├── etc ├── group ├── passwd ├── shadow ├── sockd.conf └── login.defs ├── noc.png ├── .gitignore ├── scripts ├── del ├── chp └── add ├── docker-compose.yml ├── dante └── Dockerfile ├── UNLICENSE ├── README.md └── README-RUS.md /etc/group: -------------------------------------------------------------------------------- 1 | root:x:0: 2 | nogroup:x:65534: 3 | -------------------------------------------------------------------------------- /noc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schors/tgdante/HEAD/noc.png -------------------------------------------------------------------------------- /etc/passwd: -------------------------------------------------------------------------------- 1 | root:x:0:0:root:/root:/bin/bash 2 | nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin 3 | -------------------------------------------------------------------------------- /etc/shadow: -------------------------------------------------------------------------------- 1 | root:x:0:0:root:/root:/bin/bash 2 | nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *\~ 2 | *.swp 3 | etc/.pwd.lock 4 | etc/resolv.conf 5 | etc/hosts 6 | etc/hostname 7 | etc/group- 8 | etc/passwd- 9 | etc/shadow- 10 | -------------------------------------------------------------------------------- /scripts/del: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | ETCVOL=`realpath "../etc"` 6 | 7 | DOCKER_CMD="docker run --rm -i -v ${ETCVOL}:/etc ubuntu:xenial" 8 | 9 | USER_NAME=${1} 10 | 11 | if [ -z "$USER_NAME" ]; then 12 | echo "Usage:" 13 | echo "$0 USER" 14 | exit 1 15 | fi 16 | 17 | ${DOCKER_CMD} userdel "${USER_NAME}" 18 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.0' 2 | 3 | services: 4 | dante: 5 | build: 6 | context: dante 7 | dockerfile: Dockerfile 8 | hostname: dante 9 | container_name: dante.local 10 | volumes: 11 | - ./etc:/etc 12 | ports: 13 | - "1080:1080" 14 | network_mode: "host" 15 | logging: 16 | driver: syslog 17 | options: 18 | tag: dante 19 | restart: unless-stopped 20 | -------------------------------------------------------------------------------- /scripts/chp: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | ETCVOL=`realpath "../etc"` 6 | 7 | DOCKER_CMD="docker run --rm -i -v ${ETCVOL}:/etc ubuntu:xenial" 8 | 9 | USER_NAME=${1} 10 | PASSWORD0=${2} 11 | 12 | if [ -z "$USER_NAME" ]; then 13 | echo "Usage:" 14 | echo "$0 USER [PASSWORD]" 15 | exit 1 16 | fi 17 | 18 | if [ -z "$PASSWORD0" ]; then 19 | PASSWORD=`apg -M NCL -m 16 -x 16 -n 1` 20 | else 21 | PASSWORD="${PASSWORD}" 22 | fi 23 | 24 | if [ -z "$PASSWORD" ]; then 25 | echo "Usage:" 26 | echo "$0 USER [PASSWORD]" 27 | exit 1 28 | fi 29 | 30 | echo "${USER_NAME}:${PASSWORD}" | ${DOCKER_CMD} chpasswd -c SHA512 31 | 32 | if [ -z "$PASSWORD0" ]; then 33 | echo "https://t.me/socks?&user=${USER_NAME}&pass=${PASSWORD}&port=&server=" 34 | fi 35 | -------------------------------------------------------------------------------- /scripts/add: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | ETCVOL=`realpath "../etc"` 6 | 7 | DOCKER_CMD="docker run --rm -i -v ${ETCVOL}:/etc ubuntu:xenial" 8 | 9 | USER_NAME=${1} 10 | PASSWORD0=${2} 11 | 12 | if [ -z "$USER_NAME" ]; then 13 | echo "Usage:" 14 | echo "$0 USER [PASSWORD]" 15 | exit 1 16 | fi 17 | 18 | if [ -z "$PASSWORD0" ]; then 19 | PASSWORD=`apg -M NCL -m 16 -x 16 -n 1` 20 | else 21 | PASSWORD="$PASSWORD0" 22 | fi 23 | 24 | if [ -z "$PASSWORD" ]; then 25 | echo "Usage:" 26 | echo "$0 USER [PASSWORD]" 27 | exit 1 28 | fi 29 | 30 | ${DOCKER_CMD} useradd "$USER_NAME" 31 | echo "${USER_NAME}:${PASSWORD}" | ${DOCKER_CMD} chpasswd -c SHA256 32 | 33 | if [ -z "$PASSWORD0" ]; then 34 | echo "https://t.me/socks?