If something goes terribly wrong, it would be handy to have a boot disk. If you have a boot/root combination from your installation, that will work, otherwise see the Bootdisk-HOWTO, which describes how to make a bootable disk.
You should also move the manual pages that are about to be replaced. Even if you are brave enough install the Shadow Suite without making backups, you will still want to remove the old manual pages. The new manual pages won't normall overwrite the old ones because the old ones are probably compressed.
You can use a combination of: man -aW command
and locate
command
to locate the manual pages that need to be (re)moved. It's
generally easier to figure out which are the older pages before you run
make install
.
If you used the slackware distribution, then the manual pages you want to remove are:
There may also be man pages of the same name in the /var/man/cat[1-9]
subdirectories that should also be deleted.
You are now ready to type: (do this is root)
# make install
This will install the new and replacement programs and fix-up the file permissions. It will also install the man pages.
This also takes care of installing the Shadow Suite include files in the
correct places in /usr/include/shadow
. If you install the
shadow-3.3.1-2
package instead of the shadow-mk
package,
you would have to do this manually.
The next step is to run pwconv
. This must also be done as root, and
is best done from the /etc
subdirectory:
# cd /etc
# /usr/sbin/pwconv
pwconv
takes your /etc/passwd
file and strips out the
fields to create two files: /etc/npasswd
and /etc/nshadow
.
A pwunconv
program is also provided if you need to make a normal
/etc/passwd
file out of an /etc/passwd
and
/etc/shadow
conbination.
Now that you have run pwconv
you have created the files:
/etc/npasswd
and /etc/nshadow
. These need to be copied
over to /etc/passwd
and /etc/shadow
. We also want to make
a backup copy of the original /etc/passwd
file, and make sure only
root can read it. We'll put the backup in root's home directory:
# cd /etc
# cp passwd ~passwd
# chmod 600 ~passwd
# mv npasswd passwd
# mv nshadow shadow
You should also ensure that the file ownerships and permissions are
correct. If you are going to be using X-Windows, the
xlock
program needs to be able to read the shadow
file
(but not write it). This is best done by making the shadow
file
owned by root
with a group of shadow
. Before you do
this, make sure that you have a shadow group (look in /etc/group
).
None of the users on the system should actually be in the shadow group.
# chown root.root passwd
# chown root.shadow shadow
# chmod 0644 passwd
# chmod 0640 shadow
Your system now has the password file shadowed. You should now pop over to another virtual terminal and verify that you can login.
If you can't, then something is wrong! To get back to a non-shadowed state, do the following the following:
# cd /etc
# cp ~passwd passwd
# chmod 644 passwd
# cd /usr/src/shadow-mk
# make restore
This will restore the original passwd file, and restore the files that you
saved earlier in the /usr/src/shadow-mk/save
directory.