forked from pool/shadow
Accepting request 398913 from home:jubalh
OBS-URL: https://build.opensuse.org/request/show/398913 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=21
This commit is contained in:
parent
5d813f9f9f
commit
b4a2128e54
42
Fix-user-busy-errors-at-userdel.patch
Normal file
42
Fix-user-busy-errors-at-userdel.patch
Normal file
@ -0,0 +1,42 @@
|
||||
From 546e2ae44955510b06a922647796ec54744f10ce Mon Sep 17 00:00:00 2001
|
||||
From: Bastian Blank <bastian.blank@credativ.de>
|
||||
Date: Tue, 17 Nov 2015 10:52:24 -0600
|
||||
Subject: [PATCH 17/17] Fix user busy errors at userdel
|
||||
|
||||
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
|
||||
---
|
||||
libmisc/user_busy.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
--- libmisc/user_busy.c
|
||||
+++ libmisc/user_busy.c
|
||||
@@ -175,6 +175,9 @@ static int user_busy_processes (const char *name, uid_t uid)
|
||||
if (stat ("/", &sbroot) != 0) {
|
||||
perror ("stat (\"/\")");
|
||||
(void) closedir (proc);
|
||||
+#ifdef ENABLE_SUBIDS
|
||||
+ sub_uid_close();
|
||||
+#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -212,6 +215,9 @@ static int user_busy_processes (const char *name, uid_t uid)
|
||||
|
||||
if (check_status (name, tmp_d_name, uid) != 0) {
|
||||
(void) closedir (proc);
|
||||
+#ifdef ENABLE_SUBIDS
|
||||
+ sub_uid_close();
|
||||
+#endif
|
||||
fprintf (stderr,
|
||||
_("%s: user %s is currently used by process %d\n"),
|
||||
Prog, name, pid);
|
||||
@@ -232,6 +238,9 @@ static int user_busy_processes (const char *name, uid_t uid)
|
||||
}
|
||||
if (check_status (name, task_path+6, uid) != 0) {
|
||||
(void) closedir (proc);
|
||||
+#ifdef ENABLE_SUBIDS
|
||||
+ sub_uid_close();
|
||||
+#endif
|
||||
fprintf (stderr,
|
||||
_("%s: user %s is currently used by process %d\n"),
|
||||
Prog, name, pid);
|
@ -1,91 +0,0 @@
|
||||
--- lib/getdef.c
|
||||
+++ lib/getdef.c 2012/09/26 14:14:15
|
||||
@@ -51,6 +51,7 @@
|
||||
|
||||
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
|
||||
static struct itemdef def_table[] = {
|
||||
+ {"CHARACTER_CLASS", NULL},
|
||||
{"CHFN_RESTRICT", NULL},
|
||||
{"CONSOLE_GROUPS", NULL},
|
||||
{"CONSOLE", NULL},
|
||||
--- libmisc/chkname.c
|
||||
+++ libmisc/chkname.c 2012/09/27 12:32:18
|
||||
@@ -43,31 +43,55 @@
|
||||
#ident "$Id: chkname.c 2828 2009-04-28 19:14:05Z nekral-guest $"
|
||||
|
||||
#include <ctype.h>
|
||||
+#include <regex.h>
|
||||
#include "defines.h"
|
||||
#include "chkname.h"
|
||||
+#include "getdef.h"
|
||||
+#include <stdio.h>
|
||||
|
||||
static bool is_valid_name (const char *name)
|
||||
{
|
||||
- /*
|
||||
- * User/group names must match [a-z_][a-z0-9_-]*[$]
|
||||
- */
|
||||
- if (('\0' == *name) ||
|
||||
- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
|
||||
- return false;
|
||||
- }
|
||||
+ const char *class;
|
||||
+ regex_t reg;
|
||||
+ int result;
|
||||
+ char *buf;
|
||||
+
|
||||
+ /* User/group names must match [A-Za-z_][A-Za-z0-9_-.]*[A-Za-z0-9_-.$]?.
