package/utils/busybox/config/loginutils/Config.in

   1 # DO NOT EDIT. This file is generated from Config.src
   2 #
   3 # For a description of the syntax of this configuration file,
   4 # see scripts/kbuild/config-language.txt.
   5 #
   6
   7 menu "Login/Password Management Utilities"
   8
   9 config BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS
  10         bool "Support for shadow passwords"
  11         default BUSYBOX_DEFAULT_FEATURE_SHADOWPASSWDS
  12         help
  13           Build support for shadow password in /etc/shadow. This file is only
  14           readable by root and thus the encrypted passwords are no longer
  15           publicly readable.
  16
  17 config BUSYBOX_CONFIG_USE_BB_PWD_GRP
  18         bool "Use internal password and group functions rather than system functions"
  19         default BUSYBOX_DEFAULT_USE_BB_PWD_GRP
  20         help
  21           If you leave this disabled, busybox will use the system's password
  22           and group functions. And if you are using the GNU C library
  23           (glibc), you will then need to install the /etc/nsswitch.conf
  24           configuration file and the required /lib/libnss_* libraries in
  25           order for the password and group functions to work. This generally
  26           makes your embedded system quite a bit larger.
  27
  28           Enabling this option will cause busybox to directly access the
  29           system's /etc/password, /etc/group files (and your system will be
  30           smaller, and I will get fewer emails asking about how glibc NSS
  31           works). When this option is enabled, you will not be able to use
  32           PAM to access remote LDAP password servers and whatnot. And if you
  33           want hostname resolution to work with glibc, you still need the
  34           /lib/libnss_* libraries.
  35
  36           If you need to use glibc's nsswitch.conf mechanism
  37           (e.g. if user/group database is NOT stored in /etc/passwd etc),
  38           you must NOT use this option.
  39
  40           If you enable this option, it will add about 1.5k.
  41
  42 config BUSYBOX_CONFIG_USE_BB_SHADOW
  43         bool "Use internal shadow password functions"
  44         default BUSYBOX_DEFAULT_USE_BB_SHADOW
  45         depends on BUSYBOX_CONFIG_USE_BB_PWD_GRP && BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS
  46         help
  47           If you leave this disabled, busybox will use the system's shadow
  48           password handling functions. And if you are using the GNU C library
  49           (glibc), you will then need to install the /etc/nsswitch.conf
  50           configuration file and the required /lib/libnss_* libraries in
  51           order for the shadow password functions to work. This generally
  52           makes your embedded system quite a bit larger.
  53
  54           Enabling this option will cause busybox to directly access the
  55           system's /etc/shadow file when handling shadow passwords. This
  56           makes your system smaller (and I will get fewer emails asking about
  57           how glibc NSS works). When this option is enabled, you will not be
  58           able to use PAM to access shadow passwords from remote LDAP
  59           password servers and whatnot.
  60
  61 config BUSYBOX_CONFIG_USE_BB_CRYPT
  62         bool "Use internal crypt functions"
  63         default BUSYBOX_DEFAULT_USE_BB_CRYPT
  64         help
  65           Busybox has internal DES and MD5 crypt functions.
  66           They produce results which are identical to corresponding
  67           standard C library functions.
  68
  69           If you leave this disabled, busybox will use the system's
  70           crypt functions. Most C libraries use large (~70k)
  71           static buffers there, and also combine them with more general
  72           DES encryption/decryption.
  73
  74           For busybox, having large static buffers is undesirable,
  75           especially on NOMMU machines. Busybox also doesn't need
  76           DES encryption/decryption and can do with smaller code.
  77
  78           If you enable this option, it will add about 4.8k of code
  79           if you are building dynamically linked executable.
  80           In static build, it makes code _smaller_ by about 1.2k,
  81           and likely many kilobytes less of bss.
  82
  83 config BUSYBOX_CONFIG_USE_BB_CRYPT_SHA
  84         bool "Enable SHA256/512 crypt functions"
  85         default BUSYBOX_DEFAULT_USE_BB_CRYPT_SHA
  86         depends on BUSYBOX_CONFIG_USE_BB_CRYPT
  87         help
  88           Enable this if you have passwords starting with "$5$" or "$6$"
  89           in your /etc/passwd or /etc/shadow files. These passwords
  90           are hashed using SHA256 and SHA512 algorithms. Support for them
  91           was added to glibc in 2008.
