Compare commits
6 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
0a0a94a7eb | ||
|
f1a61ef6cd | ||
|
aef3a7d6dc | ||
|
fe049e833a | ||
|
f96f56cb60 | ||
|
cc498c8d12 |
2
.gitignore
vendored
2
.gitignore
vendored
@ -12,3 +12,5 @@ shadow-4.1.4.2.tar.bz2
|
|||||||
/shadow-4.6.tar.xz.asc
|
/shadow-4.6.tar.xz.asc
|
||||||
/shadow-4.8.tar.xz
|
/shadow-4.8.tar.xz
|
||||||
/shadow-4.8.tar.xz.asc
|
/shadow-4.8.tar.xz.asc
|
||||||
|
/shadow-4.8.1.tar.xz
|
||||||
|
/shadow-4.8.1.tar.xz.asc
|
||||||
|
@ -1,30 +0,0 @@
|
|||||||
diff -up shadow-4.8/src/useradd.c.invalid-shell shadow-4.8/src/useradd.c
|
|
||||||
--- shadow-4.8/src/useradd.c.invalid-shell 2020-01-16 08:47:13.841921106 +0100
|
|
||||||
+++ shadow-4.8/src/useradd.c 2020-01-16 08:57:26.338421901 +0100
|
|
||||||
@@ -1277,15 +1277,22 @@ static void process_flags (int argc, cha
|
|
||||||
if ( ( !VALID (optarg) )
|
|
||||||
|| ( ('\0' != optarg[0])
|
|
||||||
&& ('/' != optarg[0])
|
|
||||||
- && ('*' != optarg[0]) )
|
|
||||||
- || (stat(optarg, &st) != 0)
|
|
||||||
- || (S_ISDIR(st.st_mode))
|
|
||||||
- || (access(optarg, X_OK) != 0)) {
|
|
||||||
+ && ('*' != optarg[0]) )) {
|
|
||||||
fprintf (stderr,
|
|
||||||
_("%s: invalid shell '%s'\n"),
|
|
||||||
Prog, optarg);
|
|
||||||
exit (E_BAD_ARG);
|
|
||||||
}
|
|
||||||
+ if ( '\0' != optarg[0]
|
|
||||||
+ && '*' != optarg[0]
|
|
||||||
+ && strcmp(optarg, "/sbin/nologin") != 0
|
|
||||||
+ && ( stat(optarg, &st) != 0
|
|
||||||
+ || S_ISDIR(st.st_mode)
|
|
||||||
+ || access(optarg, X_OK) != 0)) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: Warning: missing or non-executable shell '%s'\n"),
|
|
||||||
+ Prog, optarg);
|
|
||||||
+ }
|
|
||||||
user_shell = optarg;
|
|
||||||
def_shell = optarg;
|
|
||||||
sflg = true;
|
|
61
shadow-4.8-useradd-selinux-mail.patch
Normal file
61
shadow-4.8-useradd-selinux-mail.patch
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
From 4dc62ebcf37d7568be1d4ca54367215eba8b8a28 Mon Sep 17 00:00:00 2001
|
||||||
|
From: ikerexxe <ipedrosa@redhat.com>
|
||||||
|
Date: Wed, 5 Feb 2020 15:04:39 +0100
|
||||||
|
Subject: [PATCH] useradd: doesn't generate /var/spool/mail/$USER with the
|
||||||
|
proper SELinux user identity
|
||||||
|
|
||||||
|
Explanation: use set_selinux_file_context() and reset_selinux_file_context() for create_mail() just as is done for create_home()
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1690527
|
||||||
|
---
|
||||||
|
src/useradd.c | 20 ++++++++++++++++++++
|
||||||
|
1 file changed, 20 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/useradd.c b/src/useradd.c
|
||||||
|
index a679392d..645d4a40 100644
|
||||||
|
--- a/src/useradd.c
|
||||||
|
+++ b/src/useradd.c
|
||||||
|
@@ -190,6 +190,7 @@ static bool home_added = false;
|
||||||
|
#define E_NAME_IN_USE 9 /* username already in use */
|
||||||
|
#define E_GRP_UPDATE 10 /* can't update group file */
|
||||||
|
#define E_HOMEDIR 12 /* can't create home directory */
|
||||||
|
+#define E_MAILBOXFILE 13 /* can't create mailbox file */
|
||||||
|
#define E_SE_UPDATE 14 /* can't update SELinux user mapping */
|
||||||
|
#ifdef ENABLE_SUBIDS
|
||||||
|
#define E_SUB_UID_UPDATE 16 /* can't update the subordinate uid file */
|
||||||
|
@@ -2210,6 +2211,16 @@ static void create_mail (void)
|
||||||
|
sprintf (file, "%s/%s/%s", prefix, spool, user_name);
|
||||||
|
else
|
||||||
|
sprintf (file, "%s/%s", spool, user_name);
|
||||||
|
+
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+ if (set_selinux_file_context (file, NULL) != 0) {
|
||||||
|
+ fprintf (stderr,
|
||||||
|
+ _("%s: cannot set SELinux context for mailbox file %s\n"),
|
||||||
|
+ Prog, file);
|
||||||
|
+ fail_exit (E_MAILBOXFILE);
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
fd = open (file, O_CREAT | O_WRONLY | O_TRUNC | O_EXCL, 0);
|
||||||
|
if (fd < 0) {
