forked from pool/permissions
This commit is contained in:
parent
849137f9ff
commit
e09f9f3e78
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jul 28 13:00:44 UTC 2009 - lnussel@suse.de
|
||||||
|
|
||||||
|
- hylafax directory permissions are handled by the package
|
||||||
|
- change group of amanda binaries (bnc#523006)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Mar 2 11:26:53 CET 2009 - lnussel@suse.de
|
Mon Mar 2 11:26:53 CET 2009 - lnussel@suse.de
|
||||||
|
|
||||||
|
@ -270,13 +270,13 @@
|
|||||||
#
|
#
|
||||||
# amanda
|
# amanda
|
||||||
#
|
#
|
||||||
/usr/sbin/amcheck root:disk 4750
|
/usr/sbin/amcheck root:amanda 4750
|
||||||
/usr/lib/amanda/calcsize root:disk 4750
|
/usr/lib/amanda/calcsize root:amanda 4750
|
||||||
/usr/lib/amanda/rundump root:disk 4750
|
/usr/lib/amanda/rundump root:amanda 4750
|
||||||
/usr/lib/amanda/planner root:disk 4750
|
/usr/lib/amanda/planner root:amanda 4750
|
||||||
/usr/lib/amanda/runtar root:disk 4750
|
/usr/lib/amanda/runtar root:amanda 4750
|
||||||
/usr/lib/amanda/dumper root:disk 4750
|
/usr/lib/amanda/dumper root:amanda 4750
|
||||||
/usr/lib/amanda/killpgrp root:disk 4750
|
/usr/lib/amanda/killpgrp root:amanda 4750
|
||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -302,28 +302,11 @@
|
|||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# fax
|
# sendfax
|
||||||
#
|
#
|
||||||
# faxq helper:
|
|
||||||
/usr/lib/mgetty+sendfax/faxq-helper fax:root 4711
|
/usr/lib/mgetty+sendfax/faxq-helper fax:root 4711
|
||||||
/var/spool/fax/outgoing/ fax:root 1755
|
/var/spool/fax/outgoing/ fax:root 1755
|
||||||
/var/spool/fax/outgoing/locks fax:root 0777
|
/var/spool/fax/outgoing/locks fax:root 0777
|
||||||
# TODO: package should set this permissions
|
|
||||||
/var/spool/fax/archive fax:uucp 700
|
|
||||||
/var/spool/fax/bin fax:uucp 755
|
|
||||||
/var/spool/fax/client fax:uucp 755
|
|
||||||
/var/spool/fax/config fax:uucp 755
|
|
||||||
/var/spool/fax/dev fax:uucp 755
|
|
||||||
/var/spool/fax/docq fax:uucp 700
|
|
||||||
/var/spool/fax/doneq fax:uucp 700
|
|
||||||
/var/spool/fax/etc fax:uucp 755
|
|
||||||
/var/spool/fax/info fax:uucp 755
|
|
||||||
/var/spool/fax/log fax:uucp 755
|
|
||||||
/var/spool/fax/pollq fax:uucp 700
|
|
||||||
/var/spool/fax/recvq fax:uucp 755
|
|
||||||
/var/spool/fax/sendq fax:uucp 700
|
|
||||||
/var/spool/fax/status fax:uucp 755
|
|
||||||
/var/spool/fax/tmp fax:uucp 700
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# uucp
|
# uucp
|
||||||
|
@ -283,16 +283,13 @@
|
|||||||
#
|
#
|
||||||
# amanda
|
# amanda
|
||||||
#
|
#
|
||||||
# Well, if you are gid disk already, you don't need these amanda binaries
|
/usr/sbin/amcheck root:amanda 0750
|
||||||
# to get root.
|
/usr/lib/amanda/calcsize root:amanda 0750
|
||||||
# Anyway, we don't keep the suid bits.
|
/usr/lib/amanda/rundump root:amanda 0750
|
||||||
/usr/sbin/amcheck root:disk 0750
|
/usr/lib/amanda/planner root:amanda 0750
|
||||||
/usr/lib/amanda/calcsize root:disk 0750
|
/usr/lib/amanda/runtar root:amanda 0750
|
||||||
/usr/lib/amanda/rundump root:disk 0750
|
/usr/lib/amanda/dumper root:amanda 0750
|
||||||
/usr/lib/amanda/planner root:disk 0750
|
/usr/lib/amanda/killpgrp root:amanda 0750
|
||||||
/usr/lib/amanda/runtar root:disk 0750
|
|
||||||
/usr/lib/amanda/dumper root:disk 0750
|
|
||||||
/usr/lib/amanda/killpgrp root:disk 0750
|
|
||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -318,29 +315,12 @@
|
|||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# fax
|
# sendfax
|
||||||
#
|
#
|
||||||
# restrictive, only for "trusted" group users:
|
# restrictive, only for "trusted" group users:
|
||||||
# faxq helper:
|