  92           With this option off, login will fail password check for any
  93           user which has password encrypted with these algorithms.
  94
  95 config BUSYBOX_CONFIG_ADD_SHELL
  96        bool "add-shell"
  97        default BUSYBOX_DEFAULT_ADD_SHELL if BUSYBOX_CONFIG_DESKTOP
  98        help
  99          Add shells to /etc/shells.
 100
 101 config BUSYBOX_CONFIG_REMOVE_SHELL
 102        bool "remove-shell"
 103        default BUSYBOX_DEFAULT_REMOVE_SHELL if BUSYBOX_CONFIG_DESKTOP
 104        help
 105          Remove shells from /etc/shells.
 106 config BUSYBOX_CONFIG_ADDGROUP
 107         bool "addgroup"
 108         default BUSYBOX_DEFAULT_ADDGROUP
 109         help
 110           Utility for creating a new group account.
 111
 112 config BUSYBOX_CONFIG_FEATURE_ADDGROUP_LONG_OPTIONS
 113         bool "Enable long options"
 114         default BUSYBOX_DEFAULT_FEATURE_ADDGROUP_LONG_OPTIONS
 115         depends on BUSYBOX_CONFIG_ADDGROUP && BUSYBOX_CONFIG_LONG_OPTS
 116         help
 117           Support long options for the addgroup applet.
 118
 119 config BUSYBOX_CONFIG_FEATURE_ADDUSER_TO_GROUP
 120         bool "Support for adding users to groups"
 121         default BUSYBOX_DEFAULT_FEATURE_ADDUSER_TO_GROUP
 122         depends on BUSYBOX_CONFIG_ADDGROUP
 123         help
 124           If  called  with two non-option arguments,
 125           addgroup will add an existing user to an
 126           existing group.
 127 config BUSYBOX_CONFIG_ADDUSER
 128         bool "adduser"
 129         default BUSYBOX_DEFAULT_ADDUSER
 130         help
 131           Utility for creating a new user account.
 132
 133 config BUSYBOX_CONFIG_FEATURE_ADDUSER_LONG_OPTIONS
 134         bool "Enable long options"
 135         default BUSYBOX_DEFAULT_FEATURE_ADDUSER_LONG_OPTIONS
 136         depends on BUSYBOX_CONFIG_ADDUSER && BUSYBOX_CONFIG_LONG_OPTS
 137         help
 138           Support long options for the adduser applet.
 139
 140 config BUSYBOX_CONFIG_FEATURE_CHECK_NAMES
 141         bool "Enable sanity check on user/group names in adduser and addgroup"
 142         default BUSYBOX_DEFAULT_FEATURE_CHECK_NAMES
 143         depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
 144         help
 145           Enable sanity check on user and group names in adduser and addgroup.
 146           To avoid problems, the user or group name should consist only of
 147           letters, digits, underscores, periods, at signs and dashes,
 148           and not start with a dash (as defined by IEEE Std 1003.1-2001).
 149           For compatibility with Samba machine accounts "$" is also supported
 150           at the end of the user or group name.
 151
 152 config BUSYBOX_CONFIG_LAST_ID
 153         int "Last valid uid or gid for adduser and addgroup"
 154         depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
 155         default BUSYBOX_DEFAULT_LAST_ID
 156         help
 157           Last valid uid or gid for adduser and addgroup
 158
 159 config BUSYBOX_CONFIG_FIRST_SYSTEM_ID
 160         int "First valid system uid or gid for adduser and addgroup"
 161         depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
 162         range 0 BUSYBOX_CONFIG_LAST_ID
 163         default BUSYBOX_DEFAULT_FIRST_SYSTEM_ID
 164         help
 165           First valid system uid or gid for adduser and addgroup
 166
 167 config BUSYBOX_CONFIG_LAST_SYSTEM_ID
 168         int "Last valid system uid or gid for adduser and addgroup"
 169         depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
 170         range BUSYBOX_CONFIG_FIRST_SYSTEM_ID BUSYBOX_CONFIG_LAST_ID
 171         default BUSYBOX_DEFAULT_LAST_SYSTEM_ID
 172         help
 173           Last valid system uid or gid for adduser and addgroup
 174 config BUSYBOX_CONFIG_CHPASSWD
 175         bool "chpasswd"
 176         default BUSYBOX_DEFAULT_CHPASSWD
 177         help
 178           Reads a file of user name and password pairs from standard input
 179           and uses this information to update a group of existing users.