|
||||||
|
perror (_("Creating mailbox file"));
|
||||||
|
@@ -2234,6 +2245,15 @@ static void create_mail (void)
|
||||||
|
|
||||||
|
fsync (fd);
|
||||||
|
close (fd);
|
||||||
|
+#ifdef WITH_SELINUX
|
||||||
|
+ /* Reset SELinux to create files with default contexts */
|
||||||
|
+ if (reset_selinux_file_context () != 0) {
|
||||||
|
+ fprintf (stderr,
|
||||||
|
+ _("%s: cannot reset SELinux file creation context\n"),
|
||||||
|
+ Prog);
|
||||||
|
+ fail_exit (E_MAILBOXFILE);
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.24.1
|
||||||
|
|
@ -1,6 +1,6 @@
|
|||||||
diff -up shadow-4.8/libmisc/audit_help.c.audit-update shadow-4.8/libmisc/audit_help.c
|
diff -up shadow-4.8.1/libmisc/audit_help.c.audit-update shadow-4.8.1/libmisc/audit_help.c
|
||||||
--- shadow-4.8/libmisc/audit_help.c.audit-update 2019-07-23 17:26:08.000000000 +0200
|
--- shadow-4.8.1/libmisc/audit_help.c.audit-update 2019-07-23 17:26:08.000000000 +0200
|
||||||
+++ shadow-4.8/libmisc/audit_help.c 2020-01-13 10:15:51.802073378 +0100
|
+++ shadow-4.8.1/libmisc/audit_help.c 2020-03-17 16:53:44.371943299 +0100
|
||||||
@@ -68,7 +68,7 @@ void audit_help_open (void)
|
@@ -68,7 +68,7 @@ void audit_help_open (void)
|
||||||
* This function will log a message to the audit system using a predefined
|
* This function will log a message to the audit system using a predefined
|
||||||
* message format. Parameter usage is as follows:
|
* message format. Parameter usage is as follows:
|
||||||
@ -50,9 +50,9 @@ diff -up shadow-4.8/libmisc/audit_help.c.audit-update shadow-4.8/libmisc/audit_h
|
|||||||
void audit_logger_message (const char *message, shadow_audit_result result)
|
void audit_logger_message (const char *message, shadow_audit_result result)
|
||||||
{
|
{
|
||||||
if (audit_fd < 0) {
|
if (audit_fd < 0) {
|
||||||
diff -up shadow-4.8/libmisc/cleanup_group.c.audit-update shadow-4.8/libmisc/cleanup_group.c
|
diff -up shadow-4.8.1/libmisc/cleanup_group.c.audit-update shadow-4.8.1/libmisc/cleanup_group.c
|
||||||
--- shadow-4.8/libmisc/cleanup_group.c.audit-update 2019-07-23 17:26:08.000000000 +0200
|
--- shadow-4.8.1/libmisc/cleanup_group.c.audit-update 2019-07-23 17:26:08.000000000 +0200
|
||||||
+++ shadow-4.8/libmisc/cleanup_group.c 2020-01-13 10:15:51.802073378 +0100
|
+++ shadow-4.8.1/libmisc/cleanup_group.c 2020-03-17 16:53:44.371943299 +0100
|
||||||
@@ -83,7 +83,7 @@ void cleanup_report_mod_group (void *cle
|
@@ -83,7 +83,7 @@ void cleanup_report_mod_group (void *cle
|
||||||
gr_dbname (),
|
gr_dbname (),
|
||||||
info->action));
|
info->action));
|
||||||
@ -131,9 +131,9 @@ diff -up shadow-4.8/libmisc/cleanup_group.c.audit-update shadow-4.8/libmisc/clea
|
|||||||
SHADOW_AUDIT_FAILURE);
|
SHADOW_AUDIT_FAILURE);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
diff -up shadow-4.8/libmisc/cleanup_user.c.audit-update shadow-4.8/libmisc/cleanup_user.c
|
diff -up shadow-4.8.1/libmisc/cleanup_user.c.audit-update shadow-4.8.1/libmisc/cleanup_user.c
|
||||||
--- shadow-4.8/libmisc/cleanup_user.c.audit-update 2019-07-23 17:26:08.000000000 +0200
|
--- shadow-4.8.1/libmisc/cleanup_user.c.audit-update 2019-07-23 17:26:08.000000000 +0200
|
||||||
+++ shadow-4.8/libmisc/cleanup_user.c 2020-01-13 10:15:51.802073378 +0100
|
+++ shadow-4.8.1/libmisc/cleanup_user.c 2020-03-17 16:53:44.371943299 +0100
|
||||||
@@ -65,7 +65,7 @@ void cleanup_report_mod_passwd (void *cl
|
@@ -65,7 +65,7 @@ void cleanup_report_mod_passwd (void *cl
|
||||||
pw_dbname (),
|
pw_dbname (),
|
||||||
info->action));
|
info->action));
|
||||||
@ -181,9 +181,9 @@ diff -up shadow-4.8/libmisc/cleanup_user.c.audit-update shadow-4.8/libmisc/clean
|
|||||||
SHADOW_AUDIT_FAILURE);
|
SHADOW_AUDIT_FAILURE);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
diff -up shadow-4.8/lib/prototypes.h.audit-update shadow-4.8/lib/prototypes.h
|