|
||||
+ This is the POSIX portable character class. The $ at the end is
|
||||
+ needed for SAMBA. But user can also specify something else in
|
||||
+ /etc/login.defs. */
|
||||
+ class = getdef_str ("CHARACTER_CLASS");
|
||||
+ if (!class)
|
||||
+ class = "[a-z_][a-z0-9_.-]*[a-z0-9_.$-]\\?";
|
||||
+
|
||||
+ if (asprintf (&buf, "^%s$", class) < 0)
|
||||
+ return -1;
|
||||
+
|
||||
+ memset (®, 0, sizeof (regex_t));
|
||||
+ result = regcomp (®, buf, 0);
|
||||
+ free (buf);
|
||||
+
|
||||
+ if (result)
|
||||
+ {
|
||||
+ size_t length = regerror (result, ®, NULL, 0);
|
||||
+ char *buffer = malloc (length);
|
||||
+ if (buffer == NULL)
|
||||
+ fputs ("running out of memory!\n", stderr);
|
||||
+
|
||||
+ /* else
|
||||
+ {
|
||||
+ regerror (result, ®, buffer, length);
|
||||
+ fprintf (stderr, _("Can't compile regular expression: %s\n"),
|
||||
+ buffer);
|
||||
+ } */
|
||||
|
||||
- while ('\0' != *++name) {
|
||||
- if (!(( ('a' <= *name) && ('z' >= *name) ) ||
|
||||
- ( ('0' <= *name) && ('9' >= *name) ) ||
|
||||
- ('_' == *name) ||
|
||||
- ('-' == *name) ||
|
||||
- ( ('$' == *name) && ('\0' == *(name + 1)) )
|
||||
- )) {
|
||||
- return false;
|
||||
- }
|
||||
- }
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ if (regexec (®, name, 0, NULL, 0) != 0)
|
||||
+ return false;
|
||||
|
||||
- return true;
|
||||
+ return true;
|
||||
}
|
||||
|
||||
bool is_valid_user_name (const char *name)
|
||||
@@ -96,4 +120,3 @@
|
||||
|
||||
return is_valid_name (name);
|
||||
}
|
||||
-
|
83
chkname-regex.patch
Normal file
83
chkname-regex.patch
Normal file
@ -0,0 +1,83 @@
|
||||
--- lib/getdef.c
|
||||
+++ lib/getdef.c
|
||||
@@ -51,6 +51,7 @@ struct itemdef {
|
||||
|
||||
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
|
||||
static struct itemdef def_table[] = {
|
||||
+ {"CHARACTER_CLASS", NULL},
|
||||
{"CHFN_RESTRICT", NULL},
|
||||
{"CONSOLE_GROUPS", NULL},
|
||||
{"CONSOLE", NULL},
|
||||
--- libmisc/chkname.c
|
||||
+++ libmisc/chkname.c
|
||||
@@ -43,30 +43,57 @@
|
||||
#ident "$Id$"
|
||||
|
||||
#include <ctype.h>
|
||||
+#include <regex.h>
|
||||
#include "defines.h"
|
||||
#include "chkname.h"
|
||||
+#include "getdef.h"
|
||||
+#include <stdio.h>
|
||||
|
||||
static bool is_valid_name (const char *name)
|
||||
{
|
||||
- /*
|
||||
- * User/group names must match [a-z_][a-z0-9_-]*[$]
|
||||
- */
|
||||
- if (('\0' == *name) ||
|
||||
- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
|
||||
+ const char *class;
|
||||
+ regex_t reg;
|
||||
+ int result;
|
||||
+ char *buf;
|
||||
+
|
||||
+ /* User/group names must match [A-Za-z_][A-Za-z0-9_-.]*[A-Za-z0-9_-.$]?.
|
||||
+ This is the POSIX portable character class. The $ at the end is
|
||||
+ needed for SAMBA. But user can also specify something else in
|
||||
+ /etc/login.defs. */
|
||||
+ class = getdef_str ("CHARACTER_CLASS");
|
||||
+ if (!class)
|
||||
+ class = "[a-z_][a-z0-9_.-]*[a-z0-9_.$-]\\?";
|
||||
+
|
||||
+ if (asprintf (&buf, "^%s$", class) < 0)
|
||||
+ return -1;
|
||||
+
|
||||
+ memset (®, 0, sizeof (regex_t));
|
||||
+ result = regcomp (®, buf, 0);
|
||||
+ free (buf);
|
||||
+
|
||||
+ if (result) {
|
||||
+ size_t length = regerror (result, ®, NULL, 0);
|
||||
+ char *buffer = malloc (length);
|
||||
+ if (buffer == NULL)
|
||||
+ fputs ("running out of memory!\n", stderr);
|
||||
+
|
||||
+ /* else
|
||||
+ {
|
||||
+ regerror (result, ®, buffer, length);
|
||||
+ fprintf (stderr, _("Can't compile regular expression: %s\n"),
|
||||
+ buffer);
|
||||
+ } */
|
||||
+
|
||||
+ regfree(®);
|
||||
return false;
|
||||
}
|
||||
|
||||
- while ('\0' != *++name) {
|
||||
- if (!(( ('a' <= *name) && ('z' >= *name) ) ||
|
||||
- ( ('0' <= *name) && ('9' >= *name) ) ||
|
||||
- ('_' == *name) ||
|
||||
- ('-' == *name) ||
|
||||
- ( ('$' == *name) && ('\0' == *(name + 1)) )
|
||||
- )) {
|
||||
- return false;
|
||||
- }
|
||||
+ if (regexec (®, name, 0, NULL, 0) != 0) {
|
||||
+ regfree(®);
|
||||
+ return false;
|
||||
}
|
||||
|
||||
+ regfree(®);
|
||||
return true;
|
||||
}
|
@ -1,6 +1,6 @@
|
||||
--- lib/getdef.c
|
||||
+++ lib/getdef.c 2013/11/12 13:44:01