&user=${USER_NAME}&pass=${PASSWORD}&port=&server=" 35 | fi 36 | -------------------------------------------------------------------------------- /dante/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Dockerfile for dante-server 3 | # 4 | 5 | FROM ubuntu:xenial 6 | MAINTAINER schors 7 | 8 | 9 | ENV DANTE_VER 1.4.2 10 | ENV DANTE_URL https://www.inet.no/dante/files/dante-$DANTE_VER.tar.gz 11 | ENV DANTE_SHA baa25750633a7f9f37467ee43afdf7a95c80274394eddd7dcd4e1542aa75caad 12 | ENV DANTE_FILE dante.tar.gz 13 | ENV DANTE_TEMP dante 14 | ENV DANTE_DEPS build-essential curl 15 | 16 | RUN set -xe \ 17 | && apt-get update \ 18 | && apt-get install -y $DANTE_DEPS \ 19 | && mkdir $DANTE_TEMP \ 20 | && cd $DANTE_TEMP \ 21 | && curl -sSL $DANTE_URL -o $DANTE_FILE \ 22 | && echo "$DANTE_SHA *$DANTE_FILE" | shasum -c \ 23 | && tar xzf $DANTE_FILE --strip 1 \ 24 | && ./configure \ 25 | && make install \ 26 | && cd .. \ 27 | && rm -rf $DANTE_TEMP \ 28 | && apt-get purge -y --auto-remove $DANTE_DEPS \ 29 | && rm -rf /var/lib/apt/lists/* 30 | 31 | ENV CFGFILE /etc/sockd.conf 32 | ENV PIDFILE /tmp/sockd.pid 33 | ENV WORKERS 50 34 | 35 | EXPOSE 1080 36 | 37 | CMD sockd -f $CFGFILE -p $PIDFILE -N $WORKERS 38 | -------------------------------------------------------------------------------- /UNLICENSE: -------------------------------------------------------------------------------- 1 | This is free and unencumbered software released into the public domain. 2 | 3 | Anyone is free to copy, modify, publish, use, compile, sell, or 4 | distribute this software, either in source code form or as a compiled 5 | binary, for any purpose, commercial or non-commercial, and by any 6 | means. 7 | 8 | In jurisdictions that recognize copyright laws, the author or authors 9 | of this software dedicate any and all copyright interest in the 10 | software to the public domain. We make this dedication for the benefit 11 | of the public at large and to the detriment of our heirs and 12 | successors. We intend this dedication to be an overt act of 13 | relinquishment in perpetuity of all present and future rights to this 14 | software under copyright law. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR 20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 22 | OTHER DEALINGS IN THE SOFTWARE. 23 | 24 | For more information, please refer to 25 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Dockerized Dante socks5 proxy for telegram 2 | ========================================== 3 | 4 | 5 | **THIS IS DEPRECATED. PLEASE USE** [https://hub.docker.com/r/schors/tgdante2/](https://hub.docker.com/r/schors/tgdante2/) 6 | 7 | [РУССКАЯ Версия](README-RUS.md) 8 | 9 | Features 10 | -------- 11 | * Docker, Docker Compose 12 | * Add/Del/Chpass user scripts 13 | * Only telegram usage restrictions 14 | 15 | Requirements 16 | ------------ 17 | 18 | * [Docker](https://www.docker.com/docker-community) for virtual containers 19 | * [Docker Compose](https://docs.docker.com/compose/) - a tool for defining and running multi-container Docker applications 20 | * [apg](http://www.adel.nursat.kz/apg/) - a package for generates several random passwords 21 | 22 | Usage 23 | ----- 24 | 25 | * Clone repository 26 | * Edit dante/sockd.conf: 27 | * external: The address to be used for outgoing connections. The address given may be either a IP address or an interface name. 28 | * Uncoment some lines for IPv6 support 29 | * Edit dante/Dockerfile: 30 | * Edit `ENV WORKERS 50` for preforked workers 31 | * Run `docker-compose up -d` 32 | * Use scripts in `scripts` folder for adding and removing users, changing passwords 33 | 34 | For nuts 35 | -------- 36 | 37 | * PayPal https://www.paypal.me/schors 38 | * Yandex.Money http://yasobe.ru/na/schors 39 | * BTC:17V94QS4vaBwec1Qwqp2ow5b3tbrRGGcne 