File shadow-login_defs-comments.patch of Package shadow.27230
Improve comments in login.defs. Index: etc/login.defs =================================================================== --- etc/login.defs.orig +++ etc/login.defs @@ -3,8 +3,6 @@ # Some variables are used by login(1), su(1) and runuser(1) from util-linux # package as well pam pam_unix(8) from pam package. # -# $Id$ -# # # Delay in seconds before being allowed another attempt after a login failure @@ -23,15 +21,6 @@ LOG_UNKFAIL_ENAB no # # -# Limit the highest user ID number for which the lastlog entries should -# be updated. -# -# No LASTLOG_UID_MAX means that there is no user ID limit for writing -# lastlog entries. -# -#LASTLOG_UID_MAX - -# # Enable "syslog" logging of newgrp(1) and sg(1) activity - in addition # to sulog file logging. # @@ -46,6 +35,15 @@ CONSOLE /etc/securetty #CONSOLE console:tty01:tty02:tty03:tty04 # +# Limit the highest user ID number for which the lastlog entries should +# be updated. +# +# No LASTLOG_UID_MAX means that there is no user ID limit for writing +# lastlog entries. +# +#LASTLOG_UID_MAX + +# # If defined, all su(1) activity is logged to this file. # #SULOG_FILE /var/log/sulog @@ -99,11 +97,14 @@ ENV_PATH /bin:/usr/bin ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin #ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin -# If this variable is set to "yes", su will always set path. every su -# call will overwrite the PATH variable. +# If this variable is set to "yes" (default is "no"), su will always set +# path. every su call will overwrite the PATH variable. # # Per default, only "su -" will set a new PATH. # +# The recommended value is "yes". The default "no" behavior could have +# a security implication in applications that use commands without path. +# ALWAYS_SET_PATH no # @@ -148,6 +149,11 @@ PASS_WARN_AGE 7 # # Min/max values for automatic uid selection in useradd(8) # +# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for +# UIDs for dynamically allocated administrative and system accounts. +# UID_MIN to UID_MAX inclusive is the range of UIDs of dynamically +# allocated user accounts. +# UID_MIN 1000 UID_MAX 60000 # System accounts @@ -161,6 +167,11 @@ SUB_UID_COUNT 65536 # # Min/max values for automatic gid selection in groupadd(8) # +# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for +# GIDs for dynamically allocated administrative and system groups. +# GID_MIN to GID_MAX inclusive is the range of GIDs of dynamically +# allocated groups. +# GID_MIN 1000 GID_MAX 60000 # System accounts @@ -190,7 +201,6 @@ LOGIN_TIMEOUT 60 CHFN_RESTRICT rwh # -# Only works if compiled with MD5_CRYPT defined: # If set to "yes", new passwords will be encrypted using the MD5-based # algorithm compatible with the one used by recent releases of FreeBSD. # It supports passwords of unlimited length and longer salt strings. @@ -205,7 +215,6 @@ CHFN_RESTRICT rwh #MD5_CRYPT_ENAB no # -# Only works if compiled with ENCRYPTMETHOD_SELECT defined: # If set to MD5, MD5-based algorithm will be used for encrypting password # If set to SHA256, SHA256-based algorithm will be used for encrypting password # If set to SHA512, SHA512-based algorithm will be used for encrypting password
