nsswitch.conf mechanism
49 (e.g. if user/group database is NOT stored in /etc/passwd etc),
50 you must NOT use this option.
52 If you enable this option, it will add about 1.5k.
54 config BUSYBOX_CONFIG_USE_BB_SHADOW
55 bool "Use internal shadow password functions"
56 default BUSYBOX_DEFAULT_USE_BB_SHADOW
57 depends on BUSYBOX_CONFIG_USE_BB_PWD_GRP && BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS
59 If you leave this disabled, busybox will use the system's shadow
60 password handling functions. And if you are using the GNU C library
61 (glibc), you will then need to install the /etc/nsswitch.conf
62 configuration file and the required /lib/libnss_* libraries in
63 order for the shadow password functions to work. This generally
64 makes your embedded system quite a bit larger.
66 Enabling this option will cause busybox to directly access the
67 system's /etc/shadow file when handling shadow passwords. This
68 makes your system smaller (and I will get fewer emails asking about
69 how glibc NSS works). When this option is enabled, you will not be
70 able to use PAM to access shadow passwords from remote LDAP
71 password servers and whatnot.
73 config BUSYBOX_CONFIG_USE_BB_CRYPT
74 bool "Use internal crypt functions"
75 default BUSYBOX_DEFAULT_USE_BB_CRYPT
77 Busybox has internal DES and MD5 crypt functions.
78 They produce results which are identical to corresponding
79 standard C library functions.
81 If you leave this disabled, busybox will use the system's
82 crypt functions. Most C libraries use large (~70k)
83 static buffers there, and also combine them with more general
84 DES encryption/decryption.
86 For busybox, having large static buffers is undesirable,
87 especially on NOMMU machines. Busybox also doesn't need
88 DES encryption/decryption and can do with smaller code.
90 If you enable this option, it will add about 4.8k of code
91 if you are building dynamically linked executable.
92 In static build, it makes code _smaller_ by about 1.2k,
93 and likely many kilobytes less of bss.
95 config BUSYBOX_CONFIG_USE_BB_CRYPT_SHA
96 bool "Enable SHA256/512 crypt functions"
97 default BUSYBOX_DEFAULT_USE_BB_CRYPT_SHA
98 depends on BUSYBOX_CONFIG_USE_BB_CRYPT
100 Enable this if you have passwords starting with "$5$" or "$6$"
101 in your /etc/passwd or /etc/shadow files. These passwords
102 are hashed using SHA256 and SHA512 algorithms. Support for them
103 was added to glibc in 2008.
104 With this option off, login will fail password check for any
105 user which has password encrypted with these algorithms.
107 config BUSYBOX_CONFIG_ADDUSER
109 default BUSYBOX_DEFAULT_ADDUSER
111 Utility for creating a new user account.
113 config BUSYBOX_CONFIG_FEATURE_ADDUSER_LONG_OPTIONS
114 bool "Enable long options"
115 default BUSYBOX_DEFAULT_FEATURE_ADDUSER_LONG_OPTIONS
116 depends on BUSYBOX_CONFIG_ADDUSER && BUSYBOX_CONFIG_LONG_OPTS
118 Support long options for the adduser applet.
120 config BUSYBOX_CONFIG_FEATURE_CHECK_NAMES
121 bool "Enable sanity check on user/group names in adduser and addgroup"
122 default BUSYBOX_DEFAULT_FEATURE_CHECK_NAMES
123 depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
125 Enable sanity check on user and group names in adduser and addgroup.
126 To avoid problems, the user or group name should consist only of
127 letters, digits, underscores, periods, at signs and dashes,
128 and not start with a dash (as defined by IEEE Std 1003.1-2001).
129 For compatibility with Samba machine accounts "$" is also supported
130 at the end of the user or group name.
