package/utils/busybox/config/loginutils/Config.in

   1 # DO NOT EDIT. This file is generated from Config.src
   2 #
   3 # For a description of the syntax of this configuration file,
   4 # see scripts/kbuild/config-language.txt.
   5 #
   6
   7 menu "Login/Password Management Utilities"
   8
   9 config BUSYBOX_CONFIG_ADD_SHELL
  10        bool "add-shell"
  11        default BUSYBOX_DEFAULT_ADD_SHELL if BUSYBOX_CONFIG_DESKTOP
  12        help
  13          Add shells to /etc/shells.
  14
  15 config BUSYBOX_CONFIG_REMOVE_SHELL
  16        bool "remove-shell"
  17        default BUSYBOX_DEFAULT_REMOVE_SHELL if BUSYBOX_CONFIG_DESKTOP
  18        help
  19          Remove shells from /etc/shells.
  20
  21 config BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS
  22         bool "Support for shadow passwords"
  23         default BUSYBOX_DEFAULT_FEATURE_SHADOWPASSWDS
  24         help
  25           Build support for shadow password in /etc/shadow. This file is only
  26           readable by root and thus the encrypted passwords are no longer
  27           publicly readable.
  28
  29 config BUSYBOX_CONFIG_USE_BB_PWD_GRP
  30         bool "Use internal password and group functions rather than system functions"
  31         default BUSYBOX_DEFAULT_USE_BB_PWD_GRP
  32         help
  33           If you leave this disabled, busybox will use the system's password
  34           and group functions. And if you are using the GNU C library
  35           (glibc), you will then need to install the /etc/nsswitch.conf
  36           configuration file and the required /lib/libnss_* libraries in
  37           order for the password and group functions to work. This generally
  38           makes your embedded system quite a bit larger.
  39
  40           Enabling this option will cause busybox to directly access the
  41           system's /etc/password, /etc/group files (and your system will be
  42           smaller, and I will get fewer emails asking about how glibc NSS
  43           works). When this option is enabled, you will not be able to use
  44           PAM to access remote LDAP password servers and whatnot. And if you
  45           want hostname resolution to work with glibc, you still need the
  46           /lib/libnss_* libraries.
  47
  48           If you need to use glibc's nsswitch.conf mechanism
  49           (e.g. if user/group database is NOT stored in /etc/passwd etc),
  50           you must NOT use this option.
  51
  52           If you enable this option, it will add about 1.5k.
  53
  54 config BUSYBOX_CONFIG_USE_BB_SHADOW
  55         bool "Use internal shadow password functions"
  56         default BUSYBOX_DEFAULT_USE_BB_SHADOW
  57         depends on BUSYBOX_CONFIG_USE_BB_PWD_GRP && BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS
  58         help
  59           If you leave this disabled, busybox will use the system's shadow
  60           password handling functions. And if you are using the GNU C library
  61           (glibc), you will then need to install the /etc/nsswitch.conf
  62           configuration file and the required /lib/libnss_* libraries in
  63           order for the shadow password functions to work. This generally
  64           makes your embedded system quite a bit larger.
  65
  66           Enabling this option will cause busybox to directly access the
  67           system's /etc/shadow file when handling shadow passwords. This
  68           makes your system smaller (and I will get fewer emails asking about
  69           how glibc NSS works). When this option is enabled, you will not be
  70           able to use PAM to access shadow passwords from remote LDAP
  71           password servers and whatnot.
  72
  73 config BUSYBOX_CONFIG_USE_BB_CRYPT
  74         bool "Use internal crypt functions"
  75         default BUSYBOX_DEFAULT_USE_BB_CRYPT
  76         help
  77           Busybox has internal DES and MD5 crypt functions.
  78           They produce results which are identical to corresponding
  79           standard C library functions.
  80
  81           If you leave this disabled, busybox will use the system's
  82           crypt functions. Most C libraries use large (~70k)
  83           static buffers there, and also combine them with more general
  84           DES encryption/decryption.
  85
  86           For busybox, having large static buffers is undesirable,
  87           especially on NOMMU machines. Busybox also doesn't need
  88           DES encryption/decryption and can do with smaller code.
  89
  90           If you enable this option, it will add about 4.8k of code
  91           if you are building dynamically linked executable.