|
||||
@@ -57,6 +57,7 @@
|
||||
+++ lib/getdef.c
|
||||
@@ -58,6 +58,7 @@ static struct itemdef def_table[] = {
|
||||
{"CREATE_HOME", NULL},
|
||||
{"DEFAULT_HOME", NULL},
|
||||
{"ENCRYPT_METHOD", NULL},
|
@ -1,6 +1,6 @@
|
||||
--- lib/getdef.c
|
||||
+++ lib/getdef.c 2012/11/13 16:26:34
|
||||
@@ -64,6 +64,7 @@
|
||||
+++ lib/getdef.c
|
||||
@@ -65,6 +65,7 @@ static struct itemdef def_table[] = {
|
||||
{"FAKE_SHELL", NULL},
|
||||
{"GID_MAX", NULL},
|
||||
{"GID_MIN", NULL},
|
||||
@ -8,7 +8,7 @@
|
||||
{"HUSHLOGIN_FILE", NULL},
|
||||
{"KILLCHAR", NULL},
|
||||
{"LOGIN_RETRIES", NULL},
|
||||
@@ -93,7 +94,10 @@
|
||||
@@ -100,7 +101,10 @@ static struct itemdef def_table[] = {
|
||||
{"UID_MAX", NULL},
|
||||
{"UID_MIN", NULL},
|
||||
{"UMASK", NULL},
|
||||
@ -19,7 +19,7 @@
|
||||
{"USERGROUPS_ENAB", NULL},
|
||||
#ifndef USE_PAM
|
||||
{"CHFN_AUTH", NULL},
|
||||
@@ -129,6 +133,10 @@
|
||||
@@ -136,6 +140,10 @@ static struct itemdef def_table[] = {
|
||||
{"TCB_SYMLINKS", NULL},
|
||||
{"USE_TCB", NULL},
|
||||
#endif
|
31
shadow-4.1.5.1-audit-owner.patch
Normal file
31
shadow-4.1.5.1-audit-owner.patch
Normal file
@ -0,0 +1,31 @@
|
||||
--- src/usermod.c
|
||||
+++ src/usermod.c
|
||||
@@ -1808,6 +1808,14 @@ static void move_home (void)
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
|
||||
+#ifdef WITH_AUDIT
|
||||
+ if (uflg || gflg) {
|
||||
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||
+ "changing home directory owner",
|
||||
+ user_newname, (unsigned int) user_newid, 1);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
if (rename (user_home, user_newhome) == 0) {
|
||||
/* FIXME: rename above may have broken symlinks
|
||||
* pointing to the user's home directory
|
||||
@@ -2254,6 +2262,13 @@ int main (int argc, char **argv)
|
||||
* ownership.
|
||||
*
|
||||
*/
|
||||
+#ifdef WITH_AUDIT
|
||||
+ if (uflg || gflg) {
|
||||
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||
+ "changing home directory owner",
|
||||
+ user_newname, (unsigned int) user_newid, 1);
|
||||
+ }
|
||||
+#endif
|
||||
if (chown_tree (dflg ? user_newhome : user_home,
|
||||
user_id,
|
||||
uflg ? user_newid : (uid_t)-1,
|
@ -1,7 +1,6 @@
|
||||
diff -up shadow-4.1.5.1/lib/commonio.c.backup-mode shadow-4.1.5.1/lib/commonio.c
|
||||
--- shadow-4.1.5.1/lib/commonio.c.backup-mode 2012-05-18 21:44:54.000000000 +0200
|
||||
+++ shadow-4.1.5.1/lib/commonio.c 2012-09-19 20:27:16.089444234 +0200
|
||||
@@ -301,15 +301,12 @@ static int create_backup (const char *ba
|
||||
--- lib/commonio.c
|
||||
+++ lib/commonio.c
|
||||
@@ -301,15 +301,12 @@ static int create_backup (const char *backup, FILE * fp)
|
||||
struct utimbuf ub;
|
||||
FILE *bkfp;
|
||||
int c;
|
||||
|
@ -1,6 +1,6 @@
|
||||
--- src/useradd.c
|
||||
+++ src/useradd.c 2013/09/17 12:30:31
|
||||
@@ -1759,6 +1759,9 @@
|
||||
+++ src/useradd.c
|
||||
@@ -1896,6 +1896,9 @@ static void create_home (void)
|
||||
if (access (user_home, F_OK) != 0) {
|
||||
#ifdef WITH_SELINUX
|
||||
if (set_selinux_file_context (user_home) != 0) {
|
||||
@ -10,7 +10,7 @@
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
#endif
|
||||
@@ -1788,6 +1791,9 @@
|
||||
@@ -1925,6 +1928,9 @@ static void create_home (void)
|
||||
#ifdef WITH_SELINUX
|
||||
/* Reset SELinux to create files with default contexts */
|
||||
if (reset_selinux_file_context () != 0) {
|
||||
|
@ -1,7 +1,6 @@
|
||||
diff -up shadow-4.1.5.1/src/useradd.c.logmsg shadow-4.1.5.1/src/useradd.c
|
||||
--- shadow-4.1.5.1/src/useradd.c.logmsg 2013-02-20 15:41:44.000000000 +0100
|
||||
+++ shadow-4.1.5.1/src/useradd.c 2013-03-19 18:40:04.908292810 +0100
|
||||
@@ -275,7 +275,7 @@ static void fail_exit (int code)
|
||||
--- src/useradd.c
|
||||
+++ src/useradd.c
|
||||
@@ -320,7 +320,7 @@ static void fail_exit (int code)
|
||||
user_name, AUDIT_NO_ID,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
#endif
|
||||
|
@ -1,16 +1,6 @@
|
||||
diff -up shadow-4.1.5.1/man/useradd.8.xml.manfix shadow-4.1.5.1/man/useradd.8.xml
|
||||
--- shadow-4.1.5.1/man/useradd.8.xml.manfix 2013-06-14 15:25:44.000000000 +0200
|
||||
+++ shadow-4.1.5.1/man/useradd.8.xml 2013-07-19 07:33:53.768619759 +0200