|
||||||
/usr/lib/mgetty+sendfax/faxq-helper fax:root 0711
|
/usr/lib/mgetty+sendfax/faxq-helper fax:root 0711
|
||||||
/var/spool/fax/outgoing/ fax:trusted 1770
|
/var/spool/fax/outgoing/ fax:trusted 1770
|
||||||
/var/spool/fax/outgoing/locks fax:trusted 1770
|
/var/spool/fax/outgoing/locks fax:trusted 1770
|
||||||
# TODO: package should set this permissions
|
|
||||||
/var/spool/fax/archive fax:uucp 700
|
|
||||||
/var/spool/fax/bin fax:uucp 755
|
|
||||||
/var/spool/fax/client fax:uucp 755
|
|
||||||
/var/spool/fax/config fax:uucp 755
|
|
||||||
/var/spool/fax/dev fax:uucp 755
|
|
||||||
/var/spool/fax/docq fax:uucp 700
|
|
||||||
/var/spool/fax/doneq fax:uucp 700
|
|
||||||
/var/spool/fax/etc fax:uucp 755
|
|
||||||
/var/spool/fax/info fax:uucp 755
|
|
||||||
/var/spool/fax/log fax:uucp 755
|
|
||||||
/var/spool/fax/pollq fax:uucp 700
|
|
||||||
/var/spool/fax/recvq fax:uucp 755
|
|
||||||
/var/spool/fax/sendq fax:uucp 700
|
|
||||||
/var/spool/fax/status fax:uucp 755
|
|
||||||
/var/spool/fax/tmp fax:uucp 700
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# uucp
|
# uucp
|
||||||
|
@ -307,16 +307,13 @@
|
|||||||
#
|
#
|
||||||
# amanda
|
# amanda
|
||||||
#
|
#
|
||||||
# Well, if you are gid disk already, you don't need these amanda binaries
|
/usr/sbin/amcheck root:amanda 0750
|
||||||
# to get root.
|
/usr/lib/amanda/calcsize root:amanda 0750
|
||||||
# Anyway, we don't keep the suid bits.
|
/usr/lib/amanda/rundump root:amanda 0750
|
||||||
/usr/sbin/amcheck root:disk 0750
|
/usr/lib/amanda/planner root:amanda 0750
|
||||||
/usr/lib/amanda/calcsize root:disk 0750
|
/usr/lib/amanda/runtar root:amanda 0750
|
||||||
/usr/lib/amanda/rundump root:disk 0750
|
/usr/lib/amanda/dumper root:amanda 0750
|
||||||
/usr/lib/amanda/planner root:disk 0750
|
/usr/lib/amanda/killpgrp root:amanda 0750
|
||||||
/usr/lib/amanda/runtar root:disk 0750
|
|
||||||
/usr/lib/amanda/dumper root:disk 0750
|
|
||||||
/usr/lib/amanda/killpgrp root:disk 0750
|
|
||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -342,29 +339,12 @@
|
|||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# fax
|
# sendfax
|
||||||
#
|
#
|
||||||
# restrictive, only for "trusted" group users:
|
# restrictive, only for "trusted" group users:
|
||||||
# faxq helper:
|
|
||||||
/usr/lib/mgetty+sendfax/faxq-helper fax:root 4711
|
/usr/lib/mgetty+sendfax/faxq-helper fax:root 4711
|
||||||
/var/spool/fax/outgoing/ fax:root 0755
|
/var/spool/fax/outgoing/ fax:root 0755
|
||||||
/var/spool/fax/outgoing/locks fax:root 0755
|
/var/spool/fax/outgoing/locks fax:root 0755
|
||||||
# TODO: package should set this permissions
|
|
||||||
/var/spool/fax/archive fax:uucp 700
|
|
||||||
/var/spool/fax/bin fax:uucp 755
|
|
||||||
/var/spool/fax/client fax:uucp 755
|
|
||||||
/var/spool/fax/config fax:uucp 755
|
|
||||||
/var/spool/fax/dev fax:uucp 755
|
|
||||||
/var/spool/fax/docq fax:uucp 700
|
|
||||||
/var/spool/fax/doneq fax:uucp 700
|
|
||||||
/var/spool/fax/etc fax:uucp 755
|
|
||||||
/var/spool/fax/info fax:uucp 755
|
|
||||||
/var/spool/fax/log fax:uucp 755
|
|
||||||
/var/spool/fax/pollq fax:uucp 700
|
|
||||||
/var/spool/fax/recvq fax:uucp 755
|
|
||||||
/var/spool/fax/sendq fax:uucp 700
|
|
||||||
/var/spool/fax/status fax:uucp 755
|
|
||||||
/var/spool/fax/tmp fax:uucp 700
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# uucp
|
# uucp
|
||||||
|
436
permissions.spec
436
permissions.spec
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# spec file for package permissions (Version 2009.3.2)
|
# spec file for package permissions (Version 2009.7.29)
|
||||||
#
|
#
|
||||||
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