40 | 41 | Links 42 | ----- 43 | 44 | * [Telegram](https://telegram.org/) Messenger 45 | * [Dante](https://www.inet.no/dante/index.html) A free SOCKS server 46 | 47 | * [Restless Phil](https://2018.schors.spb.ru) Restless Phil :tm: 48 | * [Roscomnadzor](http://rkn.gov.ru) The Federal Service for Supervision of Communications, Information Technology, and Mass Media 49 | 50 | 51 | --- 52 | [![UNLICENSE](noc.png)](UNLICENSE) 53 | -------------------------------------------------------------------------------- /README-RUS.md: -------------------------------------------------------------------------------- 1 | Докеризированный Dante socks5-сервер для работы с мессенджером telegram 2 | ======================================================================= 3 | 4 | **УСТАРЕВШАЯ ВЕРСИЯ. ИСПОЛЬЗУЙТЕ** [https://hub.docker.com/r/schors/tgdante2/](https://hub.docker.com/r/schors/tgdante2/) 5 | 6 | [ENGLISH Version](README.md) 7 | 8 | Преимущества 9 | ------------ 10 | * Docker, Docker Compose 11 | * Скрипты для добавления/удаления пользователей и смены паролей 12 | * Ограничение для использования только с telegram 13 | 14 | Требования 15 | ---------- 16 | 17 | * [Docker](https://www.docker.com/docker-community) для контейнеров 18 | * [Docker Compose](https://docs.docker.com/compose/) - программа для запуска и управления контейнерами 19 | * [apg](http://www.adel.nursat.kz/apg/) - программа для генерации паролей 20 | 21 | Использование 22 | ------------- 23 | 24 | * Клонируйте репозиторий 25 | * Отредактируйте dante/sockd.conf при необходимости: 26 | * external: адрес, который будет использоваться для исходящих соединений. Это может быть IP-адрес или имя интерфейса. 27 | * Раскоментируйте соответствующие строки для поддержки IPv6 28 | * Отредактируйте dante/Dockerfile при необходимости: 29 | * Строка `ENV WORKERS 50` отвечает за количество предзапущенных процессов 30 | * Запустите `docker-compose up -d` 31 | * Используйте скрипты в папке `scripts` для добавления/удаления пользователей и смены паролей 32 | 33 | На орехи 34 | -------- 35 | 36 | * PayPal https://www.paypal.me/schors 37 | * Яндекс.Деньги http://yasobe.ru/na/schors 38 | * BTC:17V94QS4vaBwec1Qwqp2ow5b3tbrRGGcne 39 | 40 | Ссылки 41 | ------ 42 | 43 | * [Telegram](https://telegram.org/) мессенджер 44 | * [Dante](https://www.inet.no/dante/index.html) свободнораспространяемый SOCKS-сервер 45 | 46 | * [Неугомонный Фил](https://2018.schors.spb.ru) Неугомонный Фил :tm: 47 | * [Роскомнадзор](http://rkn.gov.ru) Федеральная служба по надзору в сфере связи, информационных технологий и массовых коммуникаций 48 | 49 | 50 | --- 51 | [![UNLICENSE](noc.png)](UNLICENSE) 52 | -------------------------------------------------------------------------------- /etc/sockd.conf: -------------------------------------------------------------------------------- 1 | #logging 2 | logoutput: stderr 3 | #debug: 1 4 | 5 | #server address specification 6 | internal: 0.0.0.0 port = 1080 7 | # or IPv6 8 | #internal: :: port = 1080 9 | external: eth0 10 | 11 | #server identities (not needed on solaris) 12 | user.privileged: root 13 | user.notprivileged: nobody 14 | 15 | #reverse dns lookup 16 | #srchost: nodnsmismatch 17 | 18 | #authentication methods 19 | clientmethod: none 20 | socksmethod: username 21 | 22 | 23 | # allow any client connection 24 | client pass { 25 | from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0 26 | log: connect disconnect error 27 | } 28 | # For IPv6 29 | #client pass { 30 | # from: ::/0 port 1-65535 to: ::/0 31 | # log: connect disconnect error 32 | #} 33 | 34 | 35 | # deny proxied to lo 36 | socks block { 37 | from: 0.0.0.0/0 to: 127.0.0.0/8 38 | log: error 39 | } 40 | #socks block { 41 | # from: ::/0 to: ::1/128 42 | # log: error 43 | #} 44 | 45 | # deny binding 46 | socks block { 47 | from: 0.0.0.0/0 to: 0.0.0.0/0 48 | command: bind 49 | log: error 50 | } 51 | #socks block { 52 | # from: 0.0.0.0/0 to: 0.0.0.0/0 53 | # command: bind 54 | # log: error 55 | #} 56 | 57 | #91.108.4.0/22 58 | #91.108.8.0/22 59 | #91.108.12.0/22 60 | #91.108.16.0/22 61 | #91.108.56.0/22 62 | #91.108.56.0/23 63 | #91.108.56.0/24 64 | #149.154.160.0/20 65 | #149.154.160.0/22 66 | #149.154.164.0/22 67 | #149.154.168.0/22 68 | #149.154.168.0/23 69 | #149.154.170.0/23 70 | socks pass { 71 | from: 0.0.0.0/0 to: 91.108.4.0/22 72 | log: connect disconnect error 73 | socksmethod: username 74 | } 75 | socks pass { 76 | from: 0.0.0.0/0 to: 91.108.8.0/22 77 | log: connect disconnect error 78 | socksmethod: username 79 | } 80 | socks pass { 81 | from: 0.0.0.0/0 to: 91.108.12.0/22 82 | log: connect disconnect error 83 | socksmethod: username 84 | } 85 | socks pass { 86 | from: 0.0.0.0/0 to: 91.108.16.0/22 87 | log: connect disconnect error 88 | socksmethod: username 89 | } 90 | socks pass { 91 | from: 0.0.0.0/0 to: 91.108.56.0/22 92 | log: connect disconnect error 93 | socksmethod: username 94 | } 95 | socks pass { 96 | from: 0.0.0.0/0 to: 149.154.160.0/20 97 | log: connect disconnect error 98 | socksmethod: username 99 | } 100 | socks pass { 101 | from: 0.0.0.0/0 to: 149.154.164.0/20 102 | log: connect disconnect error 103 | socksmethod: username 104 | } 105 | socks pass { 106 | from: 0.0.0.0/0 to: 149.154.168.0/20 107 | log: connect disconnect error 108 | socksmethod: username 109 | } 110 | socks pass { 111 | from: 0.0.0.0/0 to: 149.154.170.0/20 112 | log: connect disconnect error 113 | socksmethod: username 114 | } 115 | #2001:67c:4e8::/48 116 | #2001:b28:f23d::/48 117 | #2001:b28:f23e::/48 118 | #2001:b28:f23f::/48 119 | #socks pass { 120 | # from: ::/0 to: 2001:67c:4e8::/48 121 | # log: connect disconnect error 122 | # socksmethod: username 123 | #} 124 | #socks pass { 125 | # from: ::/0 to: 2001:b28:f23d::/48 126 | # log: connect disconnect error 127 | # socksmethod: username 128 | #} 129 | #socks pass { 130 | # from: ::/0 to: 2001:b28:f23e::/48 131 | # log: connect disconnect error 132 | # socksmethod: username 133 | #} 134 | #socks pass { 135 | # from: ::/0 to: 2001:b28:f23f::/48 136 | # log: connect disconnect error 137 | # socksmethod: username 138 | #} 139 | 140 | 141 | # deny the rest 142 | socks block { 143 | from: 0.0.0.0/0 to: 0.0.0.0/0 144 | log: error 145 | } 146 | #socks block { 147 | # from: ::/0 to: ::/0 148 | # log: error 149 | #} 150 | -------------------------------------------------------------------------------- /etc/login.defs: -------------------------------------------------------------------------------- 1 | # 2 | # /etc/login.defs - Configuration control definitions for the login package. 3 | # 4 | # Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. 5 | # If unspecified, some arbitrary (and possibly incorrect) value will 6 | # be assumed. All other items are optional - if not specified then 7 | # the described action or option will be inhibited. 8 | # 9 | # Comment lines (lines beginning with "#") and blank lines are ignored. 10 | # 11 | # Modified for Linux. --marekm 12 | 13 | # REQUIRED for useradd/userdel/usermod 14 | # Directory where mailboxes reside, _or_ name of file, relative to the 15 | # home directory. If you _do_ define MAIL_DIR and MAIL_FILE, 16 | # MAIL_DIR takes precedence. 17 | # 18 | # Essentially: 19 | # - MAIL_DIR defines the location of users mail spool files 20 | # (for mbox use) by appending the username to MAIL_DIR as defined 21 | # below. 