ALT Linux Bugzilla – #17719
a mechanism for maintaining consistent intended relations between /etc/passwd and /etc/group
Last modified: 2012-01-03 00:51:25
You need to
before you can comment on or make changes to this bug.
https://bugzilla.altlinux.org/show_bug.cgi?id=17718 suggests that the intended
configuration of permissions for klogd be checked in a working system. The
"configuration" is the relation between the dedicated user "klogd", his primary
group (stored in /etc/passwd), the group named "klogd" (stored in /etc/groups)
and the permissions on the working directory (/var/lib/klogd/...).
The situation reported in https://bugzilla.altlinux.org/show_bug.cgi?id=17250
was caused by a typo in /etc/passwd which had lead to an inconsistency between
/etc/passwd and /etc/group.
This inconsistency could have been formally discovered.
This feature request suggests there could be a general mechanism for this in
the system (and it could be employed, say, on every startup of a service, or
after the administrator edited something).
Now the intended configuration is expressed in an imperative way by the
commands in the RPM preinstall script:
# rpm -q klogd --scripts
preinstall scriptlet (through /bin/sh):
/usr/sbin/groupadd -r -f klogd
/usr/sbin/useradd -r -g klogd -d /dev/null -s /dev/null -n klogd >/dev/null
but this intention could be installed as a declarative policy ("the primary gid
of user klogd is the group with name klogd"). Then this policy could be checked
(And such a check would discover my typo.)
A simplified approximation to such checks (on package upgrades):
tracked at https://bugs.launchpad.net/rpm/+bug/910889