diff options
Diffstat (limited to '0003-Add-Arch-Linux-defaults-for-login.defs.patch')
-rw-r--r-- | 0003-Add-Arch-Linux-defaults-for-login.defs.patch | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/0003-Add-Arch-Linux-defaults-for-login.defs.patch b/0003-Add-Arch-Linux-defaults-for-login.defs.patch index 0d2fe8ac5437..5e687b02a2c3 100644 --- a/0003-Add-Arch-Linux-defaults-for-login.defs.patch +++ b/0003-Add-Arch-Linux-defaults-for-login.defs.patch @@ -1,24 +1,24 @@ -From 8c2a5c7d695fc6066c92b102d26853f25e0bedb8 Mon Sep 17 00:00:00 2001 +From 2642dcf11171a701f1997dcd19a769bb5baec410 Mon Sep 17 00:00:00 2001 From: David Runge <dvzrv@archlinux.org> Date: Mon, 31 Oct 2022 10:10:22 +0100 -Subject: [PATCH 3/4] Add Arch Linux defaults for login.defs +Subject: [PATCH 3/3] Add Arch Linux defaults for login.defs etc/login.defs: -Change ENV_SUPATH and ENV_SUPATH to only use -/usr/local/sbin:/usr/local/bin:/usr/bin as Arch Linux is a /usr merge -and bin merge distribution. -Change UMASK to 077 as it is considered a more privacy conserving -default than 022. -Change SYS_UID_MIN and SYS_GID_MIN to 500 which gives more space for -distribution added UIDs and GIDs. -Change ENCRYPT_METHOD to SHA512 as it is a safer hashing algorithm than -DES. +- Change `ENV_SUPATH` and `ENV_SUPATH` to only use + /usr/local/sbin:/usr/local/bin:/usr/bin as Arch Linux is a /usr and + bin merge distribution. +- Set `HOME_MODE` to `0700` to be able to rely on a `UMASK` of `022` + while creating home directories in a privacy conserving manner. +- Change SYS_UID_MIN and SYS_GID_MIN to 500 which gives more space for + distribution added UIDs and GIDs of system users. +- Change ENCRYPT_METHOD to YESCRYPT as it is a safer hashing algorithm + than DES. --- etc/login.defs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/etc/login.defs b/etc/login.defs -index 7c633a57..ea841257 100644 +index 797ca6b3..c4accbf8 100644 --- a/etc/login.defs +++ b/etc/login.defs @@ -55,8 +55,8 @@ HUSHLOGIN_FILE .hushlogin @@ -32,15 +32,15 @@ index 7c633a57..ea841257 100644 # # Terminal permissions -@@ -79,7 +79,7 @@ TTYPERM 0600 - # 022 is the default value, but 027, or even 077, could be considered - # for increased privacy. There is no One True Answer here: each sysadmin - # must make up their mind. --UMASK 022 -+UMASK 077 - +@@ -84,7 +84,7 @@ UMASK 022 # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new # home directories. + # If HOME_MODE is not set, the value of UMASK is used to create the mode. +-#HOME_MODE 0700 ++HOME_MODE 0700 + + # + # Password aging controls: @@ -103,7 +103,7 @@ PASS_WARN_AGE 7 UID_MIN 1000 UID_MAX 60000 @@ -59,15 +59,15 @@ index 7c633a57..ea841257 100644 SYS_GID_MAX 999 # Extra per user group ids SUB_GID_MIN 100000 -@@ -153,7 +153,7 @@ CHFN_RESTRICT rwh +@@ -152,7 +152,7 @@ CHFN_RESTRICT rwh # Note: If you use PAM, it is recommended to use a value consistent with # the PAM modules configuration. # -#ENCRYPT_METHOD DES -+ENCRYPT_METHOD SHA512 ++ENCRYPT_METHOD YESCRYPT # # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. -- -2.39.0 +2.42.0 |