Bug 17719 - a mechanism for maintaining consistent intended relations between /etc/passwd and /etc/group
: a mechanism for maintaining consistent intended relations between /etc/passwd...
Status: NEW
: Sisyphus
(All bugs in Sisyphus/rpm)
: unstable
: all Linux
: P2 enhancement
Assigned To:
:
:
:
:
: 17718
  Show dependency tree
 
Reported: 2008-10-29 01:14 by
Modified: 2012-01-03 00:51 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2008-10-29 01:14:10
https://bugzilla.altlinux.org/show_bug.cgi?id=17718 suggests that the intended
configuration of permissions for klogd be checked in a working system. The
"configuration" is the relation between the dedicated user "klogd", his primary
group (stored in /etc/passwd), the group named "klogd" (stored in /etc/groups)
and the permissions on the working directory (/var/lib/klogd/...).

The situation reported in https://bugzilla.altlinux.org/show_bug.cgi?id=17250
was caused by a typo in /etc/passwd which had lead to an inconsistency between
/etc/passwd and /etc/group.

This inconsistency could have been formally discovered. 

This feature request suggests there could be a general mechanism for this in
the system (and it could be employed, say, on every startup of a service, or
after the administrator edited something).

Now the intended configuration is expressed in an imperative way by the
commands in the RPM preinstall script:

# rpm -q klogd --scripts 
preinstall scriptlet (through /bin/sh):
/usr/sbin/groupadd -r -f klogd
/usr/sbin/useradd -r -g klogd -d /dev/null -s /dev/null -n klogd >/dev/null
2>&1 ||:

but this intention could be installed as a declarative policy ("the primary gid
of user klogd is the group with name klogd"). Then this policy could be checked
any time.

(And such a check would discover my typo.)
------- Comment #1 From 2008-10-29 01:35:05 -------
A simplified approximation to such checks (on package upgrades):
https://bugzilla.altlinux.org/show_bug.cgi?id=17720 .
------- Comment #2 From 2012-01-02 19:52:24 -------
tracked at https://bugs.launchpad.net/rpm/+bug/910889