1# 2# For a description of the syntax of this configuration file, 3# see scripts/kbuild/config-language.txt. 4# 5 6menu "Login/Password Management Utilities" 7 8config FEATURE_SHADOWPASSWDS 9 bool "Support for shadow passwords" 10 default n 11 help 12 Build support for shadow password in /etc/shadow. This file is only 13 readable by root and thus the encrypted passwords are no longer 14 publicly readable. 15 16config USE_BB_SHADOW 17 bool " Use busybox shadow password functions" 18 default y 19 depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS 20 help 21 If you leave this disabled, busybox will use the system's shadow 22 password handling functions. And if you are using the GNU C library 23 (glibc), you will then need to install the /etc/nsswitch.conf 24 configuration file and the required /lib/libnss_* libraries in 25 order for the shadow password functions to work. This generally 26 makes your embedded system quite a bit larger. 27 28 Enabling this option will cause busybox to directly access the 29 system's /etc/shadow file when handling shadow passwords. This 30 makes your system smaller and I will get fewer emails asking about 31 how glibc NSS works). When this option is enabled, you will not be 32 able to use PAM to access shadow passwords from remote LDAP 33 password servers and whatnot. 34 35config USE_BB_PWD_GRP 36 bool "Use internal password and group functions rather than system functions" 37 default n 38 help 39 If you leave this disabled, busybox will use the system's password 40 and group functions. And if you are using the GNU C library 41 (glibc), you will then need to install the /etc/nsswitch.conf 42 configuration file and the required /lib/libnss_* libraries in 43 order for the password and group functions to work. This generally 44 makes your embedded system quite a bit larger. 45 46 Enabling this option will cause busybox to directly access the 47 system's /etc/password, /etc/group files (and your system will be 48 smaller, and I will get fewer emails asking about how glibc NSS 49 works). When this option is enabled, you will not be able to use 50 PAM to access remote LDAP password servers and whatnot. And if you 51 want hostname resolution to work with glibc, you still need the 52 /lib/libnss_* libraries. 53 54 If you enable this option, it will add about 1.5k to busybox. 55 56config ADDGROUP 57 bool "addgroup" 58 default n 59 help 60 Utility for creating a new group account. 61 62config FEATURE_ADDUSER_TO_GROUP 63 bool "Support for adding users to groups" 64 default n 65 depends on ADDGROUP 66 help 67 If called with two non-option arguments, 68 addgroup will add an existing user to an 69 existing group. 70 71config DELGROUP 72 bool "delgroup" 73 default n 74 help 75 Utility for deleting a group account. 76 77config FEATURE_DEL_USER_FROM_GROUP 78 bool "Support for removing users from groups." 79 default n 80 depends on DELGROUP 81 help 82 If called with two non-option arguments, deluser 83 or delgroup will remove an user from a specified group. 84 85config ADDUSER 86 bool "adduser" 87 default n 88 help 89 Utility for creating a new user account. 90 91config DELUSER 92 bool "deluser" 93 default n 94 help 95 Utility for deleting a user account. 96 97config GETTY 98 bool "getty" 99 default n 100 select FEATURE_SYSLOG 101 help 102 getty lets you log in on a tty, it is normally invoked by init. 103 104config FEATURE_UTMP 105 bool "Support utmp file" 106 depends on GETTY || LOGIN || SU || WHO 107 default n 108 help 109 The file /var/run/utmp is used to track who is currently logged in. 110 111config FEATURE_WTMP 112 bool "Support wtmp file" 113 depends on GETTY || LOGIN || SU || LAST 114 default n 115 select FEATURE_UTMP 116 help 117 The file /var/run/wtmp is used to track when user's have logged into 118 and logged out of the system. 119 120config LOGIN 121 bool "login" 122 default n 123 select FEATURE_SUID 124 select FEATURE_SYSLOG 125 help 126 login is used when signing onto a system. 127 128 Note that Busybox binary must be setuid root for this applet to 129 work properly. 130 131config PAM 132 bool "Support for PAM (Pluggable Authentication Modules)" 133 default n 134 depends on LOGIN 135 help 136 Use PAM in login(1) instead of direct access to password database. 137 138config LOGIN_SCRIPTS 139 bool "Support for login scripts" 140 depends on LOGIN 141 default n 142 help 143 Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT 144 just prior to switching from root to logged-in user. 145 146config FEATURE_NOLOGIN 147 bool "Support for /etc/nologin" 148 default y 149 depends on LOGIN 150 help 151 The file /etc/nologin is used by (some versions of) login(1). 152 If it exists, non-root logins are prohibited. 153 154config FEATURE_SECURETTY 155 bool "Support for /etc/securetty" 156 default y 157 depends on LOGIN 158 help 159 The file /etc/securetty is used by (some versions of) login(1). 160 The file contains the device names of tty lines (one per line, 161 without leading /dev/) on which root is allowed to login. 162 163config PASSWD 164 bool "passwd" 165 default n 166 select FEATURE_SUID 167 select FEATURE_SYSLOG 168 help 169 passwd changes passwords for user and group accounts. A normal user 170 may only change the password for his/her own account, the super user 171 may change the password for any account. The administrator of a group 172 may change the password for the group. 173 174 Note that Busybox binary must be setuid root for this applet to 175 work properly. 176 177config FEATURE_PASSWD_WEAK_CHECK 178 bool "Check new passwords for weakness" 179 default y 180 depends on PASSWD 181 help 182 With this option passwd will refuse new passwords which are "weak". 183 184config CRYPTPW 185 bool "cryptpw" 186 default n 187 help 188 Applet for crypting a string. 189 190config CHPASSWD 191 bool "chpasswd" 192 default n 193 help 194 chpasswd reads a file of user name and password pairs from 195 standard input and uses this information to update a group of 196 existing users. 197 198config SU 199 bool "su" 200 default n 201 select FEATURE_SUID 202 select FEATURE_SYSLOG 203 help 204 su is used to become another user during a login session. 205 Invoked without a username, su defaults to becoming the super user. 206 207 Note that Busybox binary must be setuid root for this applet to 208 work properly. 209 210config FEATURE_SU_SYSLOG 211 bool "Enable su to write to syslog" 212 default y 213 depends on SU 214 215config FEATURE_SU_CHECKS_SHELLS 216 bool "Enable su to check user's shell to be listed in /etc/shells" 217 depends on SU 218 default y 219 220config SULOGIN 221 bool "sulogin" 222 default n 223 select FEATURE_SYSLOG 224 help 225 sulogin is invoked when the system goes into single user 226 mode (this is done through an entry in inittab). 227 228config VLOCK 229 bool "vlock" 230 default n 231 select FEATURE_SUID 232 help 233 Build the "vlock" applet which allows you to lock (virtual) terminals. 234 235 Note that Busybox binary must be setuid root for this applet to 236 work properly. 237 238endmenu 239 240