 180
 181 config BUSYBOX_CONFIG_FEATURE_DEFAULT_PASSWD_ALGO
 182         string "Default password encryption method (passwd -a, cryptpw -m parameter)"
 183         default BUSYBOX_DEFAULT_FEATURE_DEFAULT_PASSWD_ALGO
 184         depends on BUSYBOX_CONFIG_PASSWD || BUSYBOX_CONFIG_CRYPTPW
 185         help
 186           Possible choices are "d[es]", "m[d5]", "s[ha256]" or "sha512".
 187 config BUSYBOX_CONFIG_CRYPTPW
 188         bool "cryptpw"
 189         default BUSYBOX_DEFAULT_CRYPTPW
 190         help
 191           Encrypts the given password with the crypt(3) libc function
 192           using the given salt.
 193
 194 config BUSYBOX_CONFIG_MKPASSWD
 195         bool "mkpasswd"
 196         default BUSYBOX_DEFAULT_MKPASSWD
 197         help
 198           Encrypts the given password with the crypt(3) libc function
 199           using the given salt. Debian has this utility under mkpasswd
 200           name. Busybox provides mkpasswd as an alias for cryptpw.
 201 config BUSYBOX_CONFIG_DELUSER
 202         bool "deluser"
 203         default BUSYBOX_DEFAULT_DELUSER
 204         help
 205           Utility for deleting a user account.
 206
 207 config BUSYBOX_CONFIG_DELGROUP
 208         bool "delgroup"
 209         default BUSYBOX_DEFAULT_DELGROUP
 210         help
 211           Utility for deleting a group account.
 212
 213 config BUSYBOX_CONFIG_FEATURE_DEL_USER_FROM_GROUP
 214         bool "Support for removing users from groups"
 215         default BUSYBOX_DEFAULT_FEATURE_DEL_USER_FROM_GROUP
 216         depends on BUSYBOX_CONFIG_DELGROUP
 217         help
 218           If called with two non-option arguments, deluser
 219           or delgroup will remove an user from a specified group.
 220 config BUSYBOX_CONFIG_GETTY
 221         bool "getty"
 222         default BUSYBOX_DEFAULT_GETTY
 223         select BUSYBOX_CONFIG_FEATURE_SYSLOG
 224         help
 225           getty lets you log in on a tty. It is normally invoked by init.
 226
 227           Note that you can save a few bytes by disabling it and
 228           using login applet directly.
 229           If you need to reset tty attributes before calling login,
 230           this script approximates getty:
 231
 232           exec </dev/$1 >/dev/$1 2>&1 || exit 1
 233           reset
 234           stty sane; stty ispeed 38400; stty ospeed 38400
 235           printf "%s login: " "`hostname`"
 236           read -r login
 237           exec /bin/login "$login"
 238 config BUSYBOX_CONFIG_LOGIN
 239         bool "login"
 240         default BUSYBOX_DEFAULT_LOGIN
 241         select BUSYBOX_CONFIG_FEATURE_SYSLOG
 242         help
 243           login is used when signing onto a system.
 244
 245           Note that Busybox binary must be setuid root for this applet to
 246           work properly.
 247
 248 config BUSYBOX_CONFIG_LOGIN_SESSION_AS_CHILD
 249         bool "Run logged in session in a child process"
 250         default BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD if BUSYBOX_CONFIG_PAM
 251         depends on BUSYBOX_CONFIG_LOGIN
 252         help
 253           Run the logged in session in a child process.  This allows
 254           login to clean up things such as utmp entries or PAM sessions
 255           when the login session is complete.  If you use PAM, you
 256           almost always would want this to be set to Y, else PAM session
 257           will not be cleaned up.
