busybox-1.8.2: eliminating libnss*

Joseph Sacco jsacco at gnome.org
Mon Dec 17 10:12:14 PST 2007 

On Sun, 2007-12-16 at 09:37 -0800, Denys Vlasenko wrote: 
> On Friday 14 December 2007 14:37, Joseph Sacco wrote:
> > I would like to eliminate /lib/libnss* and still be able to:
> >
> > * log in through a serial port [which runs a getty]
> > * log in via telnet
> > * connect to an HTTP server spawned from inetd
> >
> > I configured the busybox-1.8.2 Login/Password Utilities as shown below:
> >
> >         #
> >         # Login/Password Management Utilities
> >         #
> >         CONFIG_FEATURE_SHADOWPASSWDS=y
> >         CONFIG_USE_BB_SHADOW=y
> >         CONFIG_USE_BB_PWD_GRP=y
> >         # CONFIG_ADDGROUP is not set
> >         # CONFIG_FEATURE_ADDUSER_TO_GROUP is not set
> >         # CONFIG_DELGROUP is not set
> >         # CONFIG_FEATURE_DEL_USER_FROM_GROUP is not set
> >         # CONFIG_ADDUSER is not set
> >         # CONFIG_DELUSER is not set
> >         CONFIG_GETTY=y
> >         # CONFIG_FEATURE_UTMP is not set
> >         # CONFIG_FEATURE_WTMP is not set
> >         CONFIG_LOGIN=y
> >         # CONFIG_PAM is not set
> >         CONFIG_LOGIN_SCRIPTS=y
> >         CONFIG_FEATURE_NOLOGIN=y
> >         CONFIG_FEATURE_SECURETTY=y
> >         CONFIG_PASSWD=y
> >         # CONFIG_FEATURE_PASSWD_WEAK_CHECK is not set
> >         # CONFIG_CRYPTPW is not set
> >         # CONFIG_CHPASSWD is not set
> >         # CONFIG_SU is not set
> >         # CONFIG_FEATURE_SU_SYSLOG is not set
> >         # CONFIG_FEATURE_SU_CHECKS_SHELLS is not set
> >         # CONFIG_SULOGIN is not set
> >         # CONFIG_VLOCK is not set
> >
> > When I remove /lib/libnss* from the TARGET system I find that I can log
> > in through a serial port but can no longer log in via telnet or connect
> > to the HTTP server.  If I restore these libraries on the TARGET system I
> > can access the system via telnet and can connect to the HTTP server.
> >
> > So... It looks like some sort of permissions issue. What am I missing?
> 
> glibc is very poorly suited for such things. You won't get much support
> from glibc people with trying to live without dynamic loading of nss
> libraries (I think).
> 
> I think using uclibc is the easiest path for you, as you appear to build
> some sort of standalone system which does not need fancy user/group/host 
> resolution thru ldap/samba/whatever.
> 
> It's also way smaller than glibc.
> --
> vda

======================================================================
Denys,

Thanks for taking the time to respond. 

I agree with your observations, uclibc and its O-O counterpart would be
better overall choices when attempting to reduce the size of an embedded
system.

The reason I posted the question is the help dialogs seen when
configuring busybox would lead one to believe that selecting

CONFIG_USE_BB_SHADOW=y
CONFIG_USE_BB_PWD_GRP=y

would eliminate the need for installing libnss* when using glibc.
Apparently, that is not true.


-Joseph


-- 
jsacco [at] gnome [dot] org

More information about the busybox mailing list