summaryrefslogtreecommitdiff
path: root/source/a/shadow/shadow.login.defs.diff
blob: bfed463ae27b1f5730db2959e986ab95c4190577 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
--- ./etc/login.defs.linux.orig	2000-08-26 13:27:10.000000000 -0500
+++ ./etc/login.defs.linux	2008-03-24 15:10:09.000000000 -0500
@@ -170,8 +170,8 @@
 # *REQUIRED*  The default PATH settings, for superuser and normal users.
 #
 # (they are minimal, add the rest in the shell startup files)
-ENV_SUPATH	PATH=/sbin:/bin:/usr/sbin:/usr/bin
-ENV_PATH	PATH=/bin:/usr/bin
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
+ENV_PATH	PATH=/usr/local/bin:/bin:/usr/bin
 
 #
 # Terminal permissions
@@ -185,7 +185,7 @@
 # TTYPERM to either 622 or 600.
 #
 TTYGROUP	tty
-TTYPERM		0600
+TTYPERM		0620
 
 #
 # Login configuration initializations:
@@ -230,7 +230,7 @@
 #
 # If compiled with cracklib support, where are the dictionaries
 #
-CRACKLIB_DICTPATH	/var/cache/cracklib/cracklib_dict
+#CRACKLIB_DICTPATH	/var/cache/cracklib/cracklib_dict
 
 #
 # Min/max values for automatic uid selection in useradd
@@ -282,7 +282,7 @@
 # phone, home phone).  If not defined, no changes are allowed.
 # For backward compatibility, "yes" = "rwh" and "no" = "frwh".
 # 
-CHFN_RESTRICT		rwh
+CHFN_RESTRICT		frwh
 
 #
 # Password prompt (%s will be replaced by user name).
@@ -299,7 +299,7 @@
 # Set to "no" if you need to copy encrypted passwords to other systems
 # which don't understand the new algorithm.  Default is "no".
 #
-#MD5_CRYPT_ENAB	no
+MD5_CRYPT_ENAB	yes
 
 #
 # List of groups to add to the user's supplementary group set
@@ -310,7 +310,16 @@
 # access to these groups, even when not logged in on the console.
 # How to do it is left as an exercise for the reader...
 #
-#CONSOLE_GROUPS		floppy:audio:cdrom
+# Most of these groups are self-explanatory.
+#
+# Note that users are added to these default groups only when
+# logging into a shell with /bin/login, not when using a login
+# manager such as kdm.  In that case, users who should have
+# hardware access must be added to the appropriate groups
+# when the user is added with adduser or useradd, or by editing
+# /etc/group directly.
+#
+CONSOLE_GROUPS		floppy:audio:cdrom:video
 
 #
 # Should login be allowed if we can't cd to the home directory?