2024-03-28 00:25:42 +00:00
|
|
|
From 3d08c402ec9ee72151c585de07b840a5dcb71c0b Mon Sep 17 00:00:00 2001
|
2023-09-23 01:16:48 +00:00
|
|
|
From: David Runge <dvzrv@archlinux.org>
|
|
|
|
|
Date: Mon, 31 Oct 2022 10:10:22 +0100
|
|
|
|
|
Subject: [PATCH 3/3] Add Arch Linux defaults for login.defs
|
|
|
|
|
|
|
|
|
|
etc/login.defs:
|
|
|
|
|
- Change `ENV_SUPATH` and `ENV_SUPATH` to only use
|
|
|
|
|
/usr/local/sbin:/usr/local/bin:/usr/bin as Arch Linux is a /usr and
|
|
|
|
|
bin merge distribution.
|
|
|
|
|
- Set `HOME_MODE` to `0700` to be able to rely on a `UMASK` of `022`
|
|
|
|
|
while creating home directories in a privacy conserving manner.
|
|
|
|
|
- Change SYS_UID_MIN and SYS_GID_MIN to 500 which gives more space for
|
|
|
|
|
distribution added UIDs and GIDs of system users.
|
|
|
|
|
- Change ENCRYPT_METHOD to YESCRYPT as it is a safer hashing algorithm
|
|
|
|
|
than DES.
|
|
|
|
|
---
|
|
|
|
|
etc/login.defs | 12 ++++++------
|
|
|
|
|
1 file changed, 6 insertions(+), 6 deletions(-)
|
|
|
|
|
|
|
|
|
|
diff --git a/etc/login.defs b/etc/login.defs
|
|
|
|
|
index 797ca6b3..c4accbf8 100644
|
|
|
|
|
--- a/etc/login.defs
|
|
|
|
|
+++ b/etc/login.defs
|
|
|
|
|
@@ -55,8 +55,8 @@ HUSHLOGIN_FILE .hushlogin
|
|
|
|
|
# *REQUIRED* The default PATH settings, for superuser and normal users.
|
|
|
|
|
#
|
|
|
|
|
# (they are minimal, add the rest in the shell startup files)
|
|
|
|
|
-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
|
|
|
|
-ENV_PATH PATH=/bin:/usr/bin
|
|
|
|
|
+ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
|
|
|
|
|
+ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Terminal permissions
|
|
|
|
|
@@ -84,7 +84,7 @@ UMASK 022
|
|
|
|
|
# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
|
|
|
|
|
# home directories.
|
|
|
|
|
# If HOME_MODE is not set, the value of UMASK is used to create the mode.
|
|
|
|
|
-#HOME_MODE 0700
|
|
|
|
|
+HOME_MODE 0700
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Password aging controls:
|
|
|
|
|
@@ -103,7 +103,7 @@ PASS_WARN_AGE 7
|
|
|
|
|
UID_MIN 1000
|
|
|
|
|
UID_MAX 60000
|
|
|
|
|
# System accounts
|
|
|
|
|
-SYS_UID_MIN 101
|
|
|
|
|
+SYS_UID_MIN 500
|
|
|
|
|
SYS_UID_MAX 999
|
|
|
|
|
# Extra per user uids
|
|
|
|
|
SUB_UID_MIN 100000
|
|
|
|
|
@@ -116,7 +116,7 @@ SUB_UID_COUNT 65536
|
|
|
|
|
GID_MIN 1000
|
|
|
|
|
GID_MAX 60000
|
|
|
|
|
# System accounts
|
|
|
|
|
-SYS_GID_MIN 101
|
|
|
|
|
+SYS_GID_MIN 500
|
|
|
|
|
SYS_GID_MAX 999
|
|
|
|
|
# Extra per user group ids
|
|
|
|
|
SUB_GID_MIN 100000
|
|
|
|
|
@@ -152,7 +152,7 @@ CHFN_RESTRICT rwh
|
|
|
|
|
# Note: If you use PAM, it is recommended to use a value consistent with
|
|
|
|
|
# the PAM modules configuration.
|
|
|
|
|
#
|
|
|
|
|
-#ENCRYPT_METHOD DES
|
|
|
|
|
+ENCRYPT_METHOD YESCRYPT
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
|
|
|
|
|
--
|
2024-03-03 22:16:52 +00:00
|
|
|
2.44.0
|
2023-09-23 01:16:48 +00:00
|
|
|
|