|
||||
@@ -161,7 +161,7 @@
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
- <option>-d</option>, <option>--home</option>
|
||||
+ <option>-d</option>, <option>--home-dir</option>
|
||||
<replaceable>HOME_DIR</replaceable>
|
||||
</term>
|
||||
<listitem>
|
||||
@@ -362,7 +362,7 @@
|
||||
--- man/useradd.8.xml
|
||||
+++ man/useradd.8.xml
|
||||
@@ -351,7 +351,7 @@
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
|
14
shadow-4.1.5.1-userdel-helpfix.patch
Normal file
14
shadow-4.1.5.1-userdel-helpfix.patch
Normal file
@ -0,0 +1,14 @@
|
||||
--- src/userdel.c
|
||||
+++ src/userdel.c
|
||||
@@ -143,8 +143,9 @@ static void usage (int status)
|
||||
"\n"
|
||||
"Options:\n"),
|
||||
Prog);
|
||||
- (void) fputs (_(" -f, --force force removal of files,\n"
|
||||
- " even if not owned by user\n"),
|
||||
+ (void) fputs (_(" -f, --force force some actions that would fail otherwise\n"
|
||||
+ " e.g. removal of user still logged in\n"
|
||||
+ " or files, even if not owned by the user\n"),
|
||||
usageout);
|
||||
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
|
||||
(void) fputs (_(" -r, --remove remove home directory and mail spool\n"), usageout);
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:aa32333748d68b58ed3a83625f0165e0f6b9dc4639e6377c9300c6bf4fe978fb
|
||||
size 2193325
|
23
shadow-4.2.1-defs-chroot.patch
Normal file
23
shadow-4.2.1-defs-chroot.patch
Normal file
@ -0,0 +1,23 @@
|
||||
--- src/useradd.c
|
||||
+++ src/useradd.c
|
||||
@@ -2054,8 +2054,8 @@ int main (int argc, char **argv)
|
||||
#endif /* ACCT_TOOLS_SETUID */
|
||||
|
||||
/* Needed for userns check */
|
||||
- uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
|
||||
- uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
|
||||
+ uid_t uid_min;
|
||||
+ uid_t uid_max;
|
||||
|
||||
/*
|
||||
* Get my name so that I can use it to report errors.
|
||||
@@ -2073,6 +2073,9 @@ int main (int argc, char **argv)
|
||||
audit_help_open ();
|
||||
#endif
|
||||
|
||||
+ uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
|
||||
+ uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
|
||||
+
|
||||
sys_ngroups = sysconf (_SC_NGROUPS_MAX);
|
||||
user_groups = (char **) xmalloc ((1 + sys_ngroups) * sizeof (char *));
|
||||
/*
|
12
shadow-4.2.1-merge-group.patch
Normal file
12
shadow-4.2.1-merge-group.patch
Normal file
@ -0,0 +1,12 @@
|
||||
--- lib/groupio.c
|
||||
+++ lib/groupio.c
|
||||
@@ -335,8 +335,7 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
|
||||
errno = ENOMEM;
|
||||
return NULL;
|
||||
}
|
||||
- snprintf(new_line, new_line_len, "%s\n%s", gr1->line, gr2->line);
|
||||
- new_line[new_line_len] = '\0';
|
||||
+ snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line);
|
||||
|
||||
/* Concatenate the 2 list of members */
|
||||
for (i=0; NULL != gptr1->gr_mem[i]; i++);
|
3
shadow-4.2.1.tar.xz
Normal file
3
shadow-4.2.1.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41
|
||||
size 1594536
|
@ -1,31 +1,31 @@
|
||||
--- etc/login.defs
|
||||
+++ etc/login.defs 2013/02/05 12:16:54
|
||||
@@ -1,8 +1,6 @@
|
||||
+++ etc/login.defs
|
||||
@@ -1,8 +1,5 @@
|
||||
#
|
||||
# /etc/login.defs - Configuration control definitions for the shadow package.
|
||||
#
|
||||
-# $Id: login.defs 3189 2010-03-26 11:53:06Z nekral-guest $
|
||||
-#
|
||||
-# $Id$
|
||||
-#
|
||||
|
||||
#
|
||||
# Delay in seconds before being allowed another attempt after a login failure
|
||||
@@ -12,11 +10,6 @@
|
||||
@@ -12,11 +9,6 @@
|
||||
FAIL_DELAY 3
|
||||
|
||||
#
|
||||
-# Enable logging and display of /var/log/faillog login failure info.
|
||||
-# Enable logging and display of /var/log/faillog login(1) failure info.
|
||||
-#
|
||||
-FAILLOG_ENAB yes
|
||||
-
|
||||
-#
|
||||
# Enable display of unknown usernames when login failures are recorded.
|
||||
# Enable display of unknown usernames when login(1) failures are recorded.
|
||||
#
|
||||
LOG_UNKFAIL_ENAB no
|
||||
@@ -27,34 +20,6 @@
|
||||
@@ -27,34 +19,6 @@ LOG_UNKFAIL_ENAB no
|
||||
LOG_OK_LOGINS no
|
||||
|
||||
#
|
||||
-# Enable logging and display of /var/log/lastlog login time info.
