package/busybox/config/loginutils/Config.in

   1 #
   2 # For a description of the syntax of this configuration file,
   3 # see scripts/kbuild/config-language.txt.
   4 #
   5
   6 menu "Login/Password Management Utilities"
   7
   8 config BUSYBOX_CONFIG_ADD_SHELL
   9        bool "add-shell"
  10        default n if BUSYBOX_CONFIG_DESKTOP
  11        help
  12          Add shells to /etc/shells.
  13
  14 config BUSYBOX_CONFIG_REMOVE_SHELL
  15        bool "remove-shell"
  16        default n if BUSYBOX_CONFIG_DESKTOP
  17        help
  18          Remove shells from /etc/shells.
  19
  20 config BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS
  21         bool "Support for shadow passwords"
  22         default n
  23         help
  24           Build support for shadow password in /etc/shadow. This file is only
  25           readable by root and thus the encrypted passwords are no longer
  26           publicly readable.
  27
  28 config BUSYBOX_CONFIG_USE_BB_PWD_GRP
  29         bool "Use internal password and group functions rather than system functions"
  30         default n
  31         help
  32           If you leave this disabled, busybox will use the system's password
  33           and group functions. And if you are using the GNU C library
  34           (glibc), you will then need to install the /etc/nsswitch.conf
  35           configuration file and the required /lib/libnss_* libraries in
  36           order for the password and group functions to work. This generally
  37           makes your embedded system quite a bit larger.
  38
  39           Enabling this option will cause busybox to directly access the
  40           system's /etc/password, /etc/group files (and your system will be
  41           smaller, and I will get fewer emails asking about how glibc NSS
  42           works). When this option is enabled, you will not be able to use
  43           PAM to access remote LDAP password servers and whatnot. And if you
  44           want hostname resolution to work with glibc, you still need the
  45           /lib/libnss_* libraries.
  46
  47           If you need to use glibc's nsswitch.conf mechanism
  48           (e.g. if user/group database is NOT stored in /etc/passwd etc),
  49           you must NOT use this option.
  50
  51           If you enable this option, it will add about 1.5k.
  52
  53 config BUSYBOX_CONFIG_USE_BB_SHADOW
  54         bool "Use internal shadow password functions"
  55         default n
  56         depends on BUSYBOX_CONFIG_USE_BB_PWD_GRP && BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS
  57         help
  58           If you leave this disabled, busybox will use the system's shadow
  59           password handling functions. And if you are using the GNU C library
  60           (glibc), you will then need to install the /etc/nsswitch.conf
  61           configuration file and the required /lib/libnss_* libraries in
  62           order for the shadow password functions to work. This generally
  63           makes your embedded system quite a bit larger.
  64
  65           Enabling this option will cause busybox to directly access the
  66           system's /etc/shadow file when handling shadow passwords. This
  67           makes your system smaller (and I will get fewer emails asking about
  68           how glibc NSS works). When this option is enabled, you will not be
  69           able to use PAM to access shadow passwords from remote LDAP
  70           password servers and whatnot.
  71
  72 config BUSYBOX_CONFIG_USE_BB_CRYPT
  73         bool "Use internal crypt functions"
  74         default n
  75         help
  76           Busybox has internal DES and MD5 crypt functions.
  77           They produce results which are identical to corresponding
  78           standard C library functions.
  79
  80           If you leave this disabled, busybox will use the system's
  81           crypt functions. Most C libraries use large (~70k)
  82           static buffers there, and also combine them with more general
  83           DES encryption/decryption.
  84
  85           For busybox, having large static buffers is undesirable,
  86           especially on NOMMU machines. Busybox also doesn't need
  87           DES encryption/decryption and can do with smaller code.
  88
  89           If you enable this option, it will add about 4.8k of code
  90           if you are building dynamically linked executable.
  91           In static build, it makes code _smaller_ by about 1.2k,
  92           and likely many kilobytes less of bss.