132 config BUSYBOX_CONFIG_LAST_ID
133 int "Last valid uid or gid for adduser and addgroup"
134 depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
135 default BUSYBOX_DEFAULT_LAST_ID
137 Last valid uid or gid for adduser and addgroup
139 config BUSYBOX_CONFIG_FIRST_SYSTEM_ID
140 int "First valid system uid or gid for adduser and addgroup"
141 depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
142 range 0 BUSYBOX_CONFIG_LAST_ID
143 default BUSYBOX_DEFAULT_FIRST_SYSTEM_ID
145 First valid system uid or gid for adduser and addgroup
147 config BUSYBOX_CONFIG_LAST_SYSTEM_ID
148 int "Last valid system uid or gid for adduser and addgroup"
149 depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
150 range BUSYBOX_CONFIG_FIRST_SYSTEM_ID BUSYBOX_CONFIG_LAST_ID
151 default BUSYBOX_DEFAULT_LAST_SYSTEM_ID
153 Last valid system uid or gid for adduser and addgroup
155 config BUSYBOX_CONFIG_ADDGROUP
157 default BUSYBOX_DEFAULT_ADDGROUP
159 Utility for creating a new group account.
161 config BUSYBOX_CONFIG_FEATURE_ADDGROUP_LONG_OPTIONS
162 bool "Enable long options"
163 default BUSYBOX_DEFAULT_FEATURE_ADDGROUP_LONG_OPTIONS
164 depends on BUSYBOX_CONFIG_ADDGROUP && BUSYBOX_CONFIG_LONG_OPTS
166 Support long options for the addgroup applet.
168 config BUSYBOX_CONFIG_FEATURE_ADDUSER_TO_GROUP
169 bool "Support for adding users to groups"
170 default BUSYBOX_DEFAULT_FEATURE_ADDUSER_TO_GROUP
171 depends on BUSYBOX_CONFIG_ADDGROUP
173 If called with two non-option arguments,
174 addgroup will add an existing user to an
177 config BUSYBOX_CONFIG_DELUSER
179 default BUSYBOX_DEFAULT_DELUSER
181 Utility for deleting a user account.
183 config BUSYBOX_CONFIG_DELGROUP
185 default BUSYBOX_DEFAULT_DELGROUP
187 Utility for deleting a group account.
189 config BUSYBOX_CONFIG_FEATURE_DEL_USER_FROM_GROUP
190 bool "Support for removing users from groups"
191 default BUSYBOX_DEFAULT_FEATURE_DEL_USER_FROM_GROUP
192 depends on BUSYBOX_CONFIG_DELGROUP
194 If called with two non-option arguments, deluser
195 or delgroup will remove an user from a specified group.
197 config BUSYBOX_CONFIG_GETTY
199 default BUSYBOX_DEFAULT_GETTY
200 select BUSYBOX_CONFIG_FEATURE_SYSLOG
202 getty lets you log in on a tty. It is normally invoked by init.
204 Note that you can save a few bytes by disabling it and
205 using login applet directly.
206 If you need to reset tty attributes before calling login,
207 this script approximates getty:
209 exec </dev/$1 >/dev/$1 2>&1 || exit 1
211 stty sane; stty ispeed 38400; stty ospeed 38400
212 printf "%s login: " "`hostname`"
214 exec /bin/login "$login"
216 config BUSYBOX_CONFIG_LOGIN
218 default BUSYBOX_DEFAULT_LOGIN
219 select BUSYBOX_CONFIG_FEATURE_SYSLOG
221 login is used when signing onto a system.
223 Note that Busybox binary must be setuid root for this applet to
226 config BUSYBOX_CONFIG_LOGIN_SESSION_AS_CHILD
227 bool "Run logged in session in a child process"
228 default BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD if BUSYBOX_CONFIG_PAM
229 depends on BUSYBOX_CONFIG_LOGIN
231 Run the logged in session in a child process. This allows
232 login to clean up things such as utmp entries or PAM sessions
233 when the login session is complete. If you use PAM, you
234 almost always would want this to be set to Y, else PAM session
235 will not be cleaned up.
237 config BUSYBOX_CONFIG_LOGIN_SCRIPTS
238 bool "Support for login scripts"
239 depends on BUSYBOX_CONFIG_LOGIN
240 default BUSYBOX_DEFAULT_LOGIN_SCRIPTS
242 Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT
243 just prior to switching from root to logged-in user.