|
||||
-# Enable logging and display of /var/log/lastlog login(1) time info.
|
||||
-#
|
||||
-LASTLOG_ENAB yes
|
||||
-
|
||||
@ -48,45 +48,45 @@
|
||||
-PORTTIME_CHECKS_ENAB yes
|
||||
-
|
||||
-#
|
||||
-# Enable setting of ulimit, umask, and niceness from passwd gecos field.
|
||||
-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
|
||||
-#
|
||||
-QUOTAS_ENAB yes
|
||||
-
|
||||
-#
|
||||
# Enable "syslog" logging of su activity - in addition to sulog file logging.
|
||||
# SYSLOG_SG_ENAB does the same for newgrp and sg.
|
||||
# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
|
||||
# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
|
||||
#
|
||||
@@ -82,75 +47,31 @@
|
||||
@@ -82,75 +46,31 @@ MOTD_FILE /etc/motd
|
||||
#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
|
||||
|
||||
#
|
||||
-# If defined, this file will be output before each login prompt.
|
||||
-# If defined, this file will be output before each login(1) prompt.
|
||||
-#
|
||||
-#ISSUE_FILE /etc/issue
|
||||
-
|
||||
-#
|
||||
# If defined, file which maps tty line to TERM environment parameter.
|
||||
# Each line of the file is in a format something like "vt100 tty01".
|
||||
# Each line of the file is in a format similar to "vt100 tty01".
|
||||
#
|
||||
#TTYTYPE_FILE /etc/ttytype
|
||||
|
||||
#
|
||||
-# If defined, login failures will be logged here in a utmp format.
|
||||
-# last, when invoked as lastb, will read /var/log/btmp, so...
|
||||
-# If defined, login(1) failures will be logged here in a utmp format.
|
||||
-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
|
||||
-#
|
||||
-FTMP_FILE /var/log/btmp
|
||||
-
|
||||
-#
|
||||
-# If defined, name of file whose presence which will inhibit non-root
|
||||
-# logins. The contents of this file should be a message indicating
|
||||
-# If defined, name of file whose presence will inhibit non-root
|
||||
-# logins. The content of this file should be a message indicating
|
||||
-# why logins are inhibited.
|
||||
-#
|
||||
-NOLOGINS_FILE /etc/nologin
|
||||
-
|
||||
-#
|
||||
-# If defined, the command name to display when running "su -". For
|
||||
-# example, if this is defined as "su" then a "ps" will display the
|
||||
-# command is "-su". If not defined, then "ps" would display the
|
||||
-# example, if this is defined as "su" then ps(1) will display the
|
||||
-# command as "-su". If not defined, then ps(1) will display the
|
||||
-# name of the shell actually being run, e.g. something like "-sh".
|
||||
-#
|
||||
-SU_NAME su
|
||||
@ -140,8 +140,8 @@
|
||||
|
||||
#
|
||||
# Terminal permissions
|
||||
@@ -164,24 +85,20 @@
|
||||
# TTYPERM to either 622 or 600.
|
||||
@@ -164,24 +84,20 @@ ENV_PATH PATH=/bin:/usr/bin
|
||||
# set TTYPERM to either 622 or 600.
|
||||
#
|
||||
TTYGROUP tty
|
||||
-TTYPERM 0600
|
||||
@ -164,9 +164,9 @@
|
||||
KILLCHAR 025
|
||||
-#ULIMIT 2097152
|
||||
|
||||
# Default initial "umask" value used by login on non-PAM enabled systems.
|
||||
# Default "umask" value for pam_umask on PAM enabled systems.
|
||||
@@ -197,49 +114,44 @@
|
||||
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
|
||||
# Default "umask" value for pam_umask(8) on PAM enabled systems.
|
||||
@@ -197,35 +113,25 @@ UMASK 022
|
||||
#
|
||||
# PASS_MAX_DAYS Maximum number of days a password may be used.
|
||||
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
|
||||
@ -187,12 +187,12 @@
|
||||
-SU_WHEEL_ONLY no
|
||||
-
|
||||
-#
|
||||
-# If compiled with cracklib support, where are the dictionaries
|
||||
-# If compiled with cracklib support, sets the path to the dictionaries
|
||||
-#
|
||||
-CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
|
||||
-
|
||||
-#
|
||||
# Min/max values for automatic uid selection in useradd
|
||||
# Min/max values for automatic uid selection in useradd(8)
|
||||
#
|
||||
+# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for
|
||||
+# UIDs for dynamically allocated administrative and system accounts.
|
||||
@ -206,9 +206,12 @@
|
||||
-SYS_UID_MAX 999
|
||||
+SYS_UID_MIN 100
|
||||
+SYS_UID_MAX 499
|
||||
|
||||
# Extra per user uids
|
||||
SUB_UID_MIN 100000
|
||||
SUB_UID_MAX 600100000
|
||||
@@ -234,11 +140,16 @@ SUB_UID_COUNT 65536
|
||||
#
|
||||
# Min/max values for automatic gid selection in groupadd
|
||||
# Min/max values for automatic gid selection in groupadd(8)
|
||||
#
|
||||
+# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for
|
||||
+# GIDs for dynamically allocated administrative and system groups.