@ -22,7 +22,7 @@ Name: permissions
|
|||||||
License: GPL v2 or later
|
License: GPL v2 or later
|
||||||
Group: Productivity/Security
|
Group: Productivity/Security
|
||||||
AutoReqProv: on
|
AutoReqProv: on
|
||||||
Version: 2009.3.2
|
Version: 2009.7.29
|
||||||
Release: 1
|
Release: 1
|
||||||
Provides: aaa_base:/etc/permissions
|
Provides: aaa_base:/etc/permissions
|
||||||
Requires: /sbin/SuSEconfig
|
Requires: /sbin/SuSEconfig
|
||||||
@ -91,435 +91,3 @@ install -m 644 %{SOURCE9} $RPM_BUILD_ROOT/etc
|
|||||||
/var/adm/fillup-templates/sysconfig.security
|
/var/adm/fillup-templates/sysconfig.security
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Mar 02 2009 lnussel@suse.de
|
|
||||||
- add some missing slashes to directories and remove entries for at
|
|
||||||
and cron (bnc#480855)
|
|
||||||
* Tue Nov 25 2008 lnussel@suse.de
|
|
||||||
- add VirtualBox (bnc#429725)
|
|
||||||
* Fri Nov 07 2008 lnussel@suse.de
|
|
||||||
- add newrole from policycoreutils (bnc#440596)
|
|
||||||
* Thu Oct 23 2008 lnussel@suse.de
|
|
||||||
- add udev device files (bnc#438039)
|
|
||||||
- add system crash dump directory (bnc#438041)
|
|
||||||
- add bind chroot devices (bnc#438045)
|
|
||||||
* Mon Oct 20 2008 lnussel@suse.de
|
|
||||||
- dbus-daemon-launch-helper neeeds to be setuid in level secure
|
|
||||||
(bnc#435776)
|
|
||||||
* Thu Sep 25 2008 lnussel@suse.de
|
|
||||||
- change /var/games to 755 to prevent ill-considered maneuvers there
|
|
||||||
(bnc#429882)
|
|
||||||
* Thu Sep 11 2008 lnussel@suse.de
|
|
||||||
- remove static smpppd config file permissions
|
|
||||||
- fix permissions of polkit-set-default-helper
|
|
||||||
- grant permissions to PolicyKit helpers also in level secure
|
|
||||||
* Tue Jul 15 2008 lnussel@suse.de
|
|
||||||
- ensure correct permissions on ssh files to avoid sshd refusing
|
|
||||||
logins (bnc#398250)
|
|
||||||
* Thu Jul 03 2008 lnussel@suse.de
|
|
||||||
- adapt permissions of lppasswd for current cups setup (bnc#406058)
|
|
||||||
* Mon Jun 02 2008 lnussel@suse.de
|
|
||||||
- add mount.nfs due to an ever increasing number of users
|
|
||||||
hit by the regression (bnc#331020, bnc#304318)
|
|
||||||
* Wed May 07 2008 lnussel@suse.de
|
|
||||||
- zypp-checkpatches-wrapper -> zypp-refresh-wrapper (bnc#385207)
|
|
||||||
* Mon Apr 21 2008 lnussel@suse.de
|
|
||||||
- /dev/full should be 0666 (bnc#379545)
|
|
||||||
* Thu Apr 17 2008 lnussel@suse.de
|
|
||||||
- update chkstat manpage and support '--' argument for chkstat
|
|
||||||
(bnc#57438)
|
|
||||||
* Wed Mar 12 2008 lnussel@suse.de
|
|
||||||
- new PolicyKit permissions (bnc#295341)
|
|
||||||
- remove obsolete entries for scmxx and zapping
|
|
||||||
* Mon Jan 07 2008 lnussel@suse.de
|
|
||||||
- remove setuid bits on man (#351988)
|
|
||||||
* Mon Dec 03 2007 lnussel@suse.de
|
|
||||||
- add dbus-daemon-launch-helper (#333361)
|
|
||||||
* Fri Nov 02 2007 dmueller@suse.de
|
|
||||||
- kcheckpass/kdesud moved to %%_libdir/kde4/libexec
|
|
||||||
* Wed Oct 17 2007 lnussel@suse.de
|
|
||||||
- remove bing (#306626)
|
|
||||||
* Fri Oct 12 2007 lnussel@suse.de
|
|
||||||
- remove suexec2 (#263789)
|
|
||||||
* Fri Aug 10 2007 aj@suse.de
|
|
||||||
- Readd nscd socket permissions, otherwise glibc build will fail.
|
|
||||||
* Fri Aug 10 2007 lnussel@suse.de
|
|
||||||
- add PolicyKit helpers (#295341)
|
|
||||||
* Wed Aug 08 2007 lnussel@suse.de
|
|
||||||
- remove nscd socket permission handling as chkstat refuses to touch
|
|
||||||
that file anyways (#298334).
|
|
||||||
* Tue Jun 12 2007 schwab@suse.de
|
|
||||||
- permissions.local: Fix comment to use uid:gid instead of uid.gid.
