# # For a description of the syntax of this configuration file, # see scripts/kbuild/config-language.txt. # menu "Login/Password Management Utilities" depends on BUSYBOX config BB_CONFIG_FEATURE_SHADOWPASSWDS bool "Support for shadow passwords" default n help Build support for shadow password in /etc/shadow. This file is only readable by root and thus the encrypted passwords are no longer publicly readable. config BB_CONFIG_USE_BB_SHADOW bool "Use busybox shadow password functions" default y depends on BB_CONFIG_USE_BB_PWD_GRP && BB_CONFIG_FEATURE_SHADOWPASSWDS help If you leave this disabled, busybox will use the system's shadow password handling functions. And if you are using the GNU C library (glibc), you will then need to install the /etc/nsswitch.conf configuration file and the required /lib/libnss_* libraries in order for the shadow password functions to work. This generally makes your embedded system quite a bit larger. Enabling this option will cause busybox to directly access the system's /etc/shadow file when handling shadow passwords. This makes your system smaller and I will get fewer emails asking about how glibc NSS works). When this option is enabled, you will not be able to use PAM to access shadow passwords from remote LDAP password servers and whatnot. config BB_CONFIG_USE_BB_PWD_GRP bool "Use internal password and group functions rather than system functions" default n help If you leave this disabled, busybox will use the system's password and group functions. And if you are using the GNU C library (glibc), you will then need to install the /etc/nsswitch.conf configuration file and the required /lib/libnss_* libraries in order for the password and group functions to work. This generally makes your embedded system quite a bit larger. Enabling this option will cause busybox to directly access the system's /etc/password, /etc/group files (and your system will be smaller, and I will get fewer emails asking about how glibc NSS works). When this option is enabled, you will not be able to use PAM to access remote LDAP password servers and whatnot. And if you want hostname resolution to work with glibc, you still need the /lib/libnss_* libraries. If you enable this option, it will add about 1.5k to busybox. config BB_CONFIG_ADDGROUP bool "addgroup" default n help Utility for creating a new group account. config BB_CONFIG_FEATURE_ADDUSER_TO_GROUP bool "Support for adding users to groups" default n depends on BB_CONFIG_ADDGROUP help If called with two non-option arguments, addgroup will add an existing user to an existing group. config BB_CONFIG_DELGROUP bool "delgroup" default n help Utility for deleting a group account. config BB_CONFIG_FEATURE_DEL_USER_FROM_GROUP bool "Support for removing users from groups." default n depends on BB_CONFIG_DELGROUP help If called with two non-option arguments, deluser or delgroup will remove an user from a specified group. config BB_CONFIG_FEATURE_CHECK_NAMES bool "Enable sanity check on user/group names in adduser and addgroup" default n depends on BB_CONFIG_ADDUSER || BB_CONFIG_ADDGROUP help Enable sanity check on user and group names in adduser and addgroup. To avoid problems, the user or group name should consist only of letters, digits, underscores, periods, at signs and dashes, and not start with a dash (as defined by IEEE Std 1003.1-2001). For compatibility with Samba machine accounts "$" is also supported at the end of the user or group name. config BB_CONFIG_ADDUSER bool "adduser" default n help Utility for creating a new user account. config BB_CONFIG_FEATURE_ADDUSER_LONG_OPTIONS bool "Enable long options" default n depends on BB_CONFIG_ADDUSER && BB_CONFIG_GETOPT_LONG help Support long options for the adduser applet. config BB_CONFIG_DELUSER bool "deluser" default n help Utility for deleting a user account. config BB_CONFIG_GETTY bool "getty" default n select BB_CONFIG_FEATURE_SYSLOG help getty lets you log in on a tty, it is normally invoked by init. config BB_CONFIG_FEATURE_UTMP bool "Support utmp file" depends on BB_CONFIG_GETTY || BB_CONFIG_LOGIN || BB_CONFIG_SU || BB_CONFIG_WHO default n help The file /var/run/utmp is used to track who is currently logged in. config BB_CONFIG_FEATURE_WTMP bool "Support wtmp file" depends on BB_CONFIG_GETTY || BB_CONFIG_LOGIN || BB_CONFIG_SU || BB_CONFIG_LAST default n select BB_CONFIG_FEATURE_UTMP help The file /var/run/wtmp is used to track when user's have logged into and logged out of the system. config BB_CONFIG_LOGIN bool "login" default n select BB_CONFIG_FEATURE_SUID select BB_CONFIG_FEATURE_SYSLOG help login is used when signing onto a system. Note that Busybox binary must be setuid root for this applet to work properly. config BB_CONFIG_PAM bool "Support for PAM (Pluggable Authentication Modules)" default n depends on BB_CONFIG_LOGIN help Use PAM in login(1) instead of direct access to password database. config BB_CONFIG_LOGIN_SCRIPTS bool "Support for login scripts" depends on BB_CONFIG_LOGIN default n help Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT just prior to switching from root to logged-in user. config BB_CONFIG_FEATURE_NOLOGIN bool "Support for /etc/nologin" default y depends on BB_CONFIG_LOGIN help The file /etc/nologin is used by (some versions of) login(1). If it exists, non-root logins are prohibited. config BB_CONFIG_FEATURE_SECURETTY bool "Support for /etc/securetty" default y depends on BB_CONFIG_LOGIN help The file /etc/securetty is used by (some versions of) login(1). The file contains the device names of tty lines (one per line, without leading /dev/) on which root is allowed to login. config BB_CONFIG_PASSWD bool "passwd" default n select BB_CONFIG_FEATURE_SUID select BB_CONFIG_FEATURE_SYSLOG help passwd changes passwords for user and group accounts. A normal user may only change the password for his/her own account, the super user may change the password for any account. The administrator of a group may change the password for the group. Note that Busybox binary must be setuid root for this applet to work properly. config BB_CONFIG_FEATURE_PASSWD_WEAK_CHECK bool "Check new passwords for weakness" default y depends on BB_CONFIG_PASSWD help With this option passwd will refuse new passwords which are "weak". config BB_CONFIG_CRYPTPW bool "cryptpw" default n help Applet for crypting a string. config BB_CONFIG_CHPASSWD bool "chpasswd" default n help chpasswd reads a file of user name and password pairs from standard input and uses this information to update a group of existing users. config BB_CONFIG_SU bool "su" default n select BB_CONFIG_FEATURE_SUID select BB_CONFIG_FEATURE_SYSLOG help su is used to become another user during a login session. Invoked without a username, su defaults to becoming the super user. Note that Busybox binary must be setuid root for this applet to work properly. config BB_CONFIG_FEATURE_SU_SYSLOG bool "Enable su to write to syslog" default y depends on BB_CONFIG_SU config BB_CONFIG_FEATURE_SU_CHECKS_SHELLS bool "Enable su to check user's shell to be listed in /etc/shells" depends on BB_CONFIG_SU default y config BB_CONFIG_SULOGIN bool "sulogin" default n select BB_CONFIG_FEATURE_SYSLOG help sulogin is invoked when the system goes into single user mode (this is done through an entry in inittab). config BB_CONFIG_VLOCK bool "vlock" default n select BB_CONFIG_FEATURE_SUID help Build the "vlock" applet which allows you to lock (virtual) terminals. Note that Busybox binary must be setuid root for this applet to work properly. endmenu