|
||||
@ -222,16 +225,19 @@
|
||||
-SYS_GID_MAX 999
|
||||
+SYS_GID_MIN 100
|
||||
+SYS_GID_MAX 499
|
||||
|
||||
# Extra per user group ids
|
||||
SUB_GID_MIN 100000
|
||||
SUB_GID_MAX 600100000
|
||||
@@ -247,7 +158,7 @@ SUB_GID_COUNT 65536
|
||||
#
|
||||
# Max number of login retries if password is bad
|
||||
# Max number of login(1) retries if password is bad
|
||||
#
|
||||
-LOGIN_RETRIES 5
|
||||
+LOGIN_RETRIES 3
|
||||
|
||||
#
|
||||
# Max time in seconds for login
|
||||
@@ -247,28 +159,6 @@
|
||||
# Max time in seconds for login(1)
|
||||
@@ -255,28 +166,6 @@ LOGIN_RETRIES 5
|
||||
LOGIN_TIMEOUT 60
|
||||
|
||||
#
|
||||
@ -252,15 +258,15 @@
|
||||
-#PASS_MAX_LEN 8
|
||||
-
|
||||
-#
|
||||
-# Require password before chfn/chsh can make any changes.
|
||||
-# Require password before chfn(1)/chsh(1) can make any changes.
|
||||
-#
|
||||
-CHFN_AUTH yes
|
||||
-
|
||||
-#
|
||||
# Which fields may be changed by regular users using chfn - use
|
||||
# Which fields may be changed by regular users using chfn(1) - use
|
||||
# any combination of letters "frwh" (full name, room number, work
|
||||
# phone, home phone). If not defined, no changes are allowed.
|
||||
@@ -277,29 +167,6 @@
|
||||
@@ -285,28 +174,6 @@ CHFN_AUTH yes
|
||||
CHFN_RESTRICT rwh
|
||||
|
||||
#
|
||||
@ -281,16 +287,15 @@
|
||||
-# Note: If you use PAM, it is recommended to use a value consistent with
|
||||
-# the PAM modules configuration.
|
||||
-#
|
||||
-# This variable is deprecated. You should use ENCRYPT_METHOD.
|
||||
-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
|
||||
-#
|
||||
-#MD5_CRYPT_ENAB no
|
||||
-
|
||||
-#
|
||||
-# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
|
||||
# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
|
||||
# If set to MD5, MD5-based algorithm will be used for encrypting password
|
||||
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
|
||||
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
|
||||
@@ -309,7 +176,8 @@
|
||||
@@ -317,7 +184,8 @@ CHFN_RESTRICT rwh
|
||||
# Note: If you use PAM, it is recommended to use a value consistent with
|
||||
# the PAM modules configuration.
|
||||
#
|
||||
@ -300,7 +305,7 @@
|
||||
|
||||
#
|
||||
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
|
||||
@@ -345,16 +212,12 @@
|
||||
@@ -353,16 +221,12 @@ CHFN_RESTRICT rwh
|
||||
DEFAULT_HOME yes
|
||||
|
||||
#
|
||||
@ -319,18 +324,18 @@
|
||||
#USERDEL_CMD /usr/sbin/userdel_local
|
||||
|
||||
#
|
||||
@@ -364,7 +227,7 @@
|
||||
@@ -372,7 +236,7 @@ ENVIRON_FILE /etc/environment
|
||||
#
|
||||
# This also enables userdel to remove user groups if no members exist.
|
||||
# This also enables userdel(8) to remove user groups if no members exist.
|
||||
#
|
||||
-USERGROUPS_ENAB yes
|
||||
+USERGROUPS_ENAB no
|
||||
|
||||
#
|
||||
# If set to a non-nul number, the shadow utilities will make sure that
|
||||
@@ -383,5 +246,41 @@
|
||||
# This option is overridden with the -M or -m flags on the useradd command
|
||||
# line.
|
||||
# If set to a non-zero number, the shadow utilities will make sure that
|
||||
@@ -391,5 +255,40 @@ USERGROUPS_ENAB yes
|
||||
# This option is overridden with the -M or -m flags on the useradd(8)
|
||||
# command-line.
|
||||
#
|
||||
-#CREATE_HOME yes
|
||||
+CREATE_HOME no
|
||||
@ -342,7 +347,7 @@
|
||||
+#
|
||||
+#CHARACTER_CLASS [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?
|
||||
+CHARACTER_CLASS [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\?
|
||||
+
|
||||
|
||||
+#
|
||||
+# If defined, this command is run when adding a group.
|
||||
+# It should rebuild any NIS database etc. to add the
|
||||
@ -370,4 +375,3 @@
|
||||
+# account from it.
|
||||
+#
|
||||
+USERDEL_POSTCMD /usr/sbin/userdel-post.local
|
||||
|
@ -1,3 +1,42 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon May 30 09:41:55 UTC 2016 - mvetter@suse.com
|
||||
|
||||
- bsc#979069: Dont include shadow-4.1.5.1-bug935203-manpage.patch
|
||||
- Dont set SUID bit yet. Once bsc#979282 is through, which will adapt the permissions package, we can enable the SUID bits.
|
||||
Remove the files used to circumvent the check.