diff -up shadow-4.8.1/lib/prototypes.h.audit-update shadow-4.8.1/lib/prototypes.h
|
||||||
--- shadow-4.8/lib/prototypes.h.audit-update 2020-01-13 10:15:51.785073664 +0100
|
--- shadow-4.8.1/lib/prototypes.h.audit-update 2020-03-17 16:53:44.364943206 +0100
|
||||||
+++ shadow-4.8/lib/prototypes.h 2020-01-13 10:15:51.803073362 +0100
|
+++ shadow-4.8.1/lib/prototypes.h 2020-03-17 16:53:44.371943299 +0100
|
||||||
@@ -219,12 +219,21 @@ extern int audit_fd;
|
@@ -219,12 +219,21 @@ extern int audit_fd;
|
||||||
extern void audit_help_open (void);
|
extern void audit_help_open (void);
|
||||||
/* Use AUDIT_NO_ID when a name is provided to audit_logger instead of an ID */
|
/* Use AUDIT_NO_ID when a name is provided to audit_logger instead of an ID */
|
||||||
@ -206,9 +206,9 @@ diff -up shadow-4.8/lib/prototypes.h.audit-update shadow-4.8/lib/prototypes.h
|
|||||||
void audit_logger_message (const char *message, shadow_audit_result result);
|
void audit_logger_message (const char *message, shadow_audit_result result);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
diff -up shadow-4.8/src/chage.c.audit-update shadow-4.8/src/chage.c
|
diff -up shadow-4.8.1/src/chage.c.audit-update shadow-4.8.1/src/chage.c
|
||||||
--- shadow-4.8/src/chage.c.audit-update 2019-11-12 01:18:25.000000000 +0100
|
--- shadow-4.8.1/src/chage.c.audit-update 2019-11-12 01:18:25.000000000 +0100
|
||||||
+++ shadow-4.8/src/chage.c 2020-01-13 10:15:51.806073311 +0100
|
+++ shadow-4.8.1/src/chage.c 2020-03-17 16:53:44.371943299 +0100
|
||||||
@@ -123,9 +123,10 @@ static /*@noreturn@*/void fail_exit (int
|
@@ -123,9 +123,10 @@ static /*@noreturn@*/void fail_exit (int
|
||||||
|
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
@ -296,9 +296,9 @@ diff -up shadow-4.8/src/chage.c.audit-update shadow-4.8/src/chage.c
|
|||||||
user_name, (unsigned int) user_uid, 1);
|
user_name, (unsigned int) user_uid, 1);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
diff -up shadow-4.8/src/gpasswd.c.audit-update shadow-4.8/src/gpasswd.c
|
diff -up shadow-4.8.1/src/gpasswd.c.audit-update shadow-4.8.1/src/gpasswd.c
|
||||||
--- shadow-4.8/src/gpasswd.c.audit-update 2019-07-23 17:26:08.000000000 +0200
|
--- shadow-4.8.1/src/gpasswd.c.audit-update 2019-07-23 17:26:08.000000000 +0200
|
||||||
+++ shadow-4.8/src/gpasswd.c 2020-01-13 10:15:51.803073362 +0100
|
+++ shadow-4.8.1/src/gpasswd.c 2020-03-17 16:53:44.371943299 +0100
|
||||||
@@ -138,7 +138,7 @@ static void usage (int status)
|
@@ -138,7 +138,7 @@ static void usage (int status)
|
||||||
(void) fputs (_(" -d, --delete USER remove USER from GROUP\n"), usageout);
|
(void) fputs (_(" -d, --delete USER remove USER from GROUP\n"), usageout);
|
||||||
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
|
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
|
||||||
@ -562,9 +562,9 @@ diff -up shadow-4.8/src/gpasswd.c.audit-update shadow-4.8/src/gpasswd.c
|
|||||||
SHADOW_AUDIT_SUCCESS);
|
SHADOW_AUDIT_SUCCESS);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
diff -up shadow-4.8/src/groupadd.c.audit-update shadow-4.8/src/groupadd.c
|
diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c
|
||||||
--- shadow-4.8/src/groupadd.c.audit-update 2019-07-23 17:26:08.000000000 +0200
|
--- shadow-4.8.1/src/groupadd.c.audit-update 2019-07-23 17:26:08.000000000 +0200
|
||||||
+++ shadow-4.8/src/groupadd.c 2020-01-13 10:15:51.804073345 +0100
|
+++ shadow-4.8.1/src/groupadd.c 2020-03-17 16:53:44.372943312 +0100
|
||||||
@@ -131,6 +131,15 @@ static /*@noreturn@*/void usage (int sta
|
@@ -131,6 +131,15 @@ static /*@noreturn@*/void usage (int sta
|
||||||
exit (status);
|
exit (status);
|
||||||
}
|
}
|
||||||
@ -740,9 +740,9 @@ diff -up shadow-4.8/src/groupadd.c.audit-update shadow-4.8/src/groupadd.c
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