245 config BUSYBOX_CONFIG_FEATURE_NOLOGIN
246 bool "Support for /etc/nologin"
247 default BUSYBOX_DEFAULT_FEATURE_NOLOGIN
248 depends on BUSYBOX_CONFIG_LOGIN
250 The file /etc/nologin is used by (some versions of) login(1).
251 If it exists, non-root logins are prohibited.
253 config BUSYBOX_CONFIG_FEATURE_SECURETTY
254 bool "Support for /etc/securetty"
255 default BUSYBOX_DEFAULT_FEATURE_SECURETTY
256 depends on BUSYBOX_CONFIG_LOGIN
258 The file /etc/securetty is used by (some versions of) login(1).
259 The file contains the device names of tty lines (one per line,
260 without leading /dev/) on which root is allowed to login.
262 config BUSYBOX_CONFIG_PASSWD
264 default BUSYBOX_DEFAULT_PASSWD
265 select BUSYBOX_CONFIG_FEATURE_SYSLOG
267 passwd changes passwords for user and group accounts. A normal user
268 may only change the password for his/her own account, the super user
269 may change the password for any account. The administrator of a group
270 may change the password for the group.
272 Note that Busybox binary must be setuid root for this applet to
275 config BUSYBOX_CONFIG_FEATURE_PASSWD_WEAK_CHECK
276 bool "Check new passwords for weakness"
277 default BUSYBOX_DEFAULT_FEATURE_PASSWD_WEAK_CHECK
278 depends on BUSYBOX_CONFIG_PASSWD
280 With this option passwd will refuse new passwords which are "weak".
282 config BUSYBOX_CONFIG_CRYPTPW
284 default BUSYBOX_DEFAULT_CRYPTPW
286 Encrypts the given password with the crypt(3) libc function
287 using the given salt. Debian has this utility under mkpasswd
288 name. Busybox provides mkpasswd as an alias for cryptpw.
290 config BUSYBOX_CONFIG_CHPASSWD
292 default BUSYBOX_DEFAULT_CHPASSWD
294 Reads a file of user name and password pairs from standard input
295 and uses this information to update a group of existing users.
297 config BUSYBOX_CONFIG_FEATURE_DEFAULT_PASSWD_ALGO
298 string "Default password encryption method (passwd -a, cryptpw -m parameter)"
299 default BUSYBOX_DEFAULT_FEATURE_DEFAULT_PASSWD_ALGO
300 depends on BUSYBOX_CONFIG_PASSWD || BUSYBOX_CONFIG_CRYPTPW
302 Possible choices are "d[es]", "m[d5]", "s[ha256]" or "sha512".
304 config BUSYBOX_CONFIG_SU
306 default BUSYBOX_DEFAULT_SU
307 select BUSYBOX_CONFIG_FEATURE_SYSLOG
309 su is used to become another user during a login session.
310 Invoked without a username, su defaults to becoming the super user.
312 Note that Busybox binary must be setuid root for this applet to
315 config BUSYBOX_CONFIG_FEATURE_SU_SYSLOG
316 bool "Enable su to write to syslog"
317 default BUSYBOX_DEFAULT_FEATURE_SU_SYSLOG
318 depends on BUSYBOX_CONFIG_SU
320 config BUSYBOX_CONFIG_FEATURE_SU_CHECKS_SHELLS
321 bool "Enable su to check user's shell to be listed in /etc/shells"
322 depends on BUSYBOX_CONFIG_SU
323 default BUSYBOX_DEFAULT_FEATURE_SU_CHECKS_SHELLS
325 config BUSYBOX_CONFIG_SULOGIN
327 default BUSYBOX_DEFAULT_SULOGIN
328 select BUSYBOX_CONFIG_FEATURE_SYSLOG
330 sulogin is invoked when the system goes into single user
331 mode (this is done through an entry in inittab).
333 config BUSYBOX_CONFIG_VLOCK
335 default BUSYBOX_DEFAULT_VLOCK
337 Build the "vlock" applet which allows you to lock (virtual) terminals.
339 Note that Busybox binary must be setuid root for this applet to