package/utils/busybox/config/loginutils/Config.in

   1 # DO NOT EDIT. This file is generated from Config.src
   2 #
   3 # For a description of the syntax of this configuration file,
   4 # see scripts/kbuild/config-language.txt.
   5 #
   6
   7 menu "Login/Password Management Utilities"
   8
   9 config BUSYBOX_CONFIG_ADD_SHELL
  10        bool "add-shell"
  11        default BUSYBOX_DEFAULT_ADD_SHELL if BUSYBOX_CONFIG_DESKTOP
  12        help
  13          Add shells to /etc/shells.
  14
  15 config BUSYBOX_CONFIG_REMOVE_SHELL
  16        bool "remove-shell"
  17        default BUSYBOX_DEFAULT_REMOVE_SHELL if BUSYBOX_CONFIG_DESKTOP
  18        help
  19          Remove shells from /etc/shells.
  20
  21 config BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS
  22         bool "Support for shadow passwords"
  23         default BUSYBOX_DEFAULT_FEATURE_SHADOWPASSWDS
  24         help
  25           Build support for shadow password in /etc/shadow. This file is only
  26           readable by root and thus the encrypted passwords are no longer
  27           publicly readable.
  28
  29 config BUSYBOX_CONFIG_USE_BB_PWD_GRP
  30         bool "Use internal password and group functions rather than system functions"
  31         default BUSYBOX_DEFAULT_USE_BB_PWD_GRP
  32         help
  33           If you leave this disabled, busybox will use the system's password
  34           and group functions. And if you are using the GNU C library
  35           (glibc), you will then need to install the /etc/nsswitch.conf
  36           configuration file and the required /lib/libnss_* libraries in
  37           order for the password and group functions to work. This generally
  38           makes your embedded system quite a bit larger.
  39
  40           Enabling this option will cause busybox to directly access the
  41           system's /etc/password, /etc/group files (and your system will be
  42           smaller, and I will get fewer emails asking about how glibc NSS
  43           works). When this option is enabled, you will not be able to use
  44           PAM to access remote LDAP password servers and whatnot. And if you
  45           want hostname resolution to work with glibc, you still need the
  46           /lib/libnss_* libraries.
  47
  48           If you need to use glibc's nsswitch.conf mechanism
  49           (e.g. if user/group database is NOT stored in /etc/passwd etc),
  50           you must NOT use this option.
  51
  52           If you enable this option, it will add about 1.5k.
  53
  54 config BUSYBOX_CONFIG_USE_BB_SHADOW
  55         bool "Use internal shadow password functions"
  56         default BUSYBOX_DEFAULT_USE_BB_SHADOW
  57         depends on BUSYBOX_CONFIG_USE_BB_PWD_GRP && BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS
  58         help
  59           If you leave this disabled, busybox will use the system's shadow
  60           password handling functions. And if you are using the GNU C library
  61           (glibc), you will then need to install the /etc/nsswitch.conf
  62           configuration file and the required /lib/libnss_* libraries in
  63           order for the shadow password functions to work. This generally
  64           makes your embedded system quite a bit larger.
  65
  66           Enabling this option will cause busybox to directly access the
  67           system's /etc/shadow file when handling shadow passwords. This
  68           makes your system smaller (and I will get fewer emails asking about
  69           how glibc NSS works). When this option is enabled, you will not be
  70           able to use PAM to access shadow passwords from remote LDAP
  71           password servers and whatnot.
  72
  73 config BUSYBOX_CONFIG_USE_BB_CRYPT
  74         bool "Use internal crypt functions"
  75         default BUSYBOX_DEFAULT_USE_BB_CRYPT
  76         help
  77           Busybox has internal DES and MD5 crypt functions.
  78           They produce results which are identical to corresponding
  79           standard C library functions.
  80
  81           If you leave this disabled, busybox will use the system's
  82           crypt functions. Most C libraries use large (~70k)
  83           static buffers there, and also combine them with more general
  84           DES encryption/decryption.
  85
  86           For busybox, having large static buffers is undesirable,
  87           especially on NOMMU machines. Busybox also doesn't need
  88           DES encryption/decryption and can do with smaller code.
  89
  90           If you enable this option, it will add about 4.8k of code
  91           if you are building dynamically linked executable.
  92           In static build, it makes code _smaller_ by about 1.2k,
  93           and likely many kilobytes less of bss.
  94
  95 config BUSYBOX_CONFIG_USE_BB_CRYPT_SHA
  96         bool "Enable SHA256/512 crypt functions"
  97         default BUSYBOX_DEFAULT_USE_BB_CRYPT_SHA
  98         depends on BUSYBOX_CONFIG_USE_BB_CRYPT
  99         help
 100           Enable this if you have passwords starting with "$5$" or "$6$"
 101           in your /etc/passwd or /etc/shadow files. These passwords
 102           are hashed using SHA256 and SHA512 algorithms. Support for them
 103           was added to glibc in 2008.
 104           With this option off, login will fail password check for any
 105           user which has password encrypted with these algorithms.
