| # |
| # For a description of the syntax of this configuration file, |
| # see scripts/kbuild/config-language.txt. |
| # |
| |
| menu "Login/Password Management Utilities" |
| |
| INSERT |
| |
| config FEATURE_SHADOWPASSWDS |
| bool "Support for shadow passwords" |
| default y |
| help |
| Build support for shadow password in /etc/shadow. This file is only |
| readable by root and thus the encrypted passwords are no longer |
| publicly readable. |
| |
| config USE_BB_PWD_GRP |
| bool "Use internal password and group functions rather than system functions" |
| default y |
| help |
| If you leave this disabled, busybox will use the system's password |
| and group functions. And if you are using the GNU C library |
| (glibc), you will then need to install the /etc/nsswitch.conf |
| configuration file and the required /lib/libnss_* libraries in |
| order for the password and group functions to work. This generally |
| makes your embedded system quite a bit larger. |
| |
| Enabling this option will cause busybox to directly access the |
| system's /etc/password, /etc/group files (and your system will be |
| smaller, and I will get fewer emails asking about how glibc NSS |
| works). When this option is enabled, you will not be able to use |
| PAM to access remote LDAP password servers and whatnot. And if you |
| want hostname resolution to work with glibc, you still need the |
| /lib/libnss_* libraries. |
| |
| If you need to use glibc's nsswitch.conf mechanism |
| (e.g. if user/group database is NOT stored in /etc/passwd etc), |
| you must NOT use this option. |
| |
| If you enable this option, it will add about 1.5k. |
| |
| config USE_BB_SHADOW |
| bool "Use internal shadow password functions" |
| default y |
| depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS |
| help |
| If you leave this disabled, busybox will use the system's shadow |
| password handling functions. And if you are using the GNU C library |
| (glibc), you will then need to install the /etc/nsswitch.conf |
| configuration file and the required /lib/libnss_* libraries in |
| order for the shadow password functions to work. This generally |
| makes your embedded system quite a bit larger. |
| |
| Enabling this option will cause busybox to directly access the |
| system's /etc/shadow file when handling shadow passwords. This |
| makes your system smaller (and I will get fewer emails asking about |
| how glibc NSS works). When this option is enabled, you will not be |
| able to use PAM to access shadow passwords from remote LDAP |
| password servers and whatnot. |
| |
| config USE_BB_CRYPT |
| bool "Use internal crypt functions" |
| default y |
| help |
| Busybox has internal DES and MD5 crypt functions. |
| They produce results which are identical to corresponding |
| standard C library functions. |
| |
| If you leave this disabled, busybox will use the system's |
| crypt functions. Most C libraries use large (~70k) |
| static buffers there, and also combine them with more general |
| DES encryption/decryption. |
| |
| For busybox, having large static buffers is undesirable, |
| especially on NOMMU machines. Busybox also doesn't need |
| DES encryption/decryption and can do with smaller code. |
| |
| If you enable this option, it will add about 4.8k of code |
| if you are building dynamically linked executable. |
| In static build, it makes code _smaller_ by about 1.2k, |
| and likely many kilobytes less of bss. |
| |
| config USE_BB_CRYPT_SHA |
| bool "Enable SHA256/512 crypt functions" |
| default y |
| depends on USE_BB_CRYPT |
| help |
| Enable this if you have passwords starting with "$5$" or "$6$" |
| in your /etc/passwd or /etc/shadow files. These passwords |
| are hashed using SHA256 and SHA512 algorithms. Support for them |
| was added to glibc in 2008. |
| With this option off, login will fail password check for any |
| user which has password encrypted with these algorithms. |
| |
| config ADDGROUP |
| bool "addgroup" |
| default y |
| help |
| Utility for creating a new group account. |
| |
| config FEATURE_ADDGROUP_LONG_OPTIONS |
| bool "Enable long options" |
| default y |
| depends on ADDGROUP && LONG_OPTS |
| help |
| Support long options for the addgroup applet. |
| |
| config FEATURE_ADDUSER_TO_GROUP |
| bool "Support for adding users to groups" |
| default y |
| depends on ADDGROUP |
| help |
| If called with two non-option arguments, |
| addgroup will add an existing user to an |
| existing group. |
| |
| config DELGROUP |
| bool "delgroup" |
| default y |
| help |
| Utility for deleting a group account. |
| |
| config FEATURE_DEL_USER_FROM_GROUP |
| bool "Support for removing users from groups" |
| default y |
| depends on DELGROUP |
| help |
| If called with two non-option arguments, deluser |
| or delgroup will remove an user from a specified group. |
| |
| config FEATURE_CHECK_NAMES |