|
||||
- Remove:
|
||||
* shadow-rpmlintrc
|
||||
* shadow-subids
|
||||
* shadow-subids.easy
|
||||
* shadow-subids.secure
|
||||
* shadow-subids.paranoid
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 19 12:28:47 UTC 2016 - christian.brauner@mailbox.org
|
||||
|
||||
- Update to shadow-4.2.1:
|
||||
- add support for subuids/subgids via newuidmap/newgidmap
|
||||
- Rename chkname-regex.diff to chkname-regex.patch
|
||||
- Rename encryption_method_nis.diff to encryption_method_nis.patch
|
||||
- Rename getdef-new-defs.diff to getdef-new-defs.patch
|
||||
- Rename shadow-login_defs.diff to shadow-login_defs.patch
|
||||
- Rename userdel-scripts.diff to userdel-script.patch
|
||||
- Rename useradd-script.diff to useradd-script.patch
|
||||
- Rename useradd-default.diff to useradd-default.patch
|
||||
- Rename useradd-mkdirs.diff to useradd-mkdirs.patch
|
||||
- Add fixes from Red Hat/Fedora:
|
||||
- shadow-4.1.5.1-audit-owner.patch.patch:
|
||||
- log owner changes for home directory
|
||||
- shadow-4.1.5.1-userdel-helpfix.patch.patch:
|
||||
- give a hint about what happens when you force the removal of a user
|
||||
- shadow-4.2.1-defs-chroot.patch.patch:
|
||||
- initialize uid_t uid_min and uid_t uid_max not before we need them
|
||||
- shadow-4.2.1-merge-group.patch.patch:
|
||||
- simplify by using a single call to snprintf()
|
||||
- Add upstream fix
|
||||
- Fix-user-busy-errors-at-userdel.patch:
|
||||
- call sub_uid_close()
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 15 11:08:29 UTC 2016 - fvogt@suse.com
|
||||
|
||||
|
48
shadow.spec
48
shadow.spec
@ -20,10 +20,10 @@ Summary: Utilities to Manage User and Group Accounts
|
||||
License: BSD-3-Clause and GPL-2.0+
|
||||
Group: System/Base
|
||||
Name: shadow
|
||||
Version: 4.1.5.1
|
||||
Version: 4.2.1
|
||||
Release: 0
|
||||
Url: http://pkg-shadow.alioth.debian.org/
|
||||
Source: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2
|
||||
Source: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz
|
||||
Source1: pamd.tar.bz2
|
||||
Source2: README.changes-pwdutils
|
||||
Source3: useradd.local
|
||||
@ -31,18 +31,23 @@ Source4: userdel-pre.local
|
||||
Source5: userdel-post.local
|
||||
Source6: shadow.service
|
||||
Source7: shadow.timer
|
||||
Patch: shadow-login_defs.diff
|
||||
Patch1: userdel-scripts.diff
|
||||
Patch2: useradd-script.diff
|
||||
Patch3: chkname-regex.diff
|
||||
Patch4: useradd-default.diff
|
||||
Patch5: getdef-new-defs.diff
|
||||
Patch: shadow-login_defs.patch
|
||||
Patch1: userdel-script.patch
|
||||
Patch2: useradd-script.patch
|
||||
Patch3: chkname-regex.patch
|
||||
Patch4: useradd-default.patch
|
||||
Patch5: getdef-new-defs.patch
|
||||
Patch6: shadow-4.1.5.1-manfix.patch
|
||||
Patch7: shadow-4.1.5.1-logmsg.patch
|
||||
Patch8: shadow-4.1.5.1-errmsg.patch
|
||||
Patch9: shadow-4.1.5.1-backup-mode.patch
|
||||
Patch10: encryption_method_nis.diff
|
||||
Patch11: useradd-mkdirs.diff
|
||||
Patch10: encryption_method_nis.patch
|
||||
Patch11: useradd-mkdirs.patch
|
||||
Patch12: shadow-4.1.5.1-audit-owner.patch
|
||||
Patch13: shadow-4.1.5.1-userdel-helpfix.patch
|
||||
Patch14: shadow-4.2.1-defs-chroot.patch
|
||||
Patch15: shadow-4.2.1-merge-group.patch
|
||||
Patch16: Fix-user-busy-errors-at-userdel.patch
|
||||
BuildRequires: audit-devel
|
||||
BuildRequires: libacl-devel
|
||||
BuildRequires: libattr-devel
|
||||
@ -67,12 +72,17 @@ group accounts.