22 | # - MAIL_FILE defines the location of the users mail spool files as the 23 | # fully-qualified filename obtained by prepending the user home 24 | # directory before $MAIL_FILE 25 | # 26 | # NOTE: This is no more used for setting up users MAIL environment variable 27 | # which is, starting from shadow 4.0.12-1 in Debian, entirely the 28 | # job of the pam_mail PAM modules 29 | # See default PAM configuration files provided for 30 | # login, su, etc. 31 | # 32 | # This is a temporary situation: setting these variables will soon 33 | # move to /etc/default/useradd and the variables will then be 34 | # no more supported 35 | MAIL_DIR /var/mail 36 | #MAIL_FILE .mail 37 | 38 | # 39 | # Enable logging and display of /var/log/faillog login failure info. 40 | # This option conflicts with the pam_tally PAM module. 41 | # 42 | FAILLOG_ENAB yes 43 | 44 | # 45 | # Enable display of unknown usernames when login failures are recorded. 46 | # 47 | # WARNING: Unknown usernames may become world readable. 48 | # See #290803 and #298773 for details about how this could become a security 49 | # concern 50 | LOG_UNKFAIL_ENAB no 51 | 52 | # 53 | # Enable logging of successful logins 54 | # 55 | LOG_OK_LOGINS no 56 | 57 | # 58 | # Enable "syslog" logging of su activity - in addition to sulog file logging. 59 | # SYSLOG_SG_ENAB does the same for newgrp and sg. 60 | # 61 | SYSLOG_SU_ENAB yes 62 | SYSLOG_SG_ENAB yes 63 | 64 | # 65 | # If defined, all su activity is logged to this file. 66 | # 67 | #SULOG_FILE /var/log/sulog 68 | 69 | # 70 | # If defined, file which maps tty line to TERM environment parameter. 71 | # Each line of the file is in a format something like "vt100 tty01". 72 | # 73 | #TTYTYPE_FILE /etc/ttytype 74 | 75 | # 76 | # If defined, login failures will be logged here in a utmp format 77 | # last, when invoked as lastb, will read /var/log/btmp, so... 78 | # 79 | FTMP_FILE /var/log/btmp 80 | 81 | # 82 | # If defined, the command name to display when running "su -". For 83 | # example, if this is defined as "su" then a "ps" will display the 84 | # command is "-su". If not defined, then "ps" would display the 85 | # name of the shell actually being run, e.g. something like "-sh". 86 | # 87 | SU_NAME su 88 | 89 | # 90 | # If defined, file which inhibits all the usual chatter during the login 91 | # sequence. If a full pathname, then hushed mode will be enabled if the 92 | # user's name or shell are found in the file. If not a full pathname, then 93 | # hushed mode will be enabled if the file exists in the user's home directory. 94 | # 95 | HUSHLOGIN_FILE .hushlogin 96 | #HUSHLOGIN_FILE /etc/hushlogins 97 | 98 | # 99 | # *REQUIRED* The default PATH settings, for superuser and normal users. 100 | # 101 | # (they are minimal, add the rest in the shell startup files) 102 | ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 103 | ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games 104 | 105 | # 106 | # Terminal permissions 107 | # 108 | # TTYGROUP Login tty will be assigned this group ownership. 109 | # TTYPERM Login tty will be set to this permission. 110 | # 111 | # If you have a "write" program which is "setgid" to a special group 112 | # which owns the terminals, define TTYGROUP to the group number and 113 | # TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign 114 | # TTYPERM to either 622 or 600. 115 | # 116 | # In Debian /usr/bin/bsd-write or similar programs are setgid tty 117 | # However, the default and recommended value for TTYPERM is still 0600 118 | # to not allow anyone to write to anyone else console or terminal 119 | 120 | # Users can still allow other people to write them by issuing 121 | # the "mesg y" command. 122 | 123 | TTYGROUP tty 124 | TTYPERM 0600 125 | 126 | # 127 | # Login configuration initializations: 128 | # 129 | # ERASECHAR Terminal ERASE character ('\010' = backspace). 