1#
2# For a description of the syntax of this configuration file,
3# see scripts/kbuild/config-language.txt.
4#
5
6menu "Login/Password Management Utilities"
7
8config FEATURE_SHADOWPASSWDS
9	bool "Support for shadow passwords"
10	default n
11	help
12	  Build support for shadow password in /etc/shadow.  This file is only
13	  readable by root and thus the encrypted passwords are no longer
14	  publicly readable.
15
16config USE_BB_SHADOW
17	bool "  Use busybox shadow password functions"
18	default y
19	depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS
20	help
21	    If you leave this disabled, busybox will use the system's shadow
22	    password handling functions.  And if you are using the GNU C library
23	    (glibc), you will then need to install the /etc/nsswitch.conf
24	    configuration file and the required /lib/libnss_* libraries in
25	    order for the shadow password functions to work.  This generally
26	    makes your embedded system quite a bit larger.
27
28	    Enabling this option will cause busybox to directly access the
29	    system's /etc/shadow file when handling shadow passwords.  This
30	    makes your system smaller and I will get fewer emails asking about
31	    how glibc NSS works).  When this option is enabled, you will not be
32	    able to use PAM to access shadow passwords from remote LDAP
33	    password servers and whatnot.
34
35config USE_BB_PWD_GRP
36	bool "Use internal password and group functions rather than system functions"
37	default n
38	help
39	    If you leave this disabled, busybox will use the system's password
40	    and group functions.  And if you are using the GNU C library
41	    (glibc), you will then need to install the /etc/nsswitch.conf
42	    configuration file and the required /lib/libnss_* libraries in
43	    order for the password and group functions to work.  This generally
44	    makes your embedded system quite a bit larger.
45
46	    Enabling this option will cause busybox to directly access the
47	    system's /etc/password, /etc/group files (and your system will be
48	    smaller, and I will get fewer emails asking about how glibc NSS
49	    works).  When this option is enabled, you will not be able to use
50	    PAM to access remote LDAP password servers and whatnot.  And if you
51	    want hostname resolution to work with glibc, you still need the
52	    /lib/libnss_* libraries.
53
54	    If you enable this option, it will add about 1.5k to busybox.
55
56config ADDGROUP
57	bool "addgroup"
58	default n
59	help
60	  Utility for creating a new group account.
61
62config FEATURE_ADDUSER_TO_GROUP
63	bool "Support for adding users to groups"
64	default n
65	depends on ADDGROUP
66	help
67	  If  called  with two non-option arguments,
68	  addgroup will add an existing user to an
69	  existing group.
70
71config DELGROUP
72	bool "delgroup"
73	default n
74	help
75	  Utility for deleting a group account.
76
77config FEATURE_DEL_USER_FROM_GROUP
78	bool "Support for removing users from groups."
79	default n
80	depends on DELGROUP
81	help
82	  If called with two non-option arguments, deluser
83	  or delgroup will remove an user from a specified group.
84
85config ADDUSER
86	bool "adduser"
87	default n
88	help
89	  Utility for creating a new user account.
90
91config DELUSER
92	bool "deluser"
93	default n
94	help
95	  Utility for deleting a user account.
96
97config GETTY
98	bool "getty"
99	default n
100	select FEATURE_SYSLOG
101	help
102	  getty lets you log in on a tty, it is normally invoked by init.
103
104config FEATURE_UTMP
105	bool "Support utmp file"
106	depends on GETTY || LOGIN || SU || WHO
107	default n
108	help
109	  The file /var/run/utmp is used to track who is currently logged in.
110
111config FEATURE_WTMP
112	bool "Support wtmp file"
113	depends on GETTY || LOGIN || SU || LAST
114	default n
115	select FEATURE_UTMP
116	help
117	  The file /var/run/wtmp is used to track when user's have logged into
118	  and logged out of the system.
119
120config LOGIN
121	bool "login"
122	default n
123	select FEATURE_SUID
124	select FEATURE_SYSLOG
125	help
126	  login is used when signing onto a system.
127
128	  Note that Busybox binary must be setuid root for this applet to
129	  work properly.
130
131config PAM
132	bool "Support for PAM (Pluggable Authentication Modules)"
133	default n
134	depends on LOGIN
135	help
136	  Use PAM in login(1) instead of direct access to password database.
137
138config LOGIN_SCRIPTS
139	bool "Support for login scripts"
140	depends on LOGIN
141	default n
142	help
143	  Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT
144	  just prior to switching from root to logged-in user.
145
146config FEATURE_NOLOGIN
147	bool "Support for /etc/nologin"
148	default y
149	depends on LOGIN
150	help
151	  The file /etc/nologin is used by (some versions of) login(1).
152	  If it exists, non-root logins are prohibited.
153
154config FEATURE_SECURETTY
155	bool "Support for /etc/securetty"
156	default y
157	depends on LOGIN
158	help
159	  The file /etc/securetty is used by (some versions of) login(1).
160	  The file contains the device names of tty lines (one per line,
161	  without leading /dev/) on which root is allowed to login.
162
163config PASSWD
164	bool "passwd"
165	default n
166	select FEATURE_SUID
167	select FEATURE_SYSLOG
168	help
169	  passwd changes passwords for user and group accounts.  A normal user
170	  may only change the password for his/her own account, the super user
171	  may change the password for any account.  The administrator of a group
172	  may change the password for the group.
173
174	  Note that Busybox binary must be setuid root for this applet to
175	  work properly.
176
177config FEATURE_PASSWD_WEAK_CHECK
178	bool "Check new passwords for weakness"
179	default y
180	depends on PASSWD
181	help
182	  With this option passwd will refuse new passwords which are "weak".
183
184config CRYPTPW
185	bool "cryptpw"
186	default n
187	help
188	  Applet for crypting a string.
189
190config CHPASSWD
191       bool "chpasswd"
192       default n
193       help
194         chpasswd  reads  a  file  of user name and password pairs from
195         standard input and uses this information to update a group of
196         existing users.
197
198config SU
199	bool "su"
200	default n
201	select FEATURE_SUID
202	select FEATURE_SYSLOG
203	help
204	  su is used to become another user during a login session.
205	  Invoked without a username, su defaults to becoming the super user.
206
207	  Note that Busybox binary must be setuid root for this applet to
208	  work properly.
209
210config FEATURE_SU_SYSLOG
211	bool "Enable su to write to syslog"
212	default y
213	depends on SU
214
215config FEATURE_SU_CHECKS_SHELLS
216	bool "Enable su to check user's shell to be listed in /etc/shells"
217	depends on SU
218	default y
219
220config SULOGIN
221	bool "sulogin"
222	default n
223	select FEATURE_SYSLOG
224	help
225	  sulogin is invoked when the system goes into single user
226	  mode (this is done through an entry in inittab).
227
228config VLOCK
229	bool "vlock"
230	default n
231	select FEATURE_SUID
232	help
233	  Build the "vlock" applet which allows you to lock (virtual) terminals.
234
235	  Note that Busybox binary must be setuid root for this applet to
236	  work properly.
237
238endmenu
239
240