| bool "Enable sanity check on user/group names in adduser and addgroup" |
| default n |
| depends on ADDUSER || ADDGROUP |
| help |
| Enable sanity check on user and group names in adduser and addgroup. |
| To avoid problems, the user or group name should consist only of |
| letters, digits, underscores, periods, at signs and dashes, |
| and not start with a dash (as defined by IEEE Std 1003.1-2001). |
| For compatibility with Samba machine accounts "$" is also supported |
| at the end of the user or group name. |
| |
| config ADDUSER |
| bool "adduser" |
| default y |
| help |
| Utility for creating a new user account. |
| |
| config FEATURE_ADDUSER_LONG_OPTIONS |
| bool "Enable long options" |
| default y |
| depends on ADDUSER && LONG_OPTS |
| help |
| Support long options for the adduser applet. |
| |
| config FIRST_SYSTEM_ID |
| int "First valid system uid or gid for adduser and addgroup" |
| depends on ADDUSER || ADDGROUP |
| range 0 64900 |
| default 100 |
| help |
| First valid system uid or gid for adduser and addgroup |
| |
| config LAST_SYSTEM_ID |
| int "Last valid system uid or gid for adduser and addgroup" |
| depends on ADDUSER || ADDGROUP |
| range 0 64900 |
| default 999 |
| help |
| Last valid system uid or gid for adduser and addgroup |
| |
| config DELUSER |
| bool "deluser" |
| default y |
| help |
| Utility for deleting a user account. |
| |
| config GETTY |
| bool "getty" |
| default y |
| select FEATURE_SYSLOG |
| help |
| getty lets you log in on a tty, it is normally invoked by init. |
| |
| config LOGIN |
| bool "login" |
| default y |
| select FEATURE_SUID |
| select FEATURE_SYSLOG |
| help |
| login is used when signing onto a system. |
| |
| Note that Busybox binary must be setuid root for this applet to |
| work properly. |
| |
| config PAM |
| bool "Support for PAM (Pluggable Authentication Modules)" |
| default n |
| depends on LOGIN |
| help |
| Use PAM in login(1) instead of direct access to password database. |
| |
| config LOGIN_SCRIPTS |
| bool "Support for login scripts" |
| depends on LOGIN |
| default y |
| help |
| Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT |
| just prior to switching from root to logged-in user. |
| |
| config FEATURE_NOLOGIN |
| bool "Support for /etc/nologin" |
| default y |
| depends on LOGIN |
| help |
| The file /etc/nologin is used by (some versions of) login(1). |
| If it exists, non-root logins are prohibited. |
| |
| config FEATURE_SECURETTY |
| bool "Support for /etc/securetty" |
| default y |
| depends on LOGIN |
| help |
| The file /etc/securetty is used by (some versions of) login(1). |
| The file contains the device names of tty lines (one per line, |
| without leading /dev/) on which root is allowed to login. |
| |
| config PASSWD |
| bool "passwd" |
| default y |
| select FEATURE_SUID |
| select FEATURE_SYSLOG |
| help |
| passwd changes passwords for user and group accounts. A normal user |
| may only change the password for his/her own account, the super user |
| may change the password for any account. The administrator of a group |
| may change the password for the group. |
| |
| Note that Busybox binary must be setuid root for this applet to |
| work properly. |
| |
| config FEATURE_PASSWD_WEAK_CHECK |
| bool "Check new passwords for weakness" |
| default y |
| depends on PASSWD |
| help |
| With this option passwd will refuse new passwords which are "weak". |
| |
| config CRYPTPW |
| bool "cryptpw" |
| default y |
| help |
| Encrypts the given password with the crypt(3) libc function |
| using the given salt. Debian has this utility under mkpasswd |
| name. Busybox provides mkpasswd as an alias for cryptpw. |
| |
| config CHPASSWD |
| bool "chpasswd" |
| default y |
| help |
| Reads a file of user name and password pairs from standard input |
| and uses this information to update a group of existing users. |
| |
| config SU |
| bool "su" |
| default y |
| select FEATURE_SUID |
| select FEATURE_SYSLOG |
| help |
| su is used to become another user during a login session. |
| Invoked without a username, su defaults to becoming the super user. |
| |
| Note that Busybox binary must be setuid root for this applet to |
| work properly. |
| |
| config FEATURE_SU_SYSLOG |
| bool "Enable su to write to syslog" |
| default y |
| depends on SU |
| |
| config FEATURE_SU_CHECKS_SHELLS |
| bool "Enable su to check user's shell to be listed in /etc/shells" |
| depends on SU |
| default y |
| |
| config SULOGIN |
| bool "sulogin" |
| default y |
| select FEATURE_SYSLOG |
| help |
| sulogin is invoked when the system goes into single user |
| mode (this is done through an entry in inittab). |
| |
| config VLOCK |
| bool "vlock" |
| default y |
| select FEATURE_SUID |
| help |
| Build the "vlock" applet which allows you to lock (virtual) terminals. |
| |
| Note that Busybox binary must be setuid root for this applet to |
| work properly. |
| |
| endmenu |