  92           In static build, it makes code _smaller_ by about 1.2k,
  93           and likely many kilobytes less of bss.
  94
  95 config BUSYBOX_CONFIG_USE_BB_CRYPT_SHA
  96         bool "Enable SHA256/512 crypt functions"
  97         default BUSYBOX_DEFAULT_USE_BB_CRYPT_SHA
  98         depends on BUSYBOX_CONFIG_USE_BB_CRYPT
  99         help
 100           Enable this if you have passwords starting with "$5$" or "$6$"
 101           in your /etc/passwd or /etc/shadow files. These passwords
 102           are hashed using SHA256 and SHA512 algorithms. Support for them
 103           was added to glibc in 2008.
 104           With this option off, login will fail password check for any
 105           user which has password encrypted with these algorithms.
 106
 107 config BUSYBOX_CONFIG_ADDUSER
 108         bool "adduser"
 109         default BUSYBOX_DEFAULT_ADDUSER
 110         help
 111           Utility for creating a new user account.
 112
 113 config BUSYBOX_CONFIG_FEATURE_ADDUSER_LONG_OPTIONS
 114         bool "Enable long options"
 115         default BUSYBOX_DEFAULT_FEATURE_ADDUSER_LONG_OPTIONS
 116         depends on BUSYBOX_CONFIG_ADDUSER && BUSYBOX_CONFIG_LONG_OPTS
 117         help
 118           Support long options for the adduser applet.
 119
 120 config BUSYBOX_CONFIG_FEATURE_CHECK_NAMES
 121         bool "Enable sanity check on user/group names in adduser and addgroup"
 122         default BUSYBOX_DEFAULT_FEATURE_CHECK_NAMES
 123         depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
 124         help
 125           Enable sanity check on user and group names in adduser and addgroup.
 126           To avoid problems, the user or group name should consist only of
 127           letters, digits, underscores, periods, at signs and dashes,
 128           and not start with a dash (as defined by IEEE Std 1003.1-2001).
 129           For compatibility with Samba machine accounts "$" is also supported
 130           at the end of the user or group name.
 131
 132 config BUSYBOX_CONFIG_FIRST_SYSTEM_ID
 133         int "First valid system uid or gid for adduser and addgroup"
 134         depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
 135         range 0 64900
 136         default BUSYBOX_DEFAULT_FIRST_SYSTEM_ID
 137         help
 138           First valid system uid or gid for adduser and addgroup
 139
 140 config BUSYBOX_CONFIG_LAST_SYSTEM_ID
 141         int "Last valid system uid or gid for adduser and addgroup"
 142         depends on BUSYBOX_CONFIG_ADDUSER || BUSYBOX_CONFIG_ADDGROUP
 143         range 0 64900
 144         default BUSYBOX_DEFAULT_LAST_SYSTEM_ID
 145         help
 146           Last valid system uid or gid for adduser and addgroup
 147
 148 config BUSYBOX_CONFIG_ADDGROUP
 149         bool "addgroup"
 150         default BUSYBOX_DEFAULT_ADDGROUP
 151         help
 152           Utility for creating a new group account.
 153
 154 config BUSYBOX_CONFIG_FEATURE_ADDGROUP_LONG_OPTIONS
 155         bool "Enable long options"
 156         default BUSYBOX_DEFAULT_FEATURE_ADDGROUP_LONG_OPTIONS
 157         depends on BUSYBOX_CONFIG_ADDGROUP && BUSYBOX_CONFIG_LONG_OPTS
 158         help
 159           Support long options for the addgroup applet.
 160
 161 config BUSYBOX_CONFIG_FEATURE_ADDUSER_TO_GROUP
 162         bool "Support for adding users to groups"
 163         default BUSYBOX_DEFAULT_FEATURE_ADDUSER_TO_GROUP
 164         depends on BUSYBOX_CONFIG_ADDGROUP
 165         help
 166           If  called  with two non-option arguments,
 167           addgroup will add an existing user to an
 168           existing group.
