patches/shadow/shadow-login.defs.diff

   1 --- etc/login.defs.orig 2018-04-29 13:42:37.000000000 -0300
   2 +++ etc/login.defs      2018-05-04 12:08:23.836672298 -0300
   3 @@ -9,7 +9,7 @@
   4  # Note: When PAM is used, some modules may enforce a minimum delay (e.g.
   5  #       pam_unix(8) enforces a 2s delay)
   6  #
   7 -FAIL_DELAY             3
   8 +FAIL_DELAY             2
   9
  10  #
  11  # Enable logging and display of /var/log/faillog login(1) failure info.
  12 @@ -118,7 +118,7 @@
  13  #   Directory where mailboxes reside, _or_ name of file, relative to the
  14  #   home directory.  If you _do_ define both, MAIL_DIR takes precedence.
  15  #
  16 -MAIL_DIR       /var/spool/mail
  17 +MAIL_DIR       /var/mail
  18  #MAIL_FILE     .mail
  19
  20  #
  21 @@ -135,7 +135,7 @@
  22  # fully-rooted pathname of a file containing such a spec.
  23  #
  24  #ENV_TZ                TZ=CST6CDT
  25 -#ENV_TZ                /etc/tzname
  26 +ENV_TZ         /etc/localtime
  27
  28  #
  29  # If defined, an HZ environment parameter spec.
  30 @@ -149,8 +149,8 @@
  31  # *REQUIRED*  The default PATH settings, for superuser and normal users.
  32  #
  33  # (they are minimal, add the rest in the shell startup files)
  34 -ENV_SUPATH     PATH=/sbin:/bin:/usr/sbin:/usr/bin
  35 -ENV_PATH       PATH=/bin:/usr/bin
  36 +ENV_SUPATH     PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
  37 +ENV_PATH       PATH=/usr/local/bin:/bin:/usr/bin
  38
  39  #
  40  # Terminal permissions
  41 @@ -164,7 +164,7 @@
  42  # set TTYPERM to either 622 or 600.
  43  #
  44  TTYGROUP       tty
  45 -TTYPERM                0600
  46 +TTYPERM                0620
  47
  48  #
  49  # Login configuration initializations:
  50 @@ -190,7 +190,7 @@
  51  # 022 is the default value, but 027, or even 077, could be considered
  52  # for increased privacy. There is no One True Answer here: each sysadmin
  53  # must make up their mind.
  54 -UMASK          022
  55 +UMASK          077
  56
  57  #
  58  # Password aging controls:
  59 @@ -216,7 +216,7 @@
  60  #
  61  # If compiled with cracklib support, sets the path to the dictionaries
  62  #
  63 -CRACKLIB_DICTPATH      /var/cache/cracklib/cracklib_dict
  64 +#CRACKLIB_DICTPATH     /var/cache/cracklib/cracklib_dict
  65
  66  #
  67  # Min/max values for automatic uid selection in useradd(8)
  68 @@ -282,7 +282,7 @@
  69  # phone, home phone).  If not defined, no changes are allowed.
  70  # For backward compatibility, "yes" = "rwh" and "no" = "frwh".
  71  #
  72 -CHFN_RESTRICT          rwh
  73 +CHFN_RESTRICT          frwh
  74
  75  #
  76  # Password prompt (%s will be replaced by user name).
  77 @@ -317,7 +317,7 @@
  78  # Note: If you use PAM, it is recommended to use a value consistent with
  79  # the PAM modules configuration.
  80  #
  81 -#ENCRYPT_METHOD DES
  82 +ENCRYPT_METHOD SHA512
  83
  84  #
  85  # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
  86 @@ -356,7 +356,7 @@
  87  # If this file exists and is readable, login environment will be
  88  # read from it.  Every line should be in the form name=value.
  89  #
  90 -ENVIRON_FILE   /etc/environment
  91 +#ENVIRON_FILE  /etc/environment
  92
  93  #
  94  # If defined, this command is run when removing a user.
  95 @@ -391,7 +391,7 @@
  96  # This option is overridden with the -M or -m flags on the useradd(8)
  97  # command-line.
  98  #
  99 -#CREATE_HOME     yes
 100 +CREATE_HOME     yes
 101
 102  #
 103  # Force use shadow, even if shadow passwd & shadow group files are