  93
  94 config BUSYBOX_CONFIG_USE_BB_CRYPT_SHA
  95         bool "Enable SHA256/512 crypt functions"
  96         default n
  97         depends on BUSYBOX_CONFIG_USE_BB_CRYPT
  98         help
  99           Enable this if you have passwords starting with "$5$" or "$6$"
 100           in your /etc/passwd or /etc/shadow files. These passwords
 101           are hashed using SHA256 and SHA512 algorithms. Support for them
 102           was added to glibc in 2008.
 103           With this option off, login will fail password check for any
 104           user which has password encrypted with these algorithms.
 105
 106 config BUSYBOX_CONFIG_ADDUSER
 107         bool "adduser"
 108         default n
 109         help
 110           Utility for creating a new user account.
 111
 112 config BUSYBOX_CONFIG_FEATURE_ADDUSER_LONG_OPTIONS
 113         bool "Enable long options"
 114         default n
 115         depends on BUSYBOX_CONFIG_ADDUSER && BUSYBOX_CONFIG_LONG_OPTS
 116         help
 117           Support long options for the adduser applet.
 118
 119 config BUSYBOX_CONFIG_FEATURE_CHECK_NAMES
 120         bool "Enable sanity check on user/group names in adduser and addgroup"
 121         default n
 122         depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
 123         help
 124           Enable sanity check on user and group names in adduser and addgroup.
 125           To avoid problems, the user or group name should consist only of
 126           letters, digits, underscores, periods, at signs and dashes,
 127           and not start with a dash (as defined by IEEE Std 1003.1-2001).
 128           For compatibility with Samba machine accounts "$" is also supported
 129           at the end of the user or group name.
 130
 131 config BUSYBOX_CONFIG_FIRST_SYSTEM_ID
 132         int "First valid system uid or gid for adduser and addgroup"
 133         depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
 134         range 0 64900
 135         default 100
 136         help
 137           First valid system uid or gid for adduser and addgroup
 138
 139 config BUSYBOX_CONFIG_LAST_SYSTEM_ID
 140         int "Last valid system uid or gid for adduser and addgroup"
 141         depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
 142         range 0 64900
 143         default 999
 144         help
 145           Last valid system uid or gid for adduser and addgroup
 146
 147 config BUSYBOX_CONFIG_ADDGROUP
 148         bool "addgroup"
 149         default n
 150         help
 151           Utility for creating a new group account.
 152
 153 config BUSYBOX_CONFIG_FEATURE_ADDGROUP_LONG_OPTIONS
 154         bool "Enable long options"
 155         default n
 156         depends on BUSYBOX_CONFIG_ADDGROUP && BUSYBOX_CONFIG_LONG_OPTS
 157         help
 158           Support long options for the addgroup applet.
 159
 160 config BUSYBOX_CONFIG_FEATURE_ADDUSER_TO_GROUP
 161         bool "Support for adding users to groups"
 162         default n
 163         depends on BUSYBOX_CONFIG_ADDGROUP
 164         help
 165           If  called  with two non-option arguments,
 166           addgroup will add an existing user to an
 167           existing group.
 168
 169 config BUSYBOX_CONFIG_DELUSER
 170         bool "deluser"
 171         default n
 172         help
 173           Utility for deleting a user account.
 174
 175 config BUSYBOX_CONFIG_DELGROUP
 176         bool "delgroup"
 177         default n
 178         help
 179           Utility for deleting a group account.
 180
 181 config BUSYBOX_CONFIG_FEATURE_DEL_USER_FROM_GROUP
 182         bool "Support for removing users from groups"
 183         default n
 184         depends on BUSYBOX_CONFIG_DELGROUP
 185         help
 186           If called with two non-option arguments, deluser
 187           or delgroup will remove an user from a specified group.
 188
 189 config BUSYBOX_CONFIG_GETTY
 190         bool "getty"
 191         default n
 192         select BUSYBOX_CONFIG_FEATURE_SYSLOG
 193         help
 194           getty lets you log in on a tty, it is normally invoked by init.
 195
 196 config BUSYBOX_CONFIG_LOGIN
 197         bool "login"
 198         default n
 199         select BUSYBOX_CONFIG_FEATURE_SYSLOG
 200         help
 201           login is used when signing onto a system.
 202
 203           Note that Busybox binary must be setuid root for this applet to
 204           work properly.