130 | # KILLCHAR Terminal KILL character ('\025' = CTRL/U). 131 | # UMASK Default "umask" value. 132 | # 133 | # The ERASECHAR and KILLCHAR are used only on System V machines. 134 | # 135 | # UMASK is the default umask value for pam_umask and is used by 136 | # useradd and newusers to set the mode of the new home directories. 137 | # 022 is the "historical" value in Debian for UMASK 138 | # 027, or even 077, could be considered better for privacy 139 | # There is no One True Answer here : each sysadmin must make up his/her 140 | # mind. 141 | # 142 | # If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value 143 | # for private user groups, i. e. the uid is the same as gid, and username is 144 | # the same as the primary group name: for these, the user permissions will be 145 | # used as group permissions, e. g. 022 will become 002. 146 | # 147 | # Prefix these values with "0" to get octal, "0x" to get hexadecimal. 148 | # 149 | ERASECHAR 0177 150 | KILLCHAR 025 151 | UMASK 022 152 | 153 | # 154 | # Password aging controls: 155 | # 156 | # PASS_MAX_DAYS Maximum number of days a password may be used. 157 | # PASS_MIN_DAYS Minimum number of days allowed between password changes. 158 | # PASS_WARN_AGE Number of days warning given before a password expires. 159 | # 160 | PASS_MAX_DAYS 99999 161 | PASS_MIN_DAYS 0 162 | PASS_WARN_AGE 7 163 | 164 | # 165 | # Min/max values for automatic uid selection in useradd 166 | # 167 | UID_MIN 1000 168 | UID_MAX 60000 169 | # System accounts 170 | #SYS_UID_MIN 100 171 | #SYS_UID_MAX 999 172 | 173 | # 174 | # Min/max values for automatic gid selection in groupadd 175 | # 176 | GID_MIN 1000 177 | GID_MAX 60000 178 | # System accounts 179 | #SYS_GID_MIN 100 180 | #SYS_GID_MAX 999 181 | 182 | # 183 | # Max number of login retries if password is bad. This will most likely be 184 | # overriden by PAM, since the default pam_unix module has it's own built 185 | # in of 3 retries. However, this is a safe fallback in case you are using 186 | # an authentication module that does not enforce PAM_MAXTRIES. 187 | # 188 | LOGIN_RETRIES 5 189 | 190 | # 191 | # Max time in seconds for login 192 | # 193 | LOGIN_TIMEOUT 60 194 | 195 | # 196 | # Which fields may be changed by regular users using chfn - use 197 | # any combination of letters "frwh" (full name, room number, work 198 | # phone, home phone). If not defined, no changes are allowed. 199 | # For backward compatibility, "yes" = "rwh" and "no" = "frwh". 200 | # 201 | CHFN_RESTRICT rwh 202 | 203 | # 204 | # Should login be allowed if we can't cd to the home directory? 205 | # Default in no. 206 | # 207 | DEFAULT_HOME yes 208 | 209 | # 210 | # If defined, this command is run when removing a user. 211 | # It should remove any at/cron/print jobs etc. owned by 212 | # the user to be removed (passed as the first argument). 213 | # 214 | #USERDEL_CMD /usr/sbin/userdel_local 215 | 216 | # 217 | # Enable setting of the umask group bits to be the same as owner bits 218 | # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is 219 | # the same as gid, and username is the same as the primary group name. 220 | # 221 | # If set to yes, userdel will remove the user´s group if it contains no 222 | # more members, and useradd will create by default a group with the name 223 | # of the user. 224 | # 225 | USERGROUPS_ENAB yes 226 | 227 | # 228 | # Instead of the real user shell, the program specified by this parameter 229 | # will be launched, although its visible name (argv[0]) will be the shell's. 230 | # The program may do whatever it wants (logging, additional authentification, 231 | # banner, ...) before running the actual shell. 