|
|
||||||
* Fri Jun 01 2007 lnussel@suse.de
|
|
||||||
- package /etc/permissions.local
|
|
||||||
* Wed May 30 2007 lnussel@suse.de
|
|
||||||
- add /usr/bin/kcheckpass and /usr/bin/kdesud (#276502)
|
|
||||||
* Wed Apr 18 2007 dmueller@suse.de
|
|
||||||
- create debuginfo package (#265667)
|
|
||||||
* Thu Feb 22 2007 lnussel@suse.de
|
|
||||||
- prefer package specific permissions files over central ones
|
|
||||||
(#246252)
|
|
||||||
* Thu Feb 22 2007 lnussel@suse.de
|
|
||||||
- add /opt/kde3/bin/start_kdeinit (#203535)
|
|
||||||
- remove entries for dropped packages OpenPBS and xtetris
|
|
||||||
* Wed Jan 17 2007 lnussel@suse.de
|
|
||||||
- make pam authentication helpers unix_chkpwd, unix2_chkpwd and
|
|
||||||
pam_auth setuid root instead of setgid shadow (#216816)
|
|
||||||
* Wed Jan 10 2007 sbrabec@suse.cz
|
|
||||||
- Prefix of /opt/gnome binaries changed to /usr.
|
|
||||||
- Removed gnome-stones.
|
|
||||||
* Mon Nov 13 2006 lnussel@suse.de
|
|
||||||
- remove khc_indexbuilder (#188192)
|
|
||||||
* Mon Oct 16 2006 lnussel@suse.de
|
|
||||||
- add zypp patch checking helper (#211286)
|
|
||||||
* Wed Aug 23 2006 lnussel@suse.de
|
|
||||||
- /usr/X11R6 -> /usr
|
|
||||||
- remove obsolete entries for xmris,pcmcia-cardinfo,geki2,vmware,nicimud
|
|
||||||
* Thu Aug 17 2006 cthiel@suse.de
|
|
||||||
- change paths for v4l-conf from /usr/X11R6/bin to /usr/bin
|
|
||||||
* Thu Jul 20 2006 sndirsch@suse.de
|
|
||||||
- Xorg moved from /usr/X11R6/bin to /usr/bin; fixes build of
|
|
||||||
xorg-x11-server package
|
|
||||||
* Tue Jun 27 2006 lnussel@suse.de
|
|
||||||
- remove setuid bit on gpg (#137562)
|
|
||||||
* Fri May 19 2006 lnussel@suse.de
|
|
||||||
- add get_printing_ticket in order to enable smb printing with
|
|
||||||
kerberos authentication (#177114)
|
|
||||||
* Wed May 17 2006 lnussel@suse.de
|
|
||||||
- add setuid bit to gnomesu-pam-backend in level secure (#175616)
|
|
||||||
* Thu Feb 23 2006 schwab@suse.de
|
|
||||||
- /usr/lib/ia32el/suid_libia32x.so renamed to suid_ia32x_loader.
|
|
||||||
* Wed Jan 25 2006 mls@suse.de
|
|
||||||
- converted neededforbuild to BuildRequires
|
|
||||||
* Mon Jan 16 2006 meissner@suse.de
|
|
||||||
- removed pmount, pumount.
|
|
||||||
- moved pmpost to /usr/lib/pcp/pmpost.
|
|
||||||
* Thu Dec 15 2005 lnussel@suse.de
|
|
||||||
- /opt/kde3/bin/fileshareset -> /usr/bin/fileshareset
|
|
||||||
* Fri Dec 09 2005 meissner@suse.de
|
|
||||||
- temporary only setuid bit for pmount and pumount. #135792
|
|
||||||
* Wed Nov 23 2005 lnussel@suse.de
|
|
||||||
- add /usr/bin/fusermount (#133657)
|
|
||||||
* Mon Nov 21 2005 lnussel@suse.de
|
|
||||||
- remove Xwrapper, it's a symlink nowadays (#134611)
|
|
||||||
* Wed Nov 02 2005 dmueller@suse.de
|
|
||||||
- don't build as root
|
|
||||||
* Thu Oct 13 2005 meissner@suse.de
|
|
||||||
- nici moved to /var/opt/novell/...
|
|
||||||
* Tue Oct 11 2005 meissner@suse.de
|
|
||||||
- Temporary added setuid binary from "nici" (Novell I? Crypto Interface),
|
|
||||||
bug #127545.
|
|
||||||
* Fri Sep 30 2005 lnussel@suse.de
|
|
||||||
- add slashes to several directories (#103186)
|
|
||||||
- change /var/games to games:games 775 again (#103186)
|
|
||||||
* Tue Aug 30 2005 lnussel@suse.de
|
|
||||||
- remove kpopup helper (#100132)
|
|
||||||
* Thu Aug 25 2005 lnussel@suse.de
|
|
||||||
- add /opt/gnome/sbin/change-passwd (#104993)
|
|
||||||
* Thu Aug 11 2005 lnussel@suse.de
|
|
||||||
- remove xmcd (#104040)
|
|
||||||
- add suexec2 from apache2 (#66304)
|
|
||||||
- add exim (#66306)
|
|
||||||
* Thu Aug 11 2005 lnussel@suse.de
|
|
||||||
- remove /opt/gnome/bin/iagno (#103844)
|
|
||||||
* Wed Aug 10 2005 lnussel@suse.de
|
|
||||||
- remove xbl (#103762)
|
|
||||||
- clean up bsd games list (#103785)
|
|
||||||
- remove score files as they are the same in all levels anyways
|
|
||||||
* Wed Aug 10 2005 lnussel@suse.de
|
|
||||||
- change /var/games{,/xsok} to root:root (#103186)
|
|
||||||
* Fri Aug 05 2005 lnussel@suse.de
|
|
||||||
- /usr/sbin/isdnctrl -> /sbin/isdnctrl (#100750)
|
|
||||||
* Tue Aug 02 2005 lnussel@suse.de
|
|
||||||
- remove kde games again. Turned out they don't work as intended.
