[Toybox] New toy: login

Rob Landley rob at landley.net
Tue Apr 24 19:18:38 PDT 2012


On 04/24/2012 04:16 PM, Elie De Brauwer wrote:
> Hello world,
> 
> In attachment you can find an initial version of login. For the moment
> still rather basic, it supports:
>  - shadow passwords
>  - /etc/nologon
>  - /etc/motd
>  - passwd style account locking
> It requires linking with glibc's crypt (for crypt()) for now.

Applied, but with reservations.

Specifically, you add three new headers, one of which is in susv4
(syslog.h) and two of which aren't (crypt.h and shadow.h).

This implies we should have another config time probe in
scripts/genconfig.sh to go with the unshare() probe, setting some kind
of symbol (TOYBOX_CSHADOW) that login can depend on the way unshare does
now. We can do one probe for both crypt and shadow, I'm not sure making
shadow configurable in 2012 buys us much. World readable /etc/passwd is
obsolete.

Probably also good to make the new --as-needed stanza be conditionally
added to some sort of $AS_NEEDED evironment variable, and used through
that on the compiler command line.  (I dunno what the compiler does on
systems that haven't got -lcrypt, I thin even with --as-needed that's a
build break if the library isn't found. I know glibc and uClibc can
provide this, not sure about musl, who knows about macosx and I still
haven't got a bionic test environment set up. So yeah, not in susv4 or
implies a probe when it comes to headers.)

> It does not support pam/securetty/ etc/issue / selinux/utmp yet.

Not hugely bothered by the lack of any of that. I vaguely recall pam
support is mostly libc's problem, and selinux is _entirely_ Red Hat's
problem

(<rant type="selinux">If you want to run PHEL (Pointy Hair Enterprise
Linux), you know where to find it. I can be talked out of this position,
but am waiting for actual users to show up before caring. Making the
system more COMPLICATED is not the same as making it more SECURE. Secure
works like waterproof. Clueless bureaucrats tend to confuse availability
with security: clustering with heartbeat and failover may keep the
system up through lightning strikes but doesn't keep the right data in
and the wrong data out. Geographic distribution makes security _harder_,
but it _does_ increase the price tag, which makes the pointy-haired
happy in a "something must be done, this is something, therefore it must
be done" way. </rant>)

Isn't /etc/issue your shell profile's problem (or is that motd)?

I note that multi-user shared server systems aren't really the common
case anymore. (When that _does_ happen it generally involves a vm or
containers these days.) The real advantage of a multi-user OS these days
is your programs can have roles so your web browser can't format your
hard drive without a password. That's valuable, but doesn't involve
friendly little notes from the sysadmin. If you've got one, they can
email you.

As for utmp, that might be implicitly required by susv4, but a quick
glance isn't finding it.  ("who" is querying pty/tty, not login
records.) I don't actually remember what securetty is but it sounds like
a vga console thing and thus somewhere between "low priority" and
"historical relic".

> Btw, it contains several functions which are candidates for reuse for
> other tools which relate to user management. These functions will be put
> common once the need for that becomes clear.

Cool.

> I've just tested this on my system without much special things present,
> so there's some room for testing on more 'special' cases.

My aboriginal linux systems boot to a shell prompt and thus don't use
login, I haven't got a test case set up for this.

> Comments welcome.

Tonight my sadly insufficient brainpower is <strike>focused</strike>
waved vaguely towards upgrading "ls", and since I still have this darn
cold that's not much. But this is on the to-review heap. (Currently the
top of that heap is "finish going through the mode parsing stuff", I got
it about 1/3 reviewed I think. Then Georgi's "please send me one
patch... that's 10 patches." pile.)

Thanks,

Rob
-- 
GNU/Linux isn't: Linux=GPLv2, GNU=GPLv3+, they can't share code.
Either it's "mere aggregation", or a license violation.  Pick one.



More information about the Toybox mailing list