1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-sysadm] [863] add shadow module for login.defs
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B863%5D%20add%20shadow%20module%20for%20login.defs&In-Reply-To=%3C20110120182117.72FEE42B8A%40valstar.mageia.org%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="002304.html">
<LINK REL="Next" HREF="002306.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-sysadm] [863] add shadow module for login.defs</H1>
<B>root at mageia.org</B>
<A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B863%5D%20add%20shadow%20module%20for%20login.defs&In-Reply-To=%3C20110120182117.72FEE42B8A%40valstar.mageia.org%3E"
TITLE="[Mageia-sysadm] [863] add shadow module for login.defs">root at mageia.org
</A><BR>
<I>Thu Jan 20 19:21:17 CET 2011</I>
<P><UL>
<LI>Previous message: <A HREF="002304.html">[Mageia-sysadm] Puppet Report for rabbit.mageia.org
</A></li>
<LI>Next message: <A HREF="002306.html">[Mageia-sysadm] [864] enable shadow module
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#2305">[ date ]</a>
<a href="thread.html#2305">[ thread ]</a>
<a href="subject.html#2305">[ subject ]</a>
<a href="author.html#2305">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Revision: 863
Author: boklm
Date: 2011-01-20 19:21:17 +0100 (Thu, 20 Jan 2011)
Log Message:
-----------
add shadow module for login.defs
Added Paths:
-----------
puppet/deployment/shadow/
puppet/deployment/shadow/files/
puppet/deployment/shadow/files/login.defs
puppet/deployment/shadow/manifests/
puppet/deployment/shadow/manifests/init.pp
Added: puppet/deployment/shadow/files/login.defs
===================================================================
--- puppet/deployment/shadow/files/login.defs (rev 0)
+++ puppet/deployment/shadow/files/login.defs 2011-01-20 18:21:17 UTC (rev 863)
@@ -0,0 +1,193 @@
+# *REQUIRED*
+# Directory where mailboxes reside, _or_ name of file, relative to the
+# home directory. If you _do_ define both, MAIL_DIR takes precedence.
+# QMAIL_DIR is for Qmail
+#
+#QMAIL_DIR Maildir
+MAIL_DIR /var/spool/mail
+#MAIL_FILE .mail
+
+# Password aging controls:
+#
+# PASS_MAX_DAYS Maximum number of days a password may be used.
+# PASS_MIN_DAYS Minimum number of days allowed between password changes.
+# PASS_MIN_LEN Minimum acceptable password length.
+# PASS_WARN_AGE Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS 99999
+PASS_MIN_DAYS 0
+#PASS_MIN_LEN 5
+PASS_WARN_AGE 7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN 500
+UID_MAX 60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN 500
+GID_MAX 60000
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+# USERDEL_CMD /usr/sbin/userdel_local
+
+#
+# If useradd should create home directories for users by default
+# On RH systems, we do. This option is ORed with the -m flag on
+# useradd command line.
+#
+CREATE_HOME yes
+
+#
+# The password hashing method and iteration count to use for group
+# passwords that may be set with gpasswd(1).
+#
+CRYPT_PREFIX $2a$
+CRYPT_ROUNDS 8
+
+#
+# Whether to use tcb password shadowing scheme. Use 'yes' if using
+# tcb and 'no' if using /etc/shadow
+#
+USE_TCB no
+
+#
+# Whether newly created tcb-style shadow files should be readable by
+# group "auth".
+#
+TCB_AUTH_GROUP yes
+
+#
+# Whether useradd should create symlinks rather than directories under
+# /etc/tcb for newly created accounts with UIDs over 1000. See tcb(5)
+# for information on why this may be needed.
+#
+TCB_SYMLINKS no
+
+#
+# Delay in seconds before being allowed another attempt after a login failure
+#
+FAIL_DELAY 3
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+LOG_UNKFAIL_ENAB no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB yes
+SYSLOG_SG_ENAB yes
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names. Root logins will be allowed only
+# upon these devices.
+#
+CONSOLE /etc/securetty
+#CONSOLE console:tty01:tty02:tty03:tty04
+
+#
+# If defined, the command name to display when running "su -". For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su". If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence. If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file. If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE .hushlogin
+#HUSHLOGIN_FILE /etc/hushlogins
+
+#
+# *REQUIRED* The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
+ENV_PATH PATH=/bin:/usr/bin
+
+#
+# Terminal permissions
+#
+# TTYGROUP Login tty will be assigned this group ownership.
+# TTYPERM Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+TTYGROUP tty
+TTYPERM 0600
+
+#
+# Login configuration initializations:
+#
+# ERASECHAR Terminal ERASE character ('\010' = backspace).
+# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
+# UMASK Default "umask" value.
+# ULIMIT Default "ulimit" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# The ULIMIT is used only if the system supports it.
+# (now it works with setrlimit too; ulimit is in 512-byte units)
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR 0177
+KILLCHAR 025
+UMASK 022
+#ULIMIT 2097152
+
+#
+# Max number of login retries if password is bad
+#
+LOGIN_RETRIES 5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT 60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone). If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+#
+CHFN_RESTRICT rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default in no.
+#
+DEFAULT_HOME yes
+
+#
+# Enable setting of the umask group bits to be the same as owner bits
+# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
+# the same as gid, and username is the same as the primary group name.
+#
+# This also enables userdel to remove user groups if no members exist.
+#
+USERGROUPS_ENAB yes
+
Added: puppet/deployment/shadow/manifests/init.pp
===================================================================
--- puppet/deployment/shadow/manifests/init.pp (rev 0)
+++ puppet/deployment/shadow/manifests/init.pp 2011-01-20 18:21:17 UTC (rev 863)
@@ -0,0 +1,8 @@
+class shadow {
+ file {"/etc/login.defs":
+ owner => 'root',
+ group => 'shadow',
+ mode => 640,
+ source => 'shadow/login.defs',
+ }
+}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20110120/a10cdbae/attachment-0001.html>
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="002304.html">[Mageia-sysadm] Puppet Report for rabbit.mageia.org
</A></li>
<LI>Next message: <A HREF="002306.html">[Mageia-sysadm] [864] enable shadow module
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#2305">[ date ]</a>
<a href="thread.html#2305">[ thread ]</a>
<a href="subject.html#2305">[ subject ]</a>
<a href="author.html#2305">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
mailing list</a><br>
</body></html>
|
