104 lines
3.1 KiB
Diff
104 lines
3.1 KiB
Diff
Improve comments in login.defs.
|
|
|
|
Index: etc/login.defs
|
|
===================================================================
|
|
--- etc/login.defs.orig
|
|
+++ etc/login.defs
|
|
@@ -3,8 +3,6 @@
|
|
# Some variables are used by login(1), su(1) and runuser(1) from util-linux
|
|
# package as well pam pam_unix(8) from pam package.
|
|
#
|
|
-# $Id$
|
|
-#
|
|
|
|
#
|
|
# Delay in seconds before being allowed another attempt after a login failure
|
|
@@ -23,15 +21,6 @@ LOG_UNKFAIL_ENAB no
|
|
#
|
|
|
|
#
|
|
-# Limit the highest user ID number for which the lastlog entries should
|
|
-# be updated.
|
|
-#
|
|
-# No LASTLOG_UID_MAX means that there is no user ID limit for writing
|
|
-# lastlog entries.
|
|
-#
|
|
-#LASTLOG_UID_MAX
|
|
-
|
|
-#
|
|
# Enable "syslog" logging of newgrp(1) and sg(1) activity - in addition
|
|
# to sulog file logging.
|
|
#
|
|
@@ -46,6 +35,15 @@ CONSOLE /etc/securetty
|
|
#CONSOLE console:tty01:tty02:tty03:tty04
|
|
|
|
#
|
|
+# Limit the highest user ID number for which the lastlog entries should
|
|
+# be updated.
|
|
+#
|
|
+# No LASTLOG_UID_MAX means that there is no user ID limit for writing
|
|
+# lastlog entries.
|
|
+#
|
|
+#LASTLOG_UID_MAX
|
|
+
|
|
+#
|
|
# If defined, all su(1) activity is logged to this file.
|
|
#
|
|
#SULOG_FILE /var/log/sulog
|
|
@@ -99,11 +97,14 @@ ENV_PATH /bin:/usr/bin
|
|
ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin
|
|
#ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin
|
|
|
|
-# If this variable is set to "yes", su will always set path. every su
|
|
-# call will overwrite the PATH variable.
|
|
+# If this variable is set to "yes" (default is "no"), su will always set
|
|
+# path. every su call will overwrite the PATH variable.
|
|
#
|
|
# Per default, only "su -" will set a new PATH.
|
|
#
|
|
+# The recommended value is "yes". The default "no" behavior could have
|
|
+# a security implication in applications that use commands without path.
|
|
+#
|
|
ALWAYS_SET_PATH no
|
|
|
|
#
|
|
@@ -148,6 +149,11 @@ PASS_WARN_AGE 7
|
|
#
|
|
# Min/max values for automatic uid selection in useradd(8)
|
|
#
|
|
+# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for
|
|
+# UIDs for dynamically allocated administrative and system accounts.
|
|
+# UID_MIN to UID_MAX inclusive is the range of UIDs of dynamically
|
|
+# allocated user accounts.
|
|
+#
|
|
UID_MIN 1000
|
|
UID_MAX 60000
|
|
# System accounts
|
|
@@ -161,6 +167,11 @@ SUB_UID_COUNT 65536
|
|
#
|
|
# Min/max values for automatic gid selection in groupadd(8)
|
|
#
|
|
+# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for
|
|
+# GIDs for dynamically allocated administrative and system groups.
|
|
+# GID_MIN to GID_MAX inclusive is the range of GIDs of dynamically
|
|
+# allocated groups.
|
|
+#
|
|
GID_MIN 1000
|
|
GID_MAX 60000
|
|
# System accounts
|
|
@@ -190,7 +201,6 @@ LOGIN_TIMEOUT 60
|
|
CHFN_RESTRICT rwh
|
|
|
|
#
|
|
-# Only works if compiled with MD5_CRYPT defined:
|
|
# If set to "yes", new passwords will be encrypted using the MD5-based
|
|
# algorithm compatible with the one used by recent releases of FreeBSD.
|
|
# It supports passwords of unlimited length and longer salt strings.
|
|
@@ -205,7 +215,6 @@ CHFN_RESTRICT rwh
|
|
#MD5_CRYPT_ENAB no
|
|
|
|
#
|
|
-# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
|
|
# If set to MD5, MD5-based algorithm will be used for encrypting password
|
|
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
|
|
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
|