 169
 170 config BUSYBOX_CONFIG_DELUSER
 171         bool "deluser"
 172         default BUSYBOX_DEFAULT_DELUSER
 173         help
 174           Utility for deleting a user account.
 175
 176 config BUSYBOX_CONFIG_DELGROUP
 177         bool "delgroup"
 178         default BUSYBOX_DEFAULT_DELGROUP
 179         help
 180           Utility for deleting a group account.
 181
 182 config BUSYBOX_CONFIG_FEATURE_DEL_USER_FROM_GROUP
 183         bool "Support for removing users from groups"
 184         default BUSYBOX_DEFAULT_FEATURE_DEL_USER_FROM_GROUP
 185         depends on BUSYBOX_CONFIG_DELGROUP
 186         help
 187           If called with two non-option arguments, deluser
 188           or delgroup will remove an user from a specified group.
 189
 190 config BUSYBOX_CONFIG_GETTY
 191         bool "getty"
 192         default BUSYBOX_DEFAULT_GETTY
 193         select BUSYBOX_CONFIG_FEATURE_SYSLOG
 194         help
 195           getty lets you log in on a tty. It is normally invoked by init.
 196
 197           Note that you can save a few bytes by disabling it and
 198           using login applet directly.
 199           If you need to reset tty attributes before calling login,
 200           this script approximates getty:
 201
 202           exec </dev/$1 >/dev/$1 2>&1 || exit 1
 203           reset
 204           stty sane; stty ispeed 38400; stty ospeed 38400
 205           printf "%s login: " "`hostname`"
 206           read -r login
 207           exec /bin/login "$login"
 208
 209 config BUSYBOX_CONFIG_LOGIN
 210         bool "login"
 211         default BUSYBOX_DEFAULT_LOGIN
 212         select BUSYBOX_CONFIG_FEATURE_SYSLOG
 213         help
 214           login is used when signing onto a system.
 215
 216           Note that Busybox binary must be setuid root for this applet to
 217           work properly.
 218
 219 config BUSYBOX_CONFIG_LOGIN_SESSION_AS_CHILD
 220         bool "Run logged in session in a child process"
 221         default BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD if BUSYBOX_CONFIG_PAM
 222         depends on BUSYBOX_CONFIG_LOGIN
 223         help
 224           Run the logged in session in a child process.  This allows
 225           login to clean up things such as utmp entries or PAM sessions
 226           when the login session is complete.  If you use PAM, you
 227           almost always would want this to be set to Y, else PAM session
 228           will not be cleaned up.
 229
 230 config BUSYBOX_CONFIG_PAM
 231         bool "Support for PAM (Pluggable Authentication Modules)"
 232         default BUSYBOX_DEFAULT_PAM
 233         depends on BUSYBOX_CONFIG_LOGIN
 234         help
 235           Use PAM in login(1) instead of direct access to password database.
 236
 237 config BUSYBOX_CONFIG_LOGIN_SCRIPTS
 238         bool "Support for login scripts"
 239         depends on BUSYBOX_CONFIG_LOGIN
 240         default BUSYBOX_DEFAULT_LOGIN_SCRIPTS
 241         help
 242           Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT
 243           just prior to switching from root to logged-in user.
 244
 245 config BUSYBOX_CONFIG_FEATURE_NOLOGIN
 246         bool "Support for /etc/nologin"
 247         default BUSYBOX_DEFAULT_FEATURE_NOLOGIN
 248         depends on BUSYBOX_CONFIG_LOGIN
 249         help
 250           The file /etc/nologin is used by (some versions of) login(1).
 251           If it exists, non-root logins are prohibited.
 252
 253 config BUSYBOX_CONFIG_FEATURE_SECURETTY
 254         bool "Support for /etc/securetty"
 255         default BUSYBOX_DEFAULT_FEATURE_SECURETTY
 256         depends on BUSYBOX_CONFIG_LOGIN
 257         help
 258           The file /etc/securetty is used by (some versions of) login(1).
 259           The file contains the device names of tty lines (one per line,
 260           without leading /dev/) on which root is allowed to login.