diff -up shadow-4.8/src/groupdel.c.audit-update shadow-4.8/src/groupdel.c
|
diff -up shadow-4.8.1/src/groupdel.c.audit-update shadow-4.8.1/src/groupdel.c
|
||||||
--- shadow-4.8/src/groupdel.c.audit-update 2019-07-23 17:26:08.000000000 +0200
|
--- shadow-4.8.1/src/groupdel.c.audit-update 2019-07-23 17:26:08.000000000 +0200
|
||||||
+++ shadow-4.8/src/groupdel.c 2020-01-13 10:15:51.804073345 +0100
|
+++ shadow-4.8.1/src/groupdel.c 2020-03-17 16:53:44.372943312 +0100
|
||||||
@@ -106,6 +106,15 @@ static /*@noreturn@*/void usage (int sta
|
@@ -106,6 +106,15 @@ static /*@noreturn@*/void usage (int sta
|
||||||
exit (status);
|
exit (status);
|
||||||
}
|
}
|
||||||
@ -912,9 +912,9 @@ diff -up shadow-4.8/src/groupdel.c.audit-update shadow-4.8/src/groupdel.c
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
diff -up shadow-4.8/src/groupmod.c.audit-update shadow-4.8/src/groupmod.c
|
diff -up shadow-4.8.1/src/groupmod.c.audit-update shadow-4.8.1/src/groupmod.c
|
||||||
--- shadow-4.8/src/groupmod.c.audit-update 2019-07-23 17:26:08.000000000 +0200
|
--- shadow-4.8.1/src/groupmod.c.audit-update 2019-07-23 17:26:08.000000000 +0200
|
||||||
+++ shadow-4.8/src/groupmod.c 2020-01-13 10:15:51.805073328 +0100
|
+++ shadow-4.8.1/src/groupmod.c 2020-03-17 16:53:44.372943312 +0100
|
||||||
@@ -450,7 +450,7 @@ static void close_files (void)
|
@@ -450,7 +450,7 @@ static void close_files (void)
|
||||||
exit (E_GRP_UPDATE);
|
exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
@ -1118,9 +1118,9 @@ diff -up shadow-4.8/src/groupmod.c.audit-update shadow-4.8/src/groupmod.c
|
|||||||
|
|
||||||
// FIXME: add a system cleanup
|
// FIXME: add a system cleanup
|
||||||
add_cleanup (cleanup_report_mod_group, &info_group);
|
add_cleanup (cleanup_report_mod_group, &info_group);
|
||||||
diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
|
diff -up shadow-4.8.1/src/newgrp.c.audit-update shadow-4.8.1/src/newgrp.c
|
||||||
--- shadow-4.8/src/newgrp.c.audit-update 2019-07-23 17:26:08.000000000 +0200
|
--- shadow-4.8.1/src/newgrp.c.audit-update 2020-01-12 15:19:28.000000000 +0100
|
||||||
+++ shadow-4.8/src/newgrp.c 2020-01-13 10:15:51.806073311 +0100
|
+++ shadow-4.8.1/src/newgrp.c 2020-03-17 16:53:44.372943312 +0100
|
||||||
@@ -206,11 +206,12 @@ static void check_perms (const struct gr
|
@@ -206,11 +206,12 @@ static void check_perms (const struct gr
|
||||||
strcmp (cpasswd, grp->gr_passwd) != 0) {
|
strcmp (cpasswd, grp->gr_passwd) != 0) {
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
@ -1203,7 +1203,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
exit (EXIT_FAILURE);
|
exit (EXIT_FAILURE);
|
||||||
@@ -457,7 +458,7 @@ int main (int argc, char **argv)
|
@@ -458,7 +459,7 @@ int main (int argc, char **argv)
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_CHGRP_ID, Prog,
|
audit_logger (AUDIT_CHGRP_ID, Prog,
|
||||||
"changing", NULL,
|
"changing", NULL,
|
||||||
@ -1212,7 +1212,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
|
|||||||
#endif
|
#endif
|
||||||
SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)",
|
SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)",
|
||||||
(unsigned long) getuid ()));
|
(unsigned long) getuid ()));
|
||||||
@@ -573,15 +574,26 @@ int main (int argc, char **argv)
|
@@ -574,15 +575,26 @@ int main (int argc, char **argv)
|
||||||
perror ("getgroups");
|
perror ("getgroups");
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
if (group) {
|
if (group) {
|
||||||
@ -1243,7 +1243,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
exit (EXIT_FAILURE);
|
exit (EXIT_FAILURE);
|
||||||
@@ -738,10 +750,10 @@ int main (int argc, char **argv)
|
@@ -739,10 +751,10 @@ int main (int argc, char **argv)
|
||||||
perror ("setgid");
|
perror ("setgid");
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
snprintf (audit_buf, sizeof(audit_buf),
|
snprintf (audit_buf, sizeof(audit_buf),