 205
 206 config BUSYBOX_CONFIG_PAM
 207         bool "Support for PAM (Pluggable Authentication Modules)"
 208         default n
 209         depends on BUSYBOX_CONFIG_LOGIN
 210         help
 211           Use PAM in login(1) instead of direct access to password database.
 212
 213 config BUSYBOX_CONFIG_LOGIN_SCRIPTS
 214         bool "Support for login scripts"
 215         depends on BUSYBOX_CONFIG_LOGIN
 216         default n
 217         help
 218           Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT
 219           just prior to switching from root to logged-in user.
 220
 221 config BUSYBOX_CONFIG_FEATURE_NOLOGIN
 222         bool "Support for /etc/nologin"
 223         default n
 224         depends on BUSYBOX_CONFIG_LOGIN
 225         help
 226           The file /etc/nologin is used by (some versions of) login(1).
 227           If it exists, non-root logins are prohibited.
 228
 229 config BUSYBOX_CONFIG_FEATURE_SECURETTY
 230         bool "Support for /etc/securetty"
 231         default n
 232         depends on BUSYBOX_CONFIG_LOGIN
 233         help
 234           The file /etc/securetty is used by (some versions of) login(1).
 235           The file contains the device names of tty lines (one per line,
 236           without leading /dev/) on which root is allowed to login.
 237
 238 config BUSYBOX_CONFIG_PASSWD
 239         bool "passwd"
 240         default y
 241         select BUSYBOX_CONFIG_FEATURE_SYSLOG
 242         help
 243           passwd changes passwords for user and group accounts. A normal user
 244           may only change the password for his/her own account, the super user
 245           may change the password for any account. The administrator of a group
 246           may change the password for the group.
 247
 248           Note that Busybox binary must be setuid root for this applet to
 249           work properly.
 250
 251 config BUSYBOX_CONFIG_FEATURE_PASSWD_WEAK_CHECK
 252         bool "Check new passwords for weakness"
 253         default y
 254         depends on BUSYBOX_CONFIG_PASSWD
 255         help
 256           With this option passwd will refuse new passwords which are "weak".
 257
 258 config BUSYBOX_CONFIG_CRYPTPW
 259         bool "cryptpw"
 260         default n
 261         help
 262           Encrypts the given password with the crypt(3) libc function
 263           using the given salt. Debian has this utility under mkpasswd
 264           name. Busybox provides mkpasswd as an alias for cryptpw.
 265
 266 config BUSYBOX_CONFIG_CHPASSWD
 267         bool "chpasswd"
 268         default n
 269         help
 270           Reads a file of user name and password pairs from standard input
 271           and uses this information to update a group of existing users.
 272
 273 config BUSYBOX_CONFIG_SU
 274         bool "su"
 275         default n
 276         select BUSYBOX_CONFIG_FEATURE_SYSLOG
 277         help
 278           su is used to become another user during a login session.
 279           Invoked without a username, su defaults to becoming the super user.
 280
 281           Note that Busybox binary must be setuid root for this applet to
 282           work properly.
 283
 284 config BUSYBOX_CONFIG_FEATURE_SU_SYSLOG
 285         bool "Enable su to write to syslog"
 286         default n
 287         depends on BUSYBOX_CONFIG_SU
 288
 289 config BUSYBOX_CONFIG_FEATURE_SU_CHECKS_SHELLS
 290         bool "Enable su to check user's shell to be listed in /etc/shells"
 291         depends on BUSYBOX_CONFIG_SU
 292         default n
 293
 294 config BUSYBOX_CONFIG_SULOGIN
 295         bool "sulogin"
 296         default n
 297         select BUSYBOX_CONFIG_FEATURE_SYSLOG
 298         help
 299           sulogin is invoked when the system goes into single user
 300           mode (this is done through an entry in inittab).
 301
 302 config BUSYBOX_CONFIG_VLOCK
 303         bool "vlock"
 304         default n
 305         help
 306           Build the "vlock" applet which allows you to lock (virtual) terminals.
 307
 308           Note that Busybox binary must be setuid root for this applet to
 309           work properly.
 310
 311 endmenu