|
||||
%patch3 -p0
|
||||
%patch4 -p0
|
||||
%patch5 -p0
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch6 -p0
|
||||
%patch7 -p0
|
||||
%patch8 -p0
|
||||
%patch9 -p1
|
||||
%patch9 -p0
|
||||
%patch10 -p0
|
||||
%patch11 -p1
|
||||
%patch11 -p0
|
||||
%patch12 -p0
|
||||
%patch13 -p0
|
||||
%patch14 -p0
|
||||
%patch15 -p0
|
||||
%patch16 -p0
|
||||
|
||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||
mv -v doc/HOWTO.utf8 doc/HOWTO
|
||||
@ -181,6 +191,8 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%set_permissions /usr/bin/gpasswd
|
||||
%set_permissions /usr/bin/newgrp
|
||||
%set_permissions /usr/bin/passwd
|
||||
%set_permissions /usr/bin/newgidmap
|
||||
%set_permissions /usr/bin/newuidmap
|
||||
|
||||
%service_add_post shadow.service shadow.timer
|
||||
|
||||
@ -192,6 +204,8 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%verify_permissions /usr/bin/gpasswd
|
||||
%verify_permissions /usr/bin/newgrp
|
||||
%verify_permissions /usr/bin/passwd
|
||||
%verify_permissions /usr/bin/newgidmap
|
||||
%verify_permissions /usr/bin/newuidmap
|
||||
|
||||
%preun
|
||||
%service_del_preun shadow.service shadow.timer
|
||||
@ -225,6 +239,8 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_bindir}/lastlog
|
||||
%attr(4755,root,root) %{_bindir}/newgrp
|
||||
%attr(4755,root,shadow) %{_bindir}/passwd
|
||||
%attr(0755,root,shadow) %{_bindir}/newgidmap
|
||||
%attr(0755,root,shadow) %{_bindir}/newuidmap
|
||||
%{_bindir}/sg
|
||||
%{_sbindir}/groupadd
|
||||
%{_sbindir}/groupdel
|
||||
@ -268,6 +284,10 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_mandir}/man8/usermod.8*
|
||||
%{_mandir}/man8/vigr.8*
|
||||
%{_mandir}/man8/vipw.8*
|
||||
%{_mandir}/man5/subuid.5*
|
||||
%{_mandir}/man5/subgid.5*
|
||||
%{_mandir}/man1/newgidmap.1*
|
||||
%{_mandir}/man1/newuidmap.1*
|
||||
|
||||
%{_unitdir}/*
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
--- etc/useradd
|
||||
+++ etc/useradd 2012/11/13 09:29:57
|
||||
+++ etc/useradd
|
||||
@@ -1,5 +1,5 @@
|
||||
# useradd defaults file
|
||||
-GROUP=1000
|
@ -1,8 +1,6 @@
|
||||
diff --git a/src/useradd.c b/src/useradd.c
|
||||
index fa93853..a9f8caa 100644
|
||||
--- a/src/useradd.c
|
||||
+++ b/src/useradd.c
|
||||
@@ -1757,6 +1757,13 @@ static void usr_update (void)
|
||||
--- src/useradd.c
|
||||
+++ src/useradd.c
|
||||
@@ -1894,6 +1894,13 @@ static void usr_update (void)
|
||||
static void create_home (void)
|
||||
{
|
||||
if (access (user_home, F_OK) != 0) {
|
||||
@ -16,7 +14,7 @@ index fa93853..a9f8caa 100644
|
||||
#ifdef WITH_SELINUX
|
||||
if (set_selinux_file_context (user_home) != 0) {
|
||||
fprintf (stderr,
|
||||
@@ -1765,19 +1772,42 @@ static void create_home (void)
|
||||
@@ -1902,19 +1909,42 @@ static void create_home (void)
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
#endif
|
@ -1,6 +1,6 @@
|
||||
--- src/useradd.c
|
||||
+++ src/useradd.c 2012/09/26 13:06:50
|
||||
@@ -1845,6 +1845,30 @@
|
||||
+++ src/useradd.c
|
||||
@@ -1982,6 +1982,30 @@ static void create_mail (void)
|
||||
}
|
||||
|
||||
/*
|
||||
@ -31,7 +31,7 @@
|
||||
* main - useradd command
|
||||
*/
|
||||
int main (int argc, char **argv)
|
||||
@@ -2076,6 +2100,7 @@
|
||||
@@ -2242,6 +2266,7 @@ int main (int argc, char **argv)
|
||||
nscd_flush_cache ("passwd");
|
||||
nscd_flush_cache ("group");
|
||||
|
@ -1,6 +1,6 @@
|
||||
--- src/userdel.c
|
||||
+++ src/userdel.c 2012/09/25 13:46:38
|
||||
@@ -635,13 +635,13 @@
|
||||
+++ src/userdel.c
|
||||
@@ -762,13 +762,13 @@ static void update_user (void)
|
||||
* cron, at, or print jobs.
|
||||
*/
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
if (NULL == cmd) {
|
||||
return;
|
||||
}
|
||||
@@ -1032,9 +1032,10 @@
|
||||
@@ -1163,9 +1163,10 @@ int main (int argc, char **argv)
|
||||
}
|
||||
|
||||
/*
|
||||
@ -29,7 +29,7 @@
|
||||
open_files ();
|
||||
update_user ();
|
||||
update_groups ();
|
||||
@@ -1137,7 +1138,7 @@
|
||||
@@ -1268,7 +1269,7 @@ int main (int argc, char **argv)
|
||||
* Cancel any crontabs or at jobs. Have to do this before we remove
|
||||
* the entry from /etc/passwd.
|
||||
*/
|
||||
@ -38,7 +38,7 @@
|
||||
close_files ();
|
||||
|
||||
#ifdef WITH_TCB
|
||||
@@ -1147,6 +1148,8 @@
|
||||
@@ -1278,6 +1279,8 @@ int main (int argc, char **argv)
|
||||
nscd_flush_cache ("passwd");
|
||||
nscd_flush_cache ("group");
|
||||
|
Loading…
Reference in New Issue
Block a user