32541 2016-09-28 11:38:26 +0300 why not make /etc/default/ readble by all? 2017-03-07 20:23:37 +0300 1 1 4 Development Sisyphus shadow-utils unstable all Linux CLOSED FIXED P3 enhancement --- 1 imz sem ldv sem qa-sisyphus oldest_to_newest 158822 0 imz 2016-09-28 11:38:26 +0300 shadow-utils-4.1.4.2-alt8 $ rpm -qf /etc/default -lv | fgrep /etc/default drwxr-x--x 2 root root 0 июн 21 2012 /etc/default -rw------- 1 root root 118 июн 21 2012 /etc/default/useradd $ Why should the list of things that are in the directory be secret? $ egrep '^/etc/default' /ALT/Sisyphus/{noarch,x86_64}/base/contents_index /ALT/Sisyphus/noarch/base/contents_index:/etc/default/eeepc-acpi-scripts eeepc-acpi-scripts /ALT/Sisyphus/noarch/base/contents_index:/etc/default/google-chrome google-chrome-preinstall /ALT/Sisyphus/noarch/base/contents_index:/etc/default/jetty jetty /ALT/Sisyphus/noarch/base/contents_index:/etc/default/vivaldi vivaldi-preinstall /ALT/Sisyphus/noarch/base/contents_index:/etc/default/yandex-browser yandex-browser-preinstall /ALT/Sisyphus/noarch/base/contents_index:/etc/default/yandex-browser-beta yandex-browser-preinstall /ALT/Sisyphus/x86_64/base/contents_index:/etc/default shadow-utils /ALT/Sisyphus/x86_64/base/contents_index:/etc/default/aufs aufs2-util /ALT/Sisyphus/x86_64/base/contents_index:/etc/default/aufs aufs2-util-ng /ALT/Sisyphus/x86_64/base/contents_index:/etc/default/aufs aufs3-util /ALT/Sisyphus/x86_64/base/contents_index:/etc/default/cryptmount cryptmount /ALT/Sisyphus/x86_64/base/contents_index:/etc/default/grub grub2-common /ALT/Sisyphus/x86_64/base/contents_index:/etc/default/ld10k1 /etc/default/ld10k1 /ALT/Sisyphus/x86_64/base/contents_index:/etc/default/ltsp-client-setup ltsp-client /ALT/Sisyphus/x86_64/base/contents_index:/etc/default/useradd shadow-utils /ALT/Sisyphus/x86_64/base/contents_index:/etc/default/vservers-default util-vserver $ Are there plans for /etc/default/ to hold some files with secret names? 158823 1 imz 2016-09-28 11:58:13 +0300 In Ubuntu Trusty, it's readable by all. 162333 2 repository-robot 2017-03-07 20:23:37 +0300 shadow-1:4.4-alt1 -> sisyphus: * Fri Mar 03 2017 Mikhail Efremov <sem@altlinux> 1:4.4-alt1 - Don't own %_sysconfdir/default/ (closes: #32541). - Fix possible crash if gmtime() returns NULL. - chsh: Fix duplicate warning. - Enable audit support. - Don't package ChangeLog/NEWS files. - Spec cleanup. - submap: Add control scripts for newuidmap/newgidmap. - Fix build: ignore write() return value. - configure.ac: Drop man/po/Makefile. - Drop FORCE_SHADOW. - Don't create missing files. - Fixes from usptream git: + Keep the permissions of the original file when creating a backup. + useradd: Read defaults after changing root directories. + Don't crash on bogus keys in login.defs if PAM is enabled. + Last bits of enabling subuids. + Make login.def files valid ASCII instead of UTF-8. + include getdef.h for getdef_bool prototype. + Print error message if SELinux file context manipulation fails. + Fix regression in useradd not loading defaults properly. + */Makefile.am: Replace INCLUDES with AM_CPPFLAGS. - Updated to 4.4 (fixes CVE-2016-6252).