a mechanism for maintaining consistent intended relations between /etc/passwd and /etc/group
Bug #910889 reported by
Jeff Johnson
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
RPM |
New
|
Undecided
|
Unassigned | ||
ALT Linux |
Confirmed
|
Wishlist
|
Bug Description
Dependencies that track +/- user/group configuration changes are needed.
Changed in altlinux: | |
importance: | Unknown → Wishlist |
status: | Unknown → Confirmed |
To post a comment you must log in.
https:/ /bugzilla. altlinux. org/show_ bug.cgi? id=17718 suggests that the intended configuration of permissions for klogd be checked in a working system. The "configuration" is the relation between the dedicated user "klogd", his primary group (stored in /etc/passwd), the group named "klogd" (stored in /etc/groups) and the permissions on the working directory (/var/lib/ klogd/. ..).
The situation reported in https:/ /bugzilla. altlinux. org/show_ bug.cgi? id=17250 was caused by a typo in /etc/passwd which had lead to an inconsistency between /etc/passwd and /etc/group.
This inconsistency could have been formally discovered.
This feature request suggests there could be a general mechanism for this in the system (and it could be employed, say, on every startup of a service, or after the administrator edited something).
Now the intended configuration is expressed in an imperative way by the commands in the RPM preinstall script:
# rpm -q klogd --scripts
preinstall scriptlet (through /bin/sh):
/usr/sbin/groupadd -r -f klogd
/usr/sbin/useradd -r -g klogd -d /dev/null -s /dev/null -n klogd >/dev/null 2>&1 ||:
but this intention could be installed as a declarative policy ("the primary gid of user klogd is the group with name klogd"). Then this policy could be checked any time.
(And such a check would discover my typo.)