SHA256
1
0
forked from pool/shadow

Accepting request 316943 from home:jkeil:branches:Base:System

- Add systemd unit files to continuously check password & groupfile integrity
  * Idea from Arch Linux
  * pending request to systemd-presets-branding-openSUSE to enable by default

OBS-URL: https://build.opensuse.org/request/show/316943
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=17
This commit is contained in:
Marcus Meissner 2015-07-16 09:52:01 +00:00 committed by Git OBS Bridge
parent c2bce11198
commit bac7fc27fa
4 changed files with 42 additions and 1 deletions

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Jul 15 13:25:11 UTC 2015 - jkeil@suse.de
- Add systemd unit files to continuously check password & groupfile integrity
* Idea from Arch Linux
* pending request to systemd-presets-branding-openSUSE to enable by default
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Mar 31 22:00:00 UTC 2014 - tbehrens@suse.com Mon Mar 31 22:00:00 UTC 2014 - tbehrens@suse.com

10
shadow.service Normal file
View File

@ -0,0 +1,10 @@
[Unit]
Description=Verify integrity of password and group files
[Service]
Type=oneshot
ExecStart=/usr/sbin/pwck -r
ExecStart=/usr/sbin/grpck -r
Nice=19
IOSchedulingClass=best-effort
IOSchedulingPriority=7

View File

@ -1,7 +1,7 @@
# #
# spec file for package shadow # spec file for package shadow
# #
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -29,6 +29,8 @@ Source2: README.changes-pwdutils
Source3: useradd.local Source3: useradd.local
Source4: userdel-pre.local Source4: userdel-pre.local
Source5: userdel-post.local Source5: userdel-post.local
Source6: shadow.service
Source7: shadow.timer
Patch: shadow-login_defs.diff Patch: shadow-login_defs.diff
Patch1: userdel-scripts.diff Patch1: userdel-scripts.diff
Patch2: useradd-script.diff Patch2: useradd-script.diff
@ -102,6 +104,8 @@ make install DESTDIR=$RPM_BUILD_ROOT gnulocaledir=$RPM_BUILD_ROOT/%{_datadir}/lo
install -m 0755 %SOURCE3 $RPM_BUILD_ROOT/%{_sbindir}/ install -m 0755 %SOURCE3 $RPM_BUILD_ROOT/%{_sbindir}/
install -m 0755 %SOURCE4 $RPM_BUILD_ROOT/%{_sbindir}/ install -m 0755 %SOURCE4 $RPM_BUILD_ROOT/%{_sbindir}/
install -m 0755 %SOURCE5 $RPM_BUILD_ROOT/%{_sbindir}/ install -m 0755 %SOURCE5 $RPM_BUILD_ROOT/%{_sbindir}/
install -Dm644 %{S:6} %{buildroot}%{_unitdir}/shadow.service
install -Dm644 %{S:7} %{buildroot}%{_unitdir}/shadow.timer
# Remove binaries we don't use. # Remove binaries we don't use.
rm $RPM_BUILD_ROOT/%{_bindir}/groups rm $RPM_BUILD_ROOT/%{_bindir}/groups
@ -166,6 +170,9 @@ rm -rf $RPM_BUILD_ROOT%{_mandir}/{??,??_??}
%clean %clean
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
%pre
%service_add_pre shadow.service shadow.timer
%post %post
%set_permissions /usr/bin/chage %set_permissions /usr/bin/chage
%set_permissions /usr/bin/chfn %set_permissions /usr/bin/chfn
@ -184,6 +191,14 @@ rm -rf $RPM_BUILD_ROOT
%verify_permissions /usr/bin/newgrp %verify_permissions /usr/bin/newgrp
%verify_permissions /usr/bin/passwd %verify_permissions /usr/bin/passwd
%service_add_post shadow.service shadow.timer
%preun
%service_del_preun shadow.service shadow.timer
%postun
%service_del_postun shadow.service shadow.timer
%files -f shadow.lang %files -f shadow.lang
%defattr(-,root,root) %defattr(-,root,root)
%doc NEWS doc/HOWTO README README.changes-pwdutils %doc NEWS doc/HOWTO README README.changes-pwdutils
@ -254,4 +269,6 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/vigr.8* %{_mandir}/man8/vigr.8*
%{_mandir}/man8/vipw.8* %{_mandir}/man8/vipw.8*
%{_unitdir}/*
%changelog %changelog

7
shadow.timer Normal file
View File

@ -0,0 +1,7 @@
[Unit]
Description=Daily verification of password and group files
[Timer]
OnCalendar=daily
AccuracySec=12h
Persistent=true