|
|
||||||
* Tue Aug 02 2005 lnussel@suse.de
|
|
||||||
- cardctl -> pccardctl (#100120)
|
|
||||||
* Fri Jul 22 2005 lnussel@suse.de
|
|
||||||
- add setgid games to some kde games
|
|
||||||
* Wed Jun 08 2005 lnussel@suse.de
|
|
||||||
- use correct gnomesu-pam-backend path
|
|
||||||
* Tue Jun 07 2005 lnussel@suse.de
|
|
||||||
- add gnomesu-pam-backend (#75823)
|
|
||||||
- add lppasswd (#66305)
|
|
||||||
- make ntping 4750 root:trusted also in easy (#66211)
|
|
||||||
- add cl_status from heartbeat (#66310)
|
|
||||||
- remove unused /opt/gnome/sbin/change-passwd
|
|
||||||
* Mon May 16 2005 ro@suse.de
|
|
||||||
- added /opt/gnome/sbin/change-passwd
|
|
||||||
* Mon Apr 25 2005 lnussel@suse.de
|
|
||||||
- add OpenPBS permissions (#66320)
|
|
||||||
* Tue Mar 01 2005 lnussel@suse.de
|
|
||||||
- fix inn permissions (#67032)
|
|
||||||
- remove setuid bit from ziptool (#66191)
|
|
||||||
* Wed Feb 23 2005 lnussel@suse.de
|
|
||||||
- remove no longer existing files
|
|
||||||
- remove setuid plpnfsd (#66207)
|
|
||||||
- remove setuid bit from dga program
|
|
||||||
- change vmware permissions
|
|
||||||
- add /opt/kde3/bin/receivepopup (#66313)
|
|
||||||
- add /opt/kde3/bin/fileshareset (#66312)
|
|
||||||
- add /usr/bin/scmxx (#66309)
|
|
||||||
- add some missing mailman files (#66315)
|
|
||||||
- include perl script to perform some basic consistency checks
|
|
||||||
* Mon Jan 31 2005 meissner@suse.de
|
|
||||||
- backported security fix from SLES 9 branch. #43035
|
|
||||||
* Sat Jan 15 2005 schwab@suse.de
|
|
||||||
- Comment fixes.
|
|
||||||
* Mon Nov 22 2004 sndirsch@suse.de
|
|
||||||
- permissions.secure: set Xorg to 0711 (4711 before)
|
|
||||||
* Wed Nov 10 2004 ro@suse.de
|
|
||||||
- /var/cache/fonts to 1777 (as in tetex perms before)
|
|
||||||
* Mon Nov 08 2004 kukuk@suse.de
|
|
||||||
- Add nscd socket to permissions file
|
|
||||||
* Tue Sep 14 2004 ro@suse.de
|
|
||||||
- do not use rpm in SuSEconfig.permissions (#45252)
|
|
||||||
* Tue Sep 14 2004 ro@suse.de
|
|
||||||
- dropped check for perl in SuSEconfig.permissions (#45252)
|
|
||||||
* Wed May 26 2004 draht@suse.de
|
|
||||||
- /usr/lib/ia32el/suid_libia32x.so set to (6755,0755,0755) (#40234)
|
|
||||||
source code audit in progress (#40234) (thomas)
|
|
||||||
* Fri May 14 2004 ro@suse.de
|
|
||||||
- /usr/lib/ia32el/suid_libia32x.so added to easy,secure,paranoid
|
|
||||||
(0755,0755,0755) (#40234)
|
|
||||||
* Thu Apr 15 2004 sndirsch@suse.de
|
|
||||||
- XFree86 --> Xorg in permissions files
|
|
||||||
* Tue Apr 06 2004 mls@suse.de
|
|
||||||
- added --root option for buildroot operation
|
|
||||||
* Mon Apr 05 2004 mls@suse.de
|
|
||||||
- chkstat: fixed relative symlink chasing
|
|
||||||
- /usr/src/packages/RPMS back to 1777 in easy, as chkstat can
|
|
||||||
now handle it
|
|
||||||
* Sun Apr 04 2004 mls@suse.de
|
|
||||||
- chkstat: added missing link count check and safepath() function
|
|
||||||
- chkstat: refuse to give away s-bits on insecure paths
|
|
||||||
- chkstat: bugfix: stat file again after chown, as modes may have
|
|
||||||
changed
|
|
||||||
* Fri Apr 02 2004 mls@suse.de
|
|
||||||
- chkstat: re-implemented it in C to make it more secure
|
|
||||||
* Thu Apr 01 2004 kukuk@suse.de
|
|
||||||
- Remove /var/lock/subsys [#37759]
|
|
||||||
- Add sticky bit to /var/lock [#37759]
|
|
||||||
* Wed Mar 24 2004 draht@suse.de
|
|
||||||
- make /usr/bin/gpg setuid root in easy+secure, 0755 in paranoid.
