From 9649f085e9ac0430994e88272c3e2825cc4c49d5 Mon Sep 17 00:00:00 2001 From: Koen Kooi Date: Mon, 22 Mar 2010 01:06:49 +0000 Subject: shadow: try to fix serial-login issue Acked-by: Acked-by: Philip Balister --- recipes/shadow/files/pam.d/login | 2 +- recipes/shadow/files/securetty | 167 +++++++++++++++++++++++++++++++++++++++ recipes/shadow/shadow_4.1.4.2.bb | 5 +- 3 files changed, 172 insertions(+), 2 deletions(-) create mode 100644 recipes/shadow/files/securetty diff --git a/recipes/shadow/files/pam.d/login b/recipes/shadow/files/pam.d/login index 2186d3eee9..65992c626c 100644 --- a/recipes/shadow/files/pam.d/login +++ b/recipes/shadow/files/pam.d/login @@ -20,7 +20,7 @@ auth optional pam_faildelay.so delay=3000000 # You can change it to a "required" module if you think it permits to # guess valid user names of your system (invalid user names are considered # as possibly being root). -auth requisite pam_securetty.so +auth [success=ok ignore=ignore user_unknown=ignore default=die] pam_securetty.so # Disallows other than root logins when /etc/nologin exists # (Replaces the `NOLOGINS_FILE' option from login.defs) diff --git a/recipes/shadow/files/securetty b/recipes/shadow/files/securetty new file mode 100644 index 0000000000..2705baaac5 --- /dev/null +++ b/recipes/shadow/files/securetty @@ -0,0 +1,167 @@ +# /etc/securetty: list of terminals on which root is allowed to login. +# See securetty(5) and login(1). +console + +# Standard serial ports +ttyS0 +ttyS1 + +# USB dongles +ttyUSB0 +ttyUSB1 +ttyUSB2 + +# Embedded MPC platforms +ttyPSC0 +ttyPSC1 +ttyPSC2 +ttyPSC3 +ttyPSC4 +ttyPSC5 + +# PA-RISC mux ports +ttyB0 +ttyB1 + +# Standard hypervisor virtual console +hvc0 + +# Oldstyle Xen console +xvc0 + +# Standard consoles +tty1 +tty2 +tty3 +tty4 +tty5 +tty6 +tty7 +tty8 +tty9 +tty10 +tty11 +tty12 +tty13 +tty14 +tty15 +tty16 +tty17 +tty18 +tty19 +tty20 +tty21 +tty22 +tty23 +tty24 +tty25 +tty26 +tty27 +tty28 +tty29 +tty30 +tty31 +tty32 +tty33 +tty34 +tty35 +tty36 +tty37 +tty38 +tty39 +tty40 +tty41 +tty42 +tty43 +tty44 +tty45 +tty46 +tty47 +tty48 +tty49 +tty50 +tty51 +tty52 +tty53 +tty54 +tty55 +tty56 +tty57 +tty58 +tty59 +tty60 +tty61 +tty62 +tty63 + +# devfs consoles +# Note: On kernels greater than 2.6.12, this is not needed. + +# Standard serial ports, with devfs +tts/0 +tts/1 + +# Standard consoles, with devfs +vc/1 +vc/2 +vc/3 +vc/4 +vc/5 +vc/6 +vc/7 +vc/8 +vc/9 +vc/10 +vc/11 +vc/12 +vc/13 +vc/14 +vc/15 +vc/16 +vc/17 +vc/18 +vc/19 +vc/20 +vc/21 +vc/22 +vc/23 +vc/24 +vc/25 +vc/26 +vc/27 +vc/28 +vc/29 +vc/30 +vc/31 +vc/32 +vc/33 +vc/34 +vc/35 +vc/36 +vc/37 +vc/38 +vc/39 +vc/40 +vc/41 +vc/42 +vc/43 +vc/44 +vc/45 +vc/46 +vc/47 +vc/48 +vc/49 +vc/50 +vc/51 +vc/52 +vc/53 +vc/54 +vc/55 +vc/56 +vc/57 +vc/58 +vc/59 +vc/60 +vc/61 +vc/62 +vc/63 diff --git a/recipes/shadow/shadow_4.1.4.2.bb b/recipes/shadow/shadow_4.1.4.2.bb index 04887a01d1..7f6402358c 100644 --- a/recipes/shadow/shadow_4.1.4.2.bb +++ b/recipes/shadow/shadow_4.1.4.2.bb @@ -4,7 +4,7 @@ LICENSE = "GPL" DEPEND = "libpam" RDEPEND = "${DEPEND}" -PR = "r5" +PR = "r6" EXTRA_OECONF += " --enable-shared --enable-static --with-libpam --without-libcrack" @@ -24,6 +24,7 @@ SRC_URI_append = " \ file://pam.d/newusers \ file://pam.d/passwd \ file://pam.d/su \ + file://securetty \ " S = "${WORKDIR}/shadow-${PV}" @@ -49,4 +50,6 @@ do_install_append() { # The system MDA will set this later anyway. sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs + + install -m 0644 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty } -- cgit 1.2.3-korg