The first step after retrieving the package is unpacking it. The package is in the tar (tape archive) format and compressed using gzip, so first move it to /usr/src
, then type:
tar -xzvf shadow-current.tar.gz
This will unpack it into the directory: /usr/src/shadow-YYMMDD
The first thing that you need to do is to copy over the Makefile
and the config.h
file:
cd /usr/src/shadow-YYMMDD cp Makefile.linux Makefile cp config.h.linux config.h
You should then take a look at the config.h
file. This file contains definitions for some of the configuration options. If you are using the recommended package, I recommend that you disable group shadow support for your first time around.
By default shadowed group passwords are enabled. To disable these edit the config.h
file, and change the #define SHADOWGRP
to #undef SHADOWGRP
. I recommend that you disable them to start with, and then if you really want group passwords and group administrators that you enable it later and recompile. If you leave it enabled, you must create the file /etc/gshadow
.
Enabling the long passwords option is NOT recommended as discussed above.
Do NOT change the setting: #undef AUTOSHADOW
The AUTOSHADOW
option was originally designed so that programs that were shadow ignorant would still function. This sounds good in theory, but does not work correctly. If you enable this option, and the program runs as root, it may call getpwnam()
as root, and later write the modified entry back to the /etc/passwd
file (with the no-longer-shadowed password). Such programs include chfn and chsh. (You can't get around this by swapping real and effective uid before calling getpwnam()
because root may use chfn and chsh too.)
The same warning is also valid if you are building libc, it has a SHADOW_COMPAT
option which does the same thing. It should NOT be used! If you start getting encoded passwords back in your /etc/passwd
file, this is the problem.
If you are using a libc
version prior to 4.6.27, you will need to make a couple more changes to config.h
and the Makefile
. To config.h
edit and change:
to:
#define HAVE_BASENAME
And then in the
#undef HAVE_BASENAME
Makefile
, change:
SOBJS = smain.o env.o entry.o susetup.o shell.o \ sub.o mail.o motd.o sulog.o age.o tz.o hushed.o SSRCS = smain.c env.c entry.c setup.c shell.c \ pwent.c sub.c mail.c motd.c sulog.c shadow.c age.c pwpack.c rad64.c \ tz.c hushed.c
These changes add the code contained in
SOBJS = smain.o env.o entry.o susetup.o shell.o \ sub.o mail.o motd.o sulog.o age.o tz.o hushed.o basename.o SSRCS = smain.c env.c entry.c setup.c shell.c \ pwent.c sub.c mail.c motd.c sulog.c shadow.c age.c pwpack.c rad64.c \ tz.c hushed.c basename.c
basename.c
which is contained in libc 4.6.27
and later.
It would also be a good idea to track down and make backup copies of the programs that the shadow suite will replace. On a Slackware 3.0 system these are:
The BETA package has a save target in the Makefile, but it's commented out because different distributions place the programs in different places.
You should also make a backup copy of your /etc/passwd
file, but be careful to name it something else if you place it in the same directory so you don't overwrite the passwd
command.
You need to be logged as root to do most of the installation.
Run make to compile the executables in the package:
make all
You may see the warning: rcsid defined but not used
. This is fine, it just happens because the author is using a version control package.