 258
 259 config BUSYBOX_CONFIG_LOGIN_SCRIPTS
 260         bool "Support for login scripts"
 261         depends on BUSYBOX_CONFIG_LOGIN
 262         default BUSYBOX_DEFAULT_LOGIN_SCRIPTS
 263         help
 264           Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT
 265           just prior to switching from root to logged-in user.
 266
 267 config BUSYBOX_CONFIG_FEATURE_NOLOGIN
 268         bool "Support for /etc/nologin"
 269         default BUSYBOX_DEFAULT_FEATURE_NOLOGIN
 270         depends on BUSYBOX_CONFIG_LOGIN
 271         help
 272           The file /etc/nologin is used by (some versions of) login(1).
 273           If it exists, non-root logins are prohibited.
 274
 275 config BUSYBOX_CONFIG_FEATURE_SECURETTY
 276         bool "Support for /etc/securetty"
 277         default BUSYBOX_DEFAULT_FEATURE_SECURETTY
 278         depends on BUSYBOX_CONFIG_LOGIN
 279         help
 280           The file /etc/securetty is used by (some versions of) login(1).
 281           The file contains the device names of tty lines (one per line,
 282           without leading /dev/) on which root is allowed to login.
 283 config BUSYBOX_CONFIG_PASSWD
 284         bool "passwd"
 285         default BUSYBOX_DEFAULT_PASSWD
 286         select BUSYBOX_CONFIG_FEATURE_SYSLOG
 287         help
 288           passwd changes passwords for user and group accounts. A normal user
 289           may only change the password for his/her own account, the super user
 290           may change the password for any account. The administrator of a group
 291           may change the password for the group.
 292
 293           Note that Busybox binary must be setuid root for this applet to
 294           work properly.
 295
 296 config BUSYBOX_CONFIG_FEATURE_PASSWD_WEAK_CHECK
 297         bool "Check new passwords for weakness"
 298         default BUSYBOX_DEFAULT_FEATURE_PASSWD_WEAK_CHECK
 299         depends on BUSYBOX_CONFIG_PASSWD
 300         help
 301           With this option passwd will refuse new passwords which are "weak".
 302 config BUSYBOX_CONFIG_SU
 303         bool "su"
 304         default BUSYBOX_DEFAULT_SU
 305         select BUSYBOX_CONFIG_FEATURE_SYSLOG
 306         help
 307           su is used to become another user during a login session.
 308           Invoked without a username, su defaults to becoming the super user.
 309
 310           Note that Busybox binary must be setuid root for this applet to
 311           work properly.
 312
 313 config BUSYBOX_CONFIG_FEATURE_SU_SYSLOG
 314         bool "Enable su to write to syslog"
 315         default BUSYBOX_DEFAULT_FEATURE_SU_SYSLOG
 316         depends on BUSYBOX_CONFIG_SU
 317
 318 config BUSYBOX_CONFIG_FEATURE_SU_CHECKS_SHELLS
 319         bool "Enable su to check user's shell to be listed in /etc/shells"
 320         depends on BUSYBOX_CONFIG_SU
 321         default BUSYBOX_DEFAULT_FEATURE_SU_CHECKS_SHELLS
 322 config BUSYBOX_CONFIG_SULOGIN
 323         bool "sulogin"
 324         default BUSYBOX_DEFAULT_SULOGIN
 325         select BUSYBOX_CONFIG_FEATURE_SYSLOG
 326         help
 327           sulogin is invoked when the system goes into single user
 328           mode (this is done through an entry in inittab).
 329 config BUSYBOX_CONFIG_VLOCK
 330         bool "vlock"
 331         default BUSYBOX_DEFAULT_VLOCK
 332         help
 333           Build the "vlock" applet which allows you to lock (virtual) terminals.
 334
 335           Note that Busybox binary must be setuid root for this applet to
 336           work properly.
 337
 338 endmenu