From bac7fc27fa1985d51e3f298da4b679d804a668105e833cf4da4f8281dfeec4b7 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Thu, 16 Jul 2015 09:52:01 +0000 Subject: [PATCH] Accepting request 316943 from home:jkeil:branches:Base:System - Add systemd unit files to continuously check password & groupfile integrity * Idea from Arch Linux * pending request to systemd-presets-branding-openSUSE to enable by default OBS-URL: https://build.opensuse.org/request/show/316943 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=17 --- shadow.changes | 7 +++++++ shadow.service | 10 ++++++++++ shadow.spec | 19 ++++++++++++++++++- shadow.timer | 7 +++++++ 4 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 shadow.service create mode 100644 shadow.timer diff --git a/shadow.changes b/shadow.changes index c2ec6fa..410b0fe 100644 --- a/shadow.changes +++ b/shadow.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Jul 15 13:25:11 UTC 2015 - jkeil@suse.de + +- Add systemd unit files to continuously check password & groupfile integrity + * Idea from Arch Linux + * pending request to systemd-presets-branding-openSUSE to enable by default + ------------------------------------------------------------------- Mon Mar 31 22:00:00 UTC 2014 - tbehrens@suse.com diff --git a/shadow.service b/shadow.service new file mode 100644 index 0000000..e7314f5 --- /dev/null +++ b/shadow.service @@ -0,0 +1,10 @@ +[Unit] +Description=Verify integrity of password and group files + +[Service] +Type=oneshot +ExecStart=/usr/sbin/pwck -r +ExecStart=/usr/sbin/grpck -r +Nice=19 +IOSchedulingClass=best-effort +IOSchedulingPriority=7 diff --git a/shadow.spec b/shadow.spec index 1ea8f25..77330d5 100644 --- a/shadow.spec +++ b/shadow.spec @@ -1,7 +1,7 @@ # # spec file for package shadow # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,6 +29,8 @@ Source2: README.changes-pwdutils Source3: useradd.local Source4: userdel-pre.local Source5: userdel-post.local +Source6: shadow.service +Source7: shadow.timer Patch: shadow-login_defs.diff Patch1: userdel-scripts.diff Patch2: useradd-script.diff @@ -102,6 +104,8 @@ make install DESTDIR=$RPM_BUILD_ROOT gnulocaledir=$RPM_BUILD_ROOT/%{_datadir}/lo install -m 0755 %SOURCE3 $RPM_BUILD_ROOT/%{_sbindir}/ install -m 0755 %SOURCE4 $RPM_BUILD_ROOT/%{_sbindir}/ install -m 0755 %SOURCE5 $RPM_BUILD_ROOT/%{_sbindir}/ +install -Dm644 %{S:6} %{buildroot}%{_unitdir}/shadow.service +install -Dm644 %{S:7} %{buildroot}%{_unitdir}/shadow.timer # Remove binaries we don't use. rm $RPM_BUILD_ROOT/%{_bindir}/groups @@ -166,6 +170,9 @@ rm -rf $RPM_BUILD_ROOT%{_mandir}/{??,??_??} %clean rm -rf $RPM_BUILD_ROOT +%pre +%service_add_pre shadow.service shadow.timer + %post %set_permissions /usr/bin/chage %set_permissions /usr/bin/chfn @@ -184,6 +191,14 @@ rm -rf $RPM_BUILD_ROOT %verify_permissions /usr/bin/newgrp %verify_permissions /usr/bin/passwd +%service_add_post shadow.service shadow.timer + +%preun +%service_del_preun shadow.service shadow.timer + +%postun +%service_del_postun shadow.service shadow.timer + %files -f shadow.lang %defattr(-,root,root) %doc NEWS doc/HOWTO README README.changes-pwdutils @@ -254,4 +269,6 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/vigr.8* %{_mandir}/man8/vipw.8* +%{_unitdir}/* + %changelog diff --git a/shadow.timer b/shadow.timer new file mode 100644 index 0000000..3823cbb --- /dev/null +++ b/shadow.timer @@ -0,0 +1,7 @@ +[Unit] +Description=Daily verification of password and group files + +[Timer] +OnCalendar=daily +AccuracySec=12h +Persistent=true