 106
 107 config BUSYBOX_CONFIG_ADDUSER
 108         bool "adduser"
 109         default BUSYBOX_DEFAULT_ADDUSER
 110         help
 111           Utility for creating a new user account.
 112
 113 config BUSYBOX_CONFIG_FEATURE_ADDUSER_LONG_OPTIONS
 114         bool "Enable long options"
 115         default BUSYBOX_DEFAULT_FEATURE_ADDUSER_LONG_OPTIONS
 116         depends on BUSYBOX_CONFIG_ADDUSER && BUSYBOX_CONFIG_LONG_OPTS
 117         help
 118           Support long options for the adduser applet.
 119
 120 config BUSYBOX_CONFIG_FEATURE_CHECK_NAMES
 121         bool "Enable sanity check on user/group names in adduser and addgroup"
 122         default BUSYBOX_DEFAULT_FEATURE_CHECK_NAMES
 123         depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
 124         help
 125           Enable sanity check on user and group names in adduser and addgroup.
 126           To avoid problems, the user or group name should consist only of
 127           letters, digits, underscores, periods, at signs and dashes,
 128           and not start with a dash (as defined by IEEE Std 1003.1-2001).
 129           For compatibility with Samba machine accounts "$" is also supported
 130           at the end of the user or group name.
 131
 132 config BUSYBOX_CONFIG_FIRST_SYSTEM_ID
 133         int "First valid system uid or gid for adduser and addgroup"
 134         depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
 135         range 0 64900
 136         default BUSYBOX_DEFAULT_FIRST_SYSTEM_ID
 137         help
 138           First valid system uid or gid for adduser and addgroup
 139
 140 config BUSYBOX_CONFIG_LAST_SYSTEM_ID
 141         int "Last valid system uid or gid for adduser and addgroup"
 142         depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
 143         range 0 64900
 144         default BUSYBOX_DEFAULT_LAST_SYSTEM_ID
 145         help
 146           Last valid system uid or gid for adduser and addgroup
 147
 148 config BUSYBOX_CONFIG_ADDGROUP
 149         bool "addgroup"
 150         default BUSYBOX_DEFAULT_ADDGROUP
 151         help
 152           Utility for creating a new group account.
 153
 154 config BUSYBOX_CONFIG_FEATURE_ADDGROUP_LONG_OPTIONS
 155         bool "Enable long options"
 156         default BUSYBOX_DEFAULT_FEATURE_ADDGROUP_LONG_OPTIONS
 157         depends on BUSYBOX_CONFIG_ADDGROUP && BUSYBOX_CONFIG_LONG_OPTS
 158         help
 159           Support long options for the addgroup applet.
 160
 161 config BUSYBOX_CONFIG_FEATURE_ADDUSER_TO_GROUP
 162         bool "Support for adding users to groups"
 163         default BUSYBOX_DEFAULT_FEATURE_ADDUSER_TO_GROUP
 164         depends on BUSYBOX_CONFIG_ADDGROUP
 165         help
 166           If  called  with two non-option arguments,
 167           addgroup will add an existing user to an
 168           existing group.
 169
 170 config BUSYBOX_CONFIG_DELUSER
 171         bool "deluser"
 172         default BUSYBOX_DEFAULT_DELUSER
 173         help
 174           Utility for deleting a user account.
 175
 176 config BUSYBOX_CONFIG_DELGROUP
 177         bool "delgroup"
 178         default BUSYBOX_DEFAULT_DELGROUP
 179         help
 180           Utility for deleting a group account.
 181
 182 config BUSYBOX_CONFIG_FEATURE_DEL_USER_FROM_GROUP
 183         bool "Support for removing users from groups"
 184         default BUSYBOX_DEFAULT_FEATURE_DEL_USER_FROM_GROUP
 185         depends on BUSYBOX_CONFIG_DELGROUP
 186         help
 187           If called with two non-option arguments, deluser
 188           or delgroup will remove an user from a specified group.
 189
 190 config BUSYBOX_CONFIG_GETTY
 191         bool "getty"
 192         default BUSYBOX_DEFAULT_GETTY
 193         select BUSYBOX_CONFIG_FEATURE_SYSLOG
 194         help
 195           getty lets you log in on a tty. It is normally invoked by init.
 196
 197           Note that you can save a few bytes by disabling it and
 198           using login applet directly.
 199           If you need to reset tty attributes before calling login,
 200           this script approximates getty:
 201
 202           exec </dev/$1 >/dev/$1 2>&1 || exit 1
 203           reset
 204           stty sane; stty ispeed 38400; stty ospeed 38400
 205           printf "%s login: " "`hostname`"
 206           read -r login
 207           exec /bin/login "$login"
 208
 209 config BUSYBOX_CONFIG_LOGIN
 210         bool "login"
 211         default BUSYBOX_DEFAULT_LOGIN
 212         select BUSYBOX_CONFIG_FEATURE_SYSLOG
 213         help
 214           login is used when signing onto a system.