|
|
||||||
[#33570].
|
|
||||||
* Tue Mar 23 2004 draht@suse.de
|
|
||||||
- #36741: /usr/src/packages/RPMS 1777->0755 in easy.
|
|
||||||
* Mon Mar 22 2004 kukuk@suse.de
|
|
||||||
- Fix syntax error in permission.easy
|
|
||||||
- /usr/bin/ssh should be always 0755
|
|
||||||
* Fri Feb 13 2004 draht@suse.de
|
|
||||||
- /var/run/uscreens (root:root 1777) added
|
|
||||||
* Thu Feb 12 2004 kukuk@suse.de
|
|
||||||
- Don't modify group of crontab and at useless
|
|
||||||
* Fri Jan 09 2004 kukuk@suse.de
|
|
||||||
- Add RPM directory for hppa2.0
|
|
||||||
* Fri Nov 21 2003 ro@suse.de
|
|
||||||
- fpexec decrease go rights to 11
|
|
||||||
* Wed Nov 05 2003 ro@suse.de
|
|
||||||
- inn scripts: u-w (not needed)
|
|
||||||
* Mon Nov 03 2003 schwab@suse.de
|
|
||||||
- chkstat: fix option parsing.
|
|
||||||
* Wed Oct 29 2003 kukuk@suse.de
|
|
||||||
- Sync permissions for shadow package
|
|
||||||
* Tue Oct 28 2003 ro@suse.de
|
|
||||||
- require /sbin/SuSEconfig
|
|
||||||
* Tue Oct 28 2003 ro@suse.de
|
|
||||||
- chkstat: added some new extensions:
|
|
||||||
allow specifying singular files or a filelist to be checked
|
|
||||||
output previous/current mode of a failed file
|
|
||||||
adapted manpage
|
|
||||||
* Tue Oct 21 2003 draht@suse.de
|
|
||||||
- permissions.secure: /etc/ftpusers 0640 root.root -> 0644
|
|
||||||
* Mon Oct 20 2003 ro@suse.de
|
|
||||||
- permissions.*: use ":" and not "." to separate user/group
|
|
||||||
- chkstat: output also which of (permissions/owner) is wrong
|
|
||||||
- chkstat: don't try to chown if not root
|
|
||||||
* Tue Oct 14 2003 draht@suse.de
|
|
||||||
- reformatting of all 4 permissions files. xkobo, rocksndiamonds,
|
|
||||||
xlogical, lbreakout2 and ltris path adoptions.
|
|
||||||
for future reference: :-)
|
|
||||||
for i in permissions permissions.easy permissions.secure
|
|
||||||
permissions.paranoid; do cat $i | \
|
|
||||||
awk '/^(#|$)/ { print $0; next; }
|
|
||||||
{ if(NF > 3) {printf("error: %%s\n",$0);exit};
|
|
||||||
printf("%%-55s %%-17s %%4s\n",$1,$2,$3)}' \
|
|
||||||
> $i.. && mv $i.. $i; done
|
|
||||||
* Thu Sep 18 2003 kukuk@suse.de
|
|
||||||
- Fix group of straps, popauth and ntping
|
|
||||||
- Remove some GNOME games which do not need special rights anymore
|
|
||||||
* Tue Sep 16 2003 kukuk@suse.de
|
|
||||||
- permissions.easy: change group of bing, vboxbeep, plpnfsd to
|
|
||||||
trusted, majordomo/wrapper to daemon
|
|
||||||
* Tue Sep 16 2003 kukuk@suse.de
|
|
||||||
- permissions.easy: change group of gpasswd and ziptool to trusted
|
|
||||||
* Tue Sep 02 2003 kkeil@suse.de
|
|
||||||
- fix user fax for hylafax specific files
|
|
||||||
* Tue Sep 02 2003 kukuk@suse.de
|
|
||||||
- fix path to cons.saver, remove setuid bit in paranoid (#25907)
|
|
||||||
- remove screen
|
|
||||||
- remove smail (dropped years ago)
|
|
||||||
* Mon Sep 01 2003 kkeil@suse.de
|
|
||||||
- fix group for isdnctrl uucp --> dialout (#28997)
|
|
||||||
* Mon Sep 01 2003 draht@suse.de
|
|
||||||
- feedback@suse.de -> http://www.suse.de/feedback in all files of
|
|
||||||
the package. #29635.
|
|
||||||
* Sat Aug 23 2003 sndirsch@suse.de
|
|
||||||
- added martian entries of package pachi
|
|
||||||
* Tue Aug 19 2003 mmj@suse.de
|
|
||||||
- Add sysconfig metadata [#28937]
|
|
||||||
* Tue Jul 29 2003 draht@suse.de
|
|
||||||
- fax changes from Tomas Crhak: faxq-helper and spool directories.