|
||||||
@ -1256,7 +1256,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
|
|||||||
#endif
|
#endif
|
||||||
exit (EXIT_FAILURE);
|
exit (EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
@@ -750,10 +762,10 @@ int main (int argc, char **argv)
|
@@ -751,10 +763,10 @@ int main (int argc, char **argv)
|
||||||
perror ("setuid");
|
perror ("setuid");
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
snprintf (audit_buf, sizeof(audit_buf),
|
snprintf (audit_buf, sizeof(audit_buf),
|
||||||
@ -1269,7 +1269,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
|
|||||||
#endif
|
#endif
|
||||||
exit (EXIT_FAILURE);
|
exit (EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
@@ -767,10 +779,10 @@ int main (int argc, char **argv)
|
@@ -768,10 +780,10 @@ int main (int argc, char **argv)
|
||||||
execl (SHELL, "sh", "-c", command, (char *) 0);
|
execl (SHELL, "sh", "-c", command, (char *) 0);
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
snprintf (audit_buf, sizeof(audit_buf),
|
snprintf (audit_buf, sizeof(audit_buf),
|
||||||
@ -1282,7 +1282,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
|
|||||||
#endif
|
#endif
|
||||||
perror (SHELL);
|
perror (SHELL);
|
||||||
exit ((errno == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
|
exit ((errno == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
|
||||||
@@ -834,11 +846,11 @@ int main (int argc, char **argv)
|
@@ -835,11 +847,11 @@ int main (int argc, char **argv)
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
@ -1296,7 +1296,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
|
|||||||
#endif
|
#endif
|
||||||
/*
|
/*
|
||||||
* Exec the login shell and go away. We are trying to get back to
|
* Exec the login shell and go away. We are trying to get back to
|
||||||
@@ -862,15 +874,24 @@ int main (int argc, char **argv)
|
@@ -863,15 +875,24 @@ int main (int argc, char **argv)
|
||||||
closelog ();
|
closelog ();
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
if (NULL != group) {
|
if (NULL != group) {
|
||||||
@ -1325,9 +1325,9 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
exit (EXIT_FAILURE);
|
exit (EXIT_FAILURE);
|
||||||
diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
|
diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c
|
||||||
--- shadow-4.8/src/useradd.c.audit-update 2020-01-13 10:15:51.789073597 +0100
|
--- shadow-4.8.1/src/useradd.c.audit-update 2020-03-17 16:53:44.365943219 +0100
|
||||||
+++ shadow-4.8/src/useradd.c 2020-01-13 10:17:30.929406913 +0100
|
+++ shadow-4.8.1/src/useradd.c 2020-03-17 17:03:11.614503929 +0100
|
||||||
@@ -233,6 +233,8 @@ static void create_mail (void);
|
@@ -233,6 +233,8 @@ static void create_mail (void);
|
||||||
*/
|
*/
|
||||||
static void fail_exit (int code)
|
static void fail_exit (int code)
|
||||||
@ -1510,7 +1510,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
|
|||||||
SHADOW_AUDIT_SUCCESS);
|
SHADOW_AUDIT_SUCCESS);
|
||||||
#endif
|
#endif
|
||||||
SYSLOG ((LOG_INFO,
|
SYSLOG ((LOG_INFO,
|
||||||
@@ -1445,7 +1393,7 @@ static void process_flags (int argc, cha
|
@@ -1452,7 +1400,7 @@ static void process_flags (int argc, cha
|
||||||
Prog, user_name);
|
Prog, user_name);
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_ADD_USER, Prog,
|
audit_logger (AUDIT_ADD_USER, Prog,
|
||||||
@ -1519,7 +1519,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
|
|||||||
user_name, AUDIT_NO_ID,
|
user_name, AUDIT_NO_ID,
|
||||||
SHADOW_AUDIT_FAILURE);
|
SHADOW_AUDIT_FAILURE);
|
||||||
#endif
|
#endif
|
||||||
@@ -1560,7 +1508,7 @@ static void close_files (void)
|
@@ -1567,7 +1515,7 @@ static void close_files (void)
|
||||||
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
|
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_ADD_USER, Prog,
|
audit_logger (AUDIT_ADD_USER, Prog,
|
||||||
