Enhance security options for user creation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rpm-packaging |
New
|
Undecided
|
Unassigned |
Bug Description
We have observed that the rpm-packaging macro %openstack_
Some service users do not need a home directory created, and could have '/nonexistent' specified as the home directory. There is currently no option for that, and all users have a home created in %{sharedstatedi
I have also observed that the user home created by useradd defaults to 755 permissions. For hardening purposes it should default to 750, or have an option to specify further restrictions.