 215
 216           Note that Busybox binary must be setuid root for this applet to
 217           work properly.
 218
 219 config BUSYBOX_CONFIG_PAM
 220         bool "Support for PAM (Pluggable Authentication Modules)"
 221         default BUSYBOX_DEFAULT_PAM
 222         depends on BUSYBOX_CONFIG_LOGIN
 223         help
 224           Use PAM in login(1) instead of direct access to password database.
 225
 226 config BUSYBOX_CONFIG_LOGIN_SCRIPTS
 227         bool "Support for login scripts"
 228         depends on BUSYBOX_CONFIG_LOGIN
 229         default BUSYBOX_DEFAULT_LOGIN_SCRIPTS
 230         help
 231           Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT
 232           just prior to switching from root to logged-in user.
 233
 234 config BUSYBOX_CONFIG_FEATURE_NOLOGIN
 235         bool "Support for /etc/nologin"
 236         default BUSYBOX_DEFAULT_FEATURE_NOLOGIN
 237         depends on BUSYBOX_CONFIG_LOGIN
 238         help
 239           The file /etc/nologin is used by (some versions of) login(1).
 240           If it exists, non-root logins are prohibited.
 241
 242 config BUSYBOX_CONFIG_FEATURE_SECURETTY
 243         bool "Support for /etc/securetty"
 244         default BUSYBOX_DEFAULT_FEATURE_SECURETTY
 245         depends on BUSYBOX_CONFIG_LOGIN
 246         help
 247           The file /etc/securetty is used by (some versions of) login(1).
 248           The file contains the device names of tty lines (one per line,
 249           without leading /dev/) on which root is allowed to login.
 250
 251 config BUSYBOX_CONFIG_PASSWD
 252         bool "passwd"
 253         default BUSYBOX_DEFAULT_PASSWD
 254         select BUSYBOX_CONFIG_FEATURE_SYSLOG
 255         help
 256           passwd changes passwords for user and group accounts. A normal user
 257           may only change the password for his/her own account, the super user
 258           may change the password for any account. The administrator of a group
 259           may change the password for the group.
 260
 261           Note that Busybox binary must be setuid root for this applet to
 262           work properly.
 263
 264 config BUSYBOX_CONFIG_FEATURE_PASSWD_WEAK_CHECK
 265         bool "Check new passwords for weakness"
 266         default BUSYBOX_DEFAULT_FEATURE_PASSWD_WEAK_CHECK
 267         depends on BUSYBOX_CONFIG_PASSWD
 268         help
 269           With this option passwd will refuse new passwords which are "weak".
 270
 271 config BUSYBOX_CONFIG_CRYPTPW
 272         bool "cryptpw"
 273         default BUSYBOX_DEFAULT_CRYPTPW
 274         help
 275           Encrypts the given password with the crypt(3) libc function
 276           using the given salt. Debian has this utility under mkpasswd
 277           name. Busybox provides mkpasswd as an alias for cryptpw.
 278
 279 config BUSYBOX_CONFIG_CHPASSWD
 280         bool "chpasswd"
 281         default BUSYBOX_DEFAULT_CHPASSWD
 282         help
 283           Reads a file of user name and password pairs from standard input
 284           and uses this information to update a group of existing users.
 285
 286 config BUSYBOX_CONFIG_SU
 287         bool "su"
 288         default BUSYBOX_DEFAULT_SU
 289         select BUSYBOX_CONFIG_FEATURE_SYSLOG
 290         help
 291           su is used to become another user during a login session.
 292           Invoked without a username, su defaults to becoming the super user.
 293
 294           Note that Busybox binary must be setuid root for this applet to
 295           work properly.
 296
 297 config BUSYBOX_CONFIG_FEATURE_SU_SYSLOG
 298         bool "Enable su to write to syslog"
 299         default BUSYBOX_DEFAULT_FEATURE_SU_SYSLOG
 300         depends on BUSYBOX_CONFIG_SU
 301
 302 config BUSYBOX_CONFIG_FEATURE_SU_CHECKS_SHELLS
 303         bool "Enable su to check user's shell to be listed in /etc/shells"
 304         depends on BUSYBOX_CONFIG_SU
 305         default BUSYBOX_DEFAULT_FEATURE_SU_CHECKS_SHELLS
 306
 307 config BUSYBOX_CONFIG_SULOGIN
 308         bool "sulogin"
 309         default BUSYBOX_DEFAULT_SULOGIN
 310         select BUSYBOX_CONFIG_FEATURE_SYSLOG
 311         help
 312           sulogin is invoked when the system goes into single user
 313           mode (this is done through an entry in inittab).
 314
 315 config BUSYBOX_CONFIG_VLOCK
 316         bool "vlock"
 317         default BUSYBOX_DEFAULT_VLOCK
 318         help
 319           Build the "vlock" applet which allows you to lock (virtual) terminals.
 320
 321           Note that Busybox binary must be setuid root for this applet to
 322           work properly.
 323
 324 endmenu