@ -1528,7 +1528,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
|
|||||||
user_name, AUDIT_NO_ID,
|
user_name, AUDIT_NO_ID,
|
||||||
SHADOW_AUDIT_FAILURE);
|
SHADOW_AUDIT_FAILURE);
|
||||||
#endif
|
#endif
|
||||||
@@ -1573,7 +1521,7 @@ static void close_files (void)
|
@@ -1580,7 +1528,7 @@ static void close_files (void)
|
||||||
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
|
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_ADD_USER, Prog,
|
audit_logger (AUDIT_ADD_USER, Prog,
|
||||||
@ -1537,7 +1537,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
|
|||||||
user_name, AUDIT_NO_ID,
|
user_name, AUDIT_NO_ID,
|
||||||
SHADOW_AUDIT_FAILURE);
|
SHADOW_AUDIT_FAILURE);
|
||||||
#endif
|
#endif
|
||||||
@@ -1585,7 +1533,7 @@ static void close_files (void)
|
@@ -1592,7 +1540,7 @@ static void close_files (void)
|
||||||
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
|
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_ADD_USER, Prog,
|
audit_logger (AUDIT_ADD_USER, Prog,
|
||||||
@ -1546,7 +1546,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
|
|||||||
user_name, AUDIT_NO_ID,
|
user_name, AUDIT_NO_ID,
|
||||||
SHADOW_AUDIT_FAILURE);
|
SHADOW_AUDIT_FAILURE);
|
||||||
#endif
|
#endif
|
||||||
@@ -1599,7 +1547,7 @@ static void close_files (void)
|
@@ -1606,7 +1554,7 @@ static void close_files (void)
|
||||||
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
|
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_ADD_USER, Prog,
|
audit_logger (AUDIT_ADD_USER, Prog,
|
||||||
@ -1555,7 +1555,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
|
|||||||
user_name, AUDIT_NO_ID,
|
user_name, AUDIT_NO_ID,
|
||||||
SHADOW_AUDIT_FAILURE);
|
SHADOW_AUDIT_FAILURE);
|
||||||
#endif
|
#endif
|
||||||
@@ -1615,7 +1563,7 @@ static void close_files (void)
|
@@ -1622,7 +1570,7 @@ static void close_files (void)
|
||||||
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
|
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_ADD_USER, Prog,
|
audit_logger (AUDIT_ADD_USER, Prog,
|
||||||
@ -1564,7 +1564,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
|
|||||||
user_name, AUDIT_NO_ID,
|
user_name, AUDIT_NO_ID,
|
||||||
SHADOW_AUDIT_FAILURE);
|
SHADOW_AUDIT_FAILURE);
|
||||||
#endif
|
#endif
|
||||||
@@ -1629,7 +1577,7 @@ static void close_files (void)
|
@@ -1636,7 +1584,7 @@ static void close_files (void)
|
||||||
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
|
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_ADD_USER, Prog,
|
audit_logger (AUDIT_ADD_USER, Prog,
|
||||||
@ -1573,7 +1573,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
|
|||||||
user_name, AUDIT_NO_ID,
|
user_name, AUDIT_NO_ID,
|
||||||
SHADOW_AUDIT_FAILURE);
|
SHADOW_AUDIT_FAILURE);
|
||||||
#endif
|
#endif
|
||||||
@@ -1821,7 +1769,7 @@ static void grp_add (void)
|
@@ -1828,7 +1776,7 @@ static void grp_add (void)
|
||||||
Prog, gr_dbname (), grp.gr_name);
|
Prog, gr_dbname (), grp.gr_name);
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_ADD_GROUP, Prog,
|
audit_logger (AUDIT_ADD_GROUP, Prog,
|
||||||
@ -1582,7 +1582,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
|
|||||||
grp.gr_name, AUDIT_NO_ID,
|
grp.gr_name, AUDIT_NO_ID,
|
||||||
SHADOW_AUDIT_FAILURE);
|
SHADOW_AUDIT_FAILURE);
|
||||||
#endif
|
#endif
|
||||||
@@ -1837,7 +1785,7 @@ static void grp_add (void)
|
@@ -1844,7 +1792,7 @@ static void grp_add (void)
|
||||||
Prog, sgr_dbname (), sgrp.sg_name);
|
Prog, sgr_dbname (), sgrp.sg_name);
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_ADD_GROUP, Prog,
|
audit_logger (AUDIT_ADD_GROUP, Prog,
|
||||||
@ -1591,7 +1591,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
|
|||||||
grp.gr_name, AUDIT_NO_ID,
|
grp.gr_name, AUDIT_NO_ID,
|
||||||
SHADOW_AUDIT_FAILURE);
|
SHADOW_AUDIT_FAILURE);
|
||||||
#endif
|
#endif
|
||||||
@@ -1847,7 +1795,7 @@ static void grp_add (void)