|
|
||||||
* Tue Jul 29 2003 ro@suse.de
|
|
||||||
- gnome games moved back to /opt/gnome
|
|
||||||
* Mon Jul 28 2003 kukuk@suse.de
|
|
||||||
- Remove /var/run from permissions file list [Bug #28289]
|
|
||||||
* Mon Jul 28 2003 kukuk@suse.de
|
|
||||||
- /var/lib/gdm: Removed to solve [Bug #28257] for future products.
|
|
||||||
* Fri Jul 25 2003 draht@suse.de
|
|
||||||
- /usr/lib/vte/gnome-pty-helper -> /opt/gnome/lib/vte/gnome-pty-helper
|
|
||||||
The same with /opt/gnome/lib64/.
|
|
||||||
* Fri Jun 13 2003 kukuk@suse.de
|
|
||||||
- /usr/lib/mgetty+sendfax/faxq-helper added 4711 in easy and secure
|
|
||||||
* Fri May 02 2003 sndirsch@suse.de
|
|
||||||
- added /usr/games/pachi and /var/games/pachi.scores
|
|
||||||
* Mon Mar 10 2003 sndirsch@suse.de
|
|
||||||
- added /usr/games/falconseye.bin
|
|
||||||
- removed /usr/games/falconseye
|
|
||||||
* Mon Mar 10 2003 kukuk@suse.de
|
|
||||||
- added /usr/lib64/vte/gnome-pty-helper until ported to utempter
|
|
||||||
* Sun Mar 09 2003 sndirsch@suse.de
|
|
||||||
- added /usr/games/falconseye
|
|
||||||
- removed old falconseye entries
|
|
||||||
* Thu Mar 06 2003 ro@suse.de
|
|
||||||
- added /usr/lib/vte/gnome-pty-helper until ported to utempter
|
|
||||||
* Thu Feb 20 2003 mmj@suse.de
|
|
||||||
- Add sysconfig metadata [#22686]
|
|
||||||
* Tue Feb 18 2003 kssingvo@suse.de
|
|
||||||
- removed squid entries. They will be added and corrected to squids own
|
|
||||||
permission file /etc/permissions.d/squid (bugzilla#23752):
|
|
||||||
/var/squid
|
|
||||||
/var/squid/cache
|
|
||||||
/var/squid/logs
|
|
||||||
* Tue Feb 18 2003 draht@suse.de
|
|
||||||
- /usr/games/trackballs added 2755 games.games in easy.
|
|
||||||
* Sun Feb 16 2003 adrian@suse.de
|
|
||||||
- allow khc_indexbuilder to write into /var/cache/susehelp in easy mode
|
|
||||||
- remove old entries (kreatecd and kscd)
|
|
||||||
* Mon Feb 10 2003 draht@suse.de
|
|
||||||
- additions/changes (from #17012, Tobias Burnus):
|
|
||||||
* read all files from the commandline at once and override
|
|
||||||
entries given multiple times by the last entry
|
|
||||||
* enable option --set in addition to -set
|
|
||||||
* manpage adoptions
|
|
||||||
* call chkstat only once from SuSEconfig.permissions
|
|
||||||
* Thu Feb 06 2003 ro@suse.de
|
|
||||||
- /var/mtrack -> /var/lib/mtrack
|
|
||||||
* Tue Nov 19 2002 ro@suse.de
|
|
||||||
- zapping_setup_fb moved to /opt/gnome/sbin
|
|
||||||
* Thu Nov 14 2002 bg@suse.de
|
|
||||||
- added hppa to rpm subsystem in permissions files to be able to
|
|
||||||
finish autobuild
|
|
||||||
* Thu Oct 24 2002 ro@suse.de
|
|
||||||
- two more nethack flavors with sgid games in easy
|
|
||||||
* Tue Sep 10 2002 draht@suse.de
|
|
||||||
- cda entries below /usr/X11R6/lib/X11/xmcd removed.
|
|
||||||
index.html under /var/lib/xmcd/discog directories added
|
|
||||||
world-writeable. This is not satisfactory. New user xmcd will be
|
|
||||||
added in next release.
|
|
||||||
* Thu Sep 05 2002 draht@suse.de
|
|
||||||
- /usr/X11R6/lib/X11/xmcd/bin-Linux-ia64/{cda,xmcd} added.
|
|
||||||
* Mon Aug 26 2002 draht@suse.de
|
|
||||||
- removed all occurrences of kv4lsetup upon request by adrian+uli.
|
|
||||||
- -s for xlock, xlock-mesa + xscreensaver (#18125), (#18132)
|
|
||||||
- /usr/src/packages/RPMS/alphaev67 added.
|
|
||||||
- added /sbin/unix2_chkpwd root.shadow 2755
|
|
||||||
- -s /usr/sbin/papd (#18103)
|
|
||||||
* Wed Aug 21 2002 draht@suse.de
|
|
||||||
- removed suid bits from heimdal's su and otp (#18104)
|
|
||||||
* Wed Aug 21 2002 draht@suse.de
|
|
||||||
- remove setuid bit from traceroute due to new implementation by
|
|
||||||
Olaf Kirch which doesn't need euid root. (#18101)
|
|
||||||
* Wed Aug 21 2002 draht@suse.de
|
|
||||||
- removed lprng entries because of conflicts cups <-> lprng
|
|
||||||
* Wed Aug 21 2002 draht@suse.de
|
|
||||||
- vboxbeep -> 0755 in secure.
