73 lines
2.2 KiB
Text
73 lines
2.2 KiB
Text
From 09850623c6c5c4e4738088c80de82952f9f48c27 Mon Sep 17 00:00:00 2001
|
|
From: David Runge <dvzrv@archlinux.org>
|
|
Date: Mon, 31 Oct 2022 10:10:22 +0100
|
|
Subject: [PATCH 3/4] Add Arch Linux defaults for login.defs
|
|
|
|
etc/login.defs:
|
|
Change ENV_SUPATH and ENV_SUPATH to only use
|
|
/usr/local/sbin:/usr/local/bin:/usr/bin as Arch Linux is a /usr merge
|
|
and bin merge distribution.
|
|
Change UMASK to 077 as it is considered a more privacy conserving
|
|
default than 022.
|
|
Change SYS_UID_MIN and SYS_GID_MIN to 500 which gives more space for
|
|
distribution added UIDs and GIDs.
|
|
Change ENCRYPT_METHOD to SHA512 as it is a safer hashing algorithm than
|
|
DES.
|
|
---
|
|
etc/login.defs | 12 ++++++------
|
|
1 file changed, 6 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/etc/login.defs b/etc/login.defs
|
|
index 7c633a57..ea841257 100644
|
|
--- a/etc/login.defs
|
|
+++ b/etc/login.defs
|
|
@@ -55,8 +55,8 @@ HUSHLOGIN_FILE .hushlogin
|
|
# *REQUIRED* The default PATH settings, for superuser and normal users.
|
|
#
|
|
# (they are minimal, add the rest in the shell startup files)
|
|
-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
|
-ENV_PATH PATH=/bin:/usr/bin
|
|
+ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
|
|
+ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
|
|
|
|
#
|
|
# Terminal permissions
|
|
@@ -79,7 +79,7 @@ TTYPERM 0600
|
|
# 022 is the default value, but 027, or even 077, could be considered
|
|
# for increased privacy. There is no One True Answer here: each sysadmin
|
|
# must make up their mind.
|
|
-UMASK 022
|
|
+UMASK 077
|
|
|
|
# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
|
|
# home directories.
|
|
@@ -103,7 +103,7 @@ PASS_WARN_AGE 7
|
|
UID_MIN 1000
|
|
UID_MAX 60000
|
|
# System accounts
|
|
-SYS_UID_MIN 101
|
|
+SYS_UID_MIN 500
|
|
SYS_UID_MAX 999
|
|
# Extra per user uids
|
|
SUB_UID_MIN 100000
|
|
@@ -116,7 +116,7 @@ SUB_UID_COUNT 65536
|
|
GID_MIN 1000
|
|
GID_MAX 60000
|
|
# System accounts
|
|
-SYS_GID_MIN 101
|
|
+SYS_GID_MIN 500
|
|
SYS_GID_MAX 999
|
|
# Extra per user group ids
|
|
SUB_GID_MIN 100000
|
|
@@ -153,7 +153,7 @@ CHFN_RESTRICT rwh
|
|
# Note: If you use PAM, it is recommended to use a value consistent with
|
|
# the PAM modules configuration.
|
|
#
|
|
-#ENCRYPT_METHOD DES
|
|
+ENCRYPT_METHOD SHA512
|
|
|
|
#
|
|
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
|
|
--
|
|
2.38.1
|
|
|