|
@@ -1854,7 +1802,7 @@ static void grp_add (void)
|
||||||
SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", user_name, user_gid));
|
SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", user_name, user_gid));
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_ADD_GROUP, Prog,
|
audit_logger (AUDIT_ADD_GROUP, Prog,
|
||||||
@ -1600,7 +1600,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
|
|||||||
grp.gr_name, AUDIT_NO_ID,
|
grp.gr_name, AUDIT_NO_ID,
|
||||||
SHADOW_AUDIT_SUCCESS);
|
SHADOW_AUDIT_SUCCESS);
|
||||||
#endif
|
#endif
|
||||||
@@ -2015,12 +1963,6 @@ static void usr_update (void)
|
@@ -2025,12 +1973,6 @@ static void usr_update (void)
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: failed to prepare the new %s entry '%s'\n"),
|
_("%s: failed to prepare the new %s entry '%s'\n"),
|
||||||
Prog, spw_dbname (), spent.sp_namp);
|
Prog, spw_dbname (), spent.sp_namp);
|
||||||
@ -1613,7 +1613,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
|
|||||||
fail_exit (E_PW_UPDATE);
|
fail_exit (E_PW_UPDATE);
|
||||||
}
|
}
|
||||||
#ifdef ENABLE_SUBIDS
|
#ifdef ENABLE_SUBIDS
|
||||||
@@ -2041,9 +1983,14 @@ static void usr_update (void)
|
@@ -2051,9 +1993,14 @@ static void usr_update (void)
|
||||||
#endif /* ENABLE_SUBIDS */
|
#endif /* ENABLE_SUBIDS */
|
||||||
|
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
@ -1630,7 +1630,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
|
|||||||
SHADOW_AUDIT_SUCCESS);
|
SHADOW_AUDIT_SUCCESS);
|
||||||
#endif
|
#endif
|
||||||
/*
|
/*
|
||||||
@@ -2130,12 +2077,6 @@ static void create_home (void)
|
@@ -2140,12 +2087,6 @@ static void create_home (void)
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: cannot create directory %s\n"),
|
_("%s: cannot create directory %s\n"),
|
||||||
Prog, path);
|
Prog, path);
|
||||||
@ -1643,8 +1643,8 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
|
|||||||
fail_exit (E_HOMEDIR);
|
fail_exit (E_HOMEDIR);
|
||||||
}
|
}
|
||||||
if (chown (path, 0, 0) < 0) {
|
if (chown (path, 0, 0) < 0) {
|
||||||
@@ -2157,8 +2098,8 @@ static void create_home (void)
|
@@ -2168,8 +2109,8 @@ static void create_home (void)
|
||||||
0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
|
chmod (prefix_user_home, mode);
|
||||||
home_added = true;
|
home_added = true;
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
- audit_logger (AUDIT_ADD_USER, Prog,
|
- audit_logger (AUDIT_ADD_USER, Prog,
|
||||||
@ -1654,7 +1654,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
|
|||||||
user_name, (unsigned int) user_id,
|
user_name, (unsigned int) user_id,
|
||||||
SHADOW_AUDIT_SUCCESS);
|
SHADOW_AUDIT_SUCCESS);
|
||||||
#endif
|
#endif
|
||||||
@@ -2343,12 +2284,6 @@ int main (int argc, char **argv)
|
@@ -2354,12 +2295,6 @@ int main (int argc, char **argv)
|
||||||
*/
|
*/
|
||||||
if (prefix_getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */
|
if (prefix_getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */
|
||||||
fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name);
|
fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name);
|
||||||
@ -1667,7 +1667,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
|
|||||||
fail_exit (E_NAME_IN_USE);
|
fail_exit (E_NAME_IN_USE);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2364,12 +2299,6 @@ int main (int argc, char **argv)
|
@@ -2375,12 +2310,6 @@ int main (int argc, char **argv)
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: group %s exists - if you want to add this user to that group, use -g.\n"),
|
_("%s: group %s exists - if you want to add this user to that group, use -g.\n"),
|
||||||
Prog, user_name);
|
Prog, user_name);
|
||||||
@ -1680,7 +1680,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
|
|||||||
fail_exit (E_NAME_IN_USE);
|