232 | # 233 | # FAKE_SHELL /bin/fakeshell 234 | 235 | # 236 | # If defined, either full pathname of a file containing device names or 237 | # a ":" delimited list of device names. Root logins will be allowed only 238 | # upon these devices. 239 | # 240 | # This variable is used by login and su. 241 | # 242 | #CONSOLE /etc/consoles 243 | #CONSOLE console:tty01:tty02:tty03:tty04 244 | 245 | # 246 | # List of groups to add to the user's supplementary group set 247 | # when logging in on the console (as determined by the CONSOLE 248 | # setting). Default is none. 249 | # 250 | # Use with caution - it is possible for users to gain permanent 251 | # access to these groups, even when not logged in on the console. 252 | # How to do it is left as an exercise for the reader... 253 | # 254 | # This variable is used by login and su. 255 | # 256 | #CONSOLE_GROUPS floppy:audio:cdrom 257 | 258 | # 259 | # If set to "yes", new passwords will be encrypted using the MD5-based 260 | # algorithm compatible with the one used by recent releases of FreeBSD. 261 | # It supports passwords of unlimited length and longer salt strings. 262 | # Set to "no" if you need to copy encrypted passwords to other systems 263 | # which don't understand the new algorithm. Default is "no". 264 | # 265 | # This variable is deprecated. You should use ENCRYPT_METHOD. 266 | # 267 | #MD5_CRYPT_ENAB no 268 | 269 | # 270 | # If set to MD5 , MD5-based algorithm will be used for encrypting password 271 | # If set to SHA256, SHA256-based algorithm will be used for encrypting password 272 | # If set to SHA512, SHA512-based algorithm will be used for encrypting password 273 | # If set to DES, DES-based algorithm will be used for encrypting password (default) 274 | # Overrides the MD5_CRYPT_ENAB option 275 | # 276 | # Note: It is recommended to use a value consistent with 277 | # the PAM modules configuration. 278 | # 279 | ENCRYPT_METHOD SHA512 280 | 281 | # 282 | # Only used if ENCRYPT_METHOD is set to SHA256 or SHA512. 283 | # 284 | # Define the number of SHA rounds. 285 | # With a lot of rounds, it is more difficult to brute forcing the password. 286 | # But note also that it more CPU resources will be needed to authenticate 287 | # users. 288 | # 289 | # If not specified, the libc will choose the default number of rounds (5000). 290 | # The values must be inside the 1000-999999999 range. 291 | # If only one of the MIN or MAX values is set, then this value will be used. 292 | # If MIN > MAX, the highest value will be used. 293 | # 294 | # SHA_CRYPT_MIN_ROUNDS 5000 295 | # SHA_CRYPT_MAX_ROUNDS 5000 296 | 297 | ################# OBSOLETED BY PAM ############## 298 | # # 299 | # These options are now handled by PAM. Please # 300 | # edit the appropriate file in /etc/pam.d/ to # 301 | # enable the equivelants of them. 302 | # 303 | ############### 304 | 305 | #MOTD_FILE 306 | #DIALUPS_CHECK_ENAB 307 | #LASTLOG_ENAB 308 | #MAIL_CHECK_ENAB 309 | #OBSCURE_CHECKS_ENAB 310 | #PORTTIME_CHECKS_ENAB 311 | #SU_WHEEL_ONLY 312 | #CRACKLIB_DICTPATH 313 | #PASS_CHANGE_TRIES 314 | #PASS_ALWAYS_WARN 315 | #ENVIRON_FILE 316 | #NOLOGINS_FILE 317 | #ISSUE_FILE 318 | #PASS_MIN_LEN 319 | #PASS_MAX_LEN 320 | #ULIMIT 321 | #ENV_HZ 322 | #CHFN_AUTH 323 | #CHSH_AUTH 324 | #FAIL_DELAY 325 | 326 | ################# OBSOLETED ####################### 327 | # # 328 | # These options are no more handled by shadow. # 329 | # # 330 | # Shadow utilities will display a warning if they # 331 | # still appear. # 332 | # # 333 | ################################################### 334 | 335 | # CLOSE_SESSIONS 336 | # LOGIN_STRING 337 | # NO_PASSWORD_CONSOLE 338 | # QMAIL_DIR 339 | 340 | 341 | 342 | --------------------------------------------------------------------------------