|
|
||||||
* Mon Aug 19 2002 ro@suse.de
|
|
||||||
- added prereq (#17956)
|
|
||||||
* Mon Aug 19 2002 uli@suse.de
|
|
||||||
- added nethack for lib64 archs
|
|
||||||
* Mon Aug 19 2002 uli@suse.de
|
|
||||||
- added xmcd for archs != i386
|
|
||||||
* Tue Aug 13 2002 draht@suse.de
|
|
||||||
- gnome-games2 entries changed/adopted to /opt/gnome2 path.
|
|
||||||
* Tue Aug 13 2002 draht@suse.de
|
|
||||||
- changed kcheckpass from 2755 root.shadow to 4755. (#17664)
|
|
||||||
* Wed Jul 31 2002 olh@suse.de
|
|
||||||
- ncpmount, ncpumount, nwsfind, ncplogin, ncpmap root.trusted 4750
|
|
||||||
* Sat Jul 27 2002 kukuk@suse.de
|
|
||||||
- Rename group wwwadmin to www
|
|
||||||
- Rename group game to games
|
|
||||||
* Tue Jul 23 2002 draht@suse.de
|
|
||||||
- added sapdb files, not setuid root in secure,paranoid.
|
|
||||||
* Mon Jul 22 2002 draht@suse.de
|
|
||||||
- added frontpage files
|
|
||||||
* Tue Jul 16 2002 draht@suse.de
|
|
||||||
- changed entries for mailman: group mdom -> mailman
|
|
||||||
* Tue Jul 16 2002 draht@suse.de
|
|
||||||
- mailman sgid mdom files added to easy, secure and paranoid.
|
|
||||||
* Wed Jul 10 2002 draht@suse.de
|
|
||||||
- .paranoid comment fixed about at and cron (#12159)
|
|
||||||
* Mon Jul 08 2002 draht@suse.de
|
|
||||||
- ppp dialup networking fixes and cleanup.
|
|
||||||
* Mon Jul 08 2002 draht@suse.de
|
|
||||||
- modifications: -s for pppd, world-writeable directories for
|
|
||||||
kdemultimedia3-sound, gift, mips and armv4l RPMS directory.
|
|
||||||
* Fri Jul 05 2002 kukuk@suse.de
|
|
||||||
- Add /usr/src/packages/RPMS/sparcv9 to easy,secure,paranoid.
|
|
||||||
* Thu Jul 04 2002 draht@suse.de
|
|
||||||
- /usr/lib64/pt_chown added to easy,secure,paranoid.
|
|
||||||
* Mon Jul 01 2002 draht@suse.de
|
|
||||||
- entries for packages added or changed:
|
|
||||||
squid
|
|
||||||
geki2
|
|
||||||
d1x
|
|
||||||
falconseye
|
|
||||||
fdutils
|
|
||||||
gewels
|
|
||||||
gnome-games
|
|
||||||
heimdal
|
|
||||||
lbreakout
|
|
||||||
lpdfilter
|
|
||||||
lprng
|
|
||||||
man
|
|
||||||
mgetty (/var/spool/fax/outgoing/* need discussion)
|
|
||||||
mtrack (locfile+satfile -> 0644)
|
|
||||||
nethack
|
|
||||||
nvi-m17n (/var/preserve/vi.recover -> 1777)
|
|
||||||
opie (/bin -> /usr/bin)
|
|
||||||
pcp
|
|
||||||
plptools
|
|
||||||
qpopper
|
|
||||||
rp-pppoe (/usr/sbin/pppoe-wrapper)
|
|
||||||
smpppd (/usr/sbin/cinternet-wwwrun wwwrun.dialout 2750)
|
|
||||||
squid (/usr/sbin/pam_auth)
|
|
||||||
su-wrapper
|
|
||||||
xemacs (lock directory changed again? now /var/state/xemacs and /var/lib/xemacs)
|
|
||||||
xgalaga
|
|
||||||
xmcd
|
|
||||||
xscrabble
|
|
||||||
* Mon Jul 01 2002 ro@suse.de
|
|
||||||
- don't install all sources (spec file etc.)
|
|
||||||
* Fri Jun 28 2002 draht@suse.de
|
|
||||||
- minor spec file change
|
|
||||||
* Fri Jun 28 2002 draht@suse.de
|
|
||||||
- entries for packages added:
|
|
||||||
ftpdir
|
|
||||||
gnokii
|
|
||||||
kamplus
|
|
||||||
geki2
|
|
||||||
aaa_dir (/tmp/.ICE-unix)
|
|
||||||
* Fri Jun 28 2002 draht@suse.de
|
|
||||||
- unpack tar archive in source for convenience.
|
|
||||||
* Thu Jun 27 2002 olh@suse.de
|
|
||||||
- update permissions of /usr/src/packages/RPMS/<arch>
|
|
||||||
* Fri Jun 21 2002 ro@suse.de
|
|
||||||
- created package as split off from aaa_base
|
|
||||||
|
Loading…
Reference in New Issue
Block a user