1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
--- ./etc/login.defs.linux.orig 2000-08-26 13:27:10.000000000 -0500
+++ ./etc/login.defs.linux 2008-03-24 15:10:09.000000000 -0500
@@ -170,8 +170,8 @@
# *REQUIRED* The default PATH settings, for superuser and normal users.
#
# (they are minimal, add the rest in the shell startup files)
-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
-ENV_PATH PATH=/bin:/usr/bin
+ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
+ENV_PATH PATH=/usr/local/bin:/bin:/usr/bin
#
# Terminal permissions
@@ -185,7 +185,7 @@
# TTYPERM to either 622 or 600.
#
TTYGROUP tty
-TTYPERM 0600
+TTYPERM 0620
#
# Login configuration initializations:
@@ -230,7 +230,7 @@
#
# If compiled with cracklib support, where are the dictionaries
#
-CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
+#CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
#
# Min/max values for automatic uid selection in useradd
@@ -282,7 +282,7 @@
# phone, home phone). If not defined, no changes are allowed.
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
#
-CHFN_RESTRICT rwh
+CHFN_RESTRICT frwh
#
# Password prompt (%s will be replaced by user name).
@@ -299,7 +299,7 @@
# Set to "no" if you need to copy encrypted passwords to other systems
# which don't understand the new algorithm. Default is "no".
#
-#MD5_CRYPT_ENAB no
+MD5_CRYPT_ENAB yes
#
# List of groups to add to the user's supplementary group set
@@ -310,7 +310,16 @@
# access to these groups, even when not logged in on the console.
# How to do it is left as an exercise for the reader...
#
-#CONSOLE_GROUPS floppy:audio:cdrom
+# Most of these groups are self-explanatory.
+#
+# Note that users are added to these default groups only when
+# logging into a shell with /bin/login, not when using a login
+# manager such as kdm. In that case, users who should have
+# hardware access must be added to the appropriate groups
+# when the user is added with adduser or useradd, or by editing
+# /etc/group directly.
+#
+CONSOLE_GROUPS floppy:audio:cdrom:video
#
# Should login be allowed if we can't cd to the home directory?
|