 261
 262 config BUSYBOX_CONFIG_PASSWD
 263         bool "passwd"
 264         default BUSYBOX_DEFAULT_PASSWD
 265         select BUSYBOX_CONFIG_FEATURE_SYSLOG
 266         help
 267           passwd changes passwords for user and group accounts. A normal user
 268           may only change the password for his/her own account, the super user
 269           may change the password for any account. The administrator of a group
 270           may change the password for the group.
 271
 272           Note that Busybox binary must be setuid root for this applet to
 273           work properly.
 274
 275 config BUSYBOX_CONFIG_FEATURE_PASSWD_WEAK_CHECK
 276         bool "Check new passwords for weakness"
 277         default BUSYBOX_DEFAULT_FEATURE_PASSWD_WEAK_CHECK
 278         depends on BUSYBOX_CONFIG_PASSWD
 279         help
 280           With this option passwd will refuse new passwords which are "weak".
 281
 282 config BUSYBOX_CONFIG_CRYPTPW
 283         bool "cryptpw"
 284         default BUSYBOX_DEFAULT_CRYPTPW
 285         help
 286           Encrypts the given password with the crypt(3) libc function
 287           using the given salt. Debian has this utility under mkpasswd
 288           name. Busybox provides mkpasswd as an alias for cryptpw.
 289
 290 config BUSYBOX_CONFIG_CHPASSWD
 291         bool "chpasswd"
 292         default BUSYBOX_DEFAULT_CHPASSWD
 293         help
 294           Reads a file of user name and password pairs from standard input
 295           and uses this information to update a group of existing users.
 296
 297 config BUSYBOX_CONFIG_FEATURE_DEFAULT_PASSWD_ALGO
 298         string "Default password encryption method (passwd -a, cryptpw -m parameter)"
 299         default BUSYBOX_DEFAULT_FEATURE_DEFAULT_PASSWD_ALGO
 300         depends on BUSYBOX_CONFIG_PASSWD || BUSYBOX_CONFIG_CRYPTPW
 301         help
 302           Possible choices are "d[es]", "m[d5]", "s[ha256]" or "sha512".
 303
 304 config BUSYBOX_CONFIG_SU
 305         bool "su"
 306         default BUSYBOX_DEFAULT_SU
 307         select BUSYBOX_CONFIG_FEATURE_SYSLOG
 308         help
 309           su is used to become another user during a login session.
 310           Invoked without a username, su defaults to becoming the super user.
 311
 312           Note that Busybox binary must be setuid root for this applet to
 313           work properly.
 314
 315 config BUSYBOX_CONFIG_FEATURE_SU_SYSLOG
 316         bool "Enable su to write to syslog"
 317         default BUSYBOX_DEFAULT_FEATURE_SU_SYSLOG
 318         depends on BUSYBOX_CONFIG_SU
 319
 320 config BUSYBOX_CONFIG_FEATURE_SU_CHECKS_SHELLS
 321         bool "Enable su to check user's shell to be listed in /etc/shells"
 322         depends on BUSYBOX_CONFIG_SU
 323         default BUSYBOX_DEFAULT_FEATURE_SU_CHECKS_SHELLS
 324
 325 config BUSYBOX_CONFIG_SULOGIN
 326         bool "sulogin"
 327         default BUSYBOX_DEFAULT_SULOGIN
 328         select BUSYBOX_CONFIG_FEATURE_SYSLOG
 329         help
 330           sulogin is invoked when the system goes into single user
 331           mode (this is done through an entry in inittab).
 332
 333 config BUSYBOX_CONFIG_VLOCK
 334         bool "vlock"
 335         default BUSYBOX_DEFAULT_VLOCK
 336         help
 337           Build the "vlock" applet which allows you to lock (virtual) terminals.
 338
 339           Note that Busybox binary must be setuid root for this applet to
 340           work properly.
 341
 342 endmenu