summarylogtreecommitdiffstats
path: root/0003-Add-Arch-Linux-defaults-for-login.defs.patch
blob: e59e99688096d24c8cad901db3a9c8ae131d4c71 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

From bafabf49d443bf4fa4f422805c5dc381ca0332a9 Mon Sep 17 00:00:00 2001
From: David Runge <dvzrv@archlinux.org>
Date: Mon, 31 Oct 2022 10:10:22 +0100
Subject: [PATCH 3/3] Add Arch Linux defaults for login.defs

etc/login.defs:
- Change `ENV_SUPATH` and `ENV_SUPATH` to only use
  /usr/local/sbin:/usr/local/bin:/usr/bin as Arch Linux is a /usr and
  bin merge distribution.
- Set `HOME_MODE` to `0700` to be able to rely on a `UMASK` of `022`
  while creating home directories in a privacy conserving manner.
- Change SYS_UID_MIN and SYS_GID_MIN to 500 which gives more space for
  distribution added UIDs and GIDs of system users.
- Change ENCRYPT_METHOD to YESCRYPT as it is a safer hashing algorithm
  than DES.
---
 etc/login.defs | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/etc/login.defs b/etc/login.defs
index 797ca6b3..c4accbf8 100644
--- a/etc/login.defs
+++ b/etc/login.defs
@@ -55,8 +55,8 @@ HUSHLOGIN_FILE	.hushlogin
 # *REQUIRED*  The default PATH settings, for superuser and normal users.
 #
 # (they are minimal, add the rest in the shell startup files)
-ENV_SUPATH	PATH=/sbin:/bin:/usr/sbin:/usr/bin
-ENV_PATH	PATH=/bin:/usr/bin
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+ENV_PATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
 
 #
 # Terminal permissions
@@ -84,7 +84,7 @@ UMASK		022
 # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
 # home directories.
 # If HOME_MODE is not set, the value of UMASK is used to create the mode.
-#HOME_MODE	0700
+HOME_MODE	0700
 
 #
 # Password aging controls:
@@ -103,7 +103,7 @@ PASS_WARN_AGE	7
 UID_MIN			 1000
 UID_MAX			60000
 # System accounts
-SYS_UID_MIN		  101
+SYS_UID_MIN		  500
 SYS_UID_MAX		  999
 # Extra per user uids
 SUB_UID_MIN		   100000
@@ -116,7 +116,7 @@ SUB_UID_COUNT		    65536
 GID_MIN			 1000
 GID_MAX			60000
 # System accounts
-SYS_GID_MIN		  101
+SYS_GID_MIN		  500
 SYS_GID_MAX		  999
 # Extra per user group ids
 SUB_GID_MIN		   100000
@@ -152,7 +152,7 @@ CHFN_RESTRICT		rwh
 # Note: If you use PAM, it is recommended to use a value consistent with
 # the PAM modules configuration.
 #
-#ENCRYPT_METHOD DES
+ENCRYPT_METHOD YESCRYPT
 
 #
 # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
-- 
2.42.0