fail_exit (E_NAME_IN_USE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -2399,12 +2328,6 @@ int main (int argc, char **argv)
|
@@ -2410,12 +2339,6 @@ int main (int argc, char **argv)
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: UID %lu is not unique\n"),
|
_("%s: UID %lu is not unique\n"),
|
||||||
Prog, (unsigned long) user_id);
|
Prog, (unsigned long) user_id);
|
||||||
@ -1693,7 +1693,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
|
|||||||
fail_exit (E_UID_IN_USE);
|
fail_exit (E_UID_IN_USE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -2478,9 +2401,10 @@ int main (int argc, char **argv)
|
@@ -2489,9 +2412,10 @@ int main (int argc, char **argv)
|
||||||
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
||||||
Prog, user_name, user_selinux);
|
Prog, user_name, user_selinux);
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
@ -1707,9 +1707,9 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
|
|||||||
#endif /* WITH_AUDIT */
|
#endif /* WITH_AUDIT */
|
||||||
rv = E_SE_UPDATE;
|
rv = E_SE_UPDATE;
|
||||||
}
|
}
|
||||||
diff -up shadow-4.8/src/userdel.c.audit-update shadow-4.8/src/userdel.c
|
diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c
|
||||||
--- shadow-4.8/src/userdel.c.audit-update 2020-01-13 10:15:51.797073462 +0100
|
--- shadow-4.8.1/src/userdel.c.audit-update 2020-03-17 16:53:44.368943259 +0100
|
||||||
+++ shadow-4.8/src/userdel.c 2020-01-13 10:15:51.809073261 +0100
|
+++ shadow-4.8.1/src/userdel.c 2020-03-17 16:53:44.373943325 +0100
|
||||||
@@ -222,9 +222,9 @@ static void update_groups (void)
|
@@ -222,9 +222,9 @@ static void update_groups (void)
|
||||||
* Update the DBM group file with the new entry as well.
|
* Update the DBM group file with the new entry as well.
|
||||||
*/
|
*/
|
||||||
@ -2037,9 +2037,9 @@ diff -up shadow-4.8/src/userdel.c.audit-update shadow-4.8/src/userdel.c
|
|||||||
user_name, (unsigned int) user_id,
|
user_name, (unsigned int) user_id,
|
||||||
SHADOW_AUDIT_FAILURE);
|
SHADOW_AUDIT_FAILURE);
|
||||||
#endif /* WITH_AUDIT */
|
#endif /* WITH_AUDIT */
|
||||||
diff -up shadow-4.8/src/usermod.c.audit-update shadow-4.8/src/usermod.c
|
diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c
|
||||||
--- shadow-4.8/src/usermod.c.audit-update 2020-01-13 10:15:51.800073412 +0100
|
--- shadow-4.8.1/src/usermod.c.audit-update 2020-03-17 16:53:44.370943285 +0100
|
||||||
+++ shadow-4.8/src/usermod.c 2020-01-13 10:15:51.812073210 +0100
|
+++ shadow-4.8.1/src/usermod.c 2020-03-17 16:53:44.373943325 +0100
|
||||||
@@ -457,8 +457,8 @@ static char *new_pw_passwd (char *pw_pas
|
@@ -457,8 +457,8 @@ static char *new_pw_passwd (char *pw_pas
|
||||||
|
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
39
shadow-4.8.1-commonio-force-lock-file-sync.patch
Normal file
39
shadow-4.8.1-commonio-force-lock-file-sync.patch
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
From fb0f702cbf958a5ee9097c1611212c9880b347ce Mon Sep 17 00:00:00 2001
|
||||||
|
From: ikerexxe <ipedrosa@redhat.com>
|
||||||
|
Date: Mon, 2 Nov 2020 17:08:55 +0100
|
||||||
|
Subject: [PATCH] commonio: force lock file sync
|
||||||
|
|
||||||
|
lib/commonio.c: after writing to the lock file, force a file sync to
|
||||||
|
the storage system.
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1862056
|
||||||
|
---
|
||||||
|
lib/commonio.c | 12 +++++++++++-
|
||||||
|
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/commonio.c b/lib/commonio.c
|
||||||
|
index 16fa7e75..c5b3d104 100644
|
||||||
|
--- a/lib/commonio.c
|
||||||
|
+++ b/lib/commonio.c
|
||||||
|
@@ -157,7 +157,17 @@ static int do_lock_file (const char *file, const char *lock, bool log)
|
||||||
|
if (write (fd, buf, (size_t) len) != len) {
|
||||||
|
if (log) {
|
||||||
|
(void) fprintf (stderr,
|
||||||
|
- "%s: %s: %s\n",
|
||||||
|
+ "%s: %s file write error: %s\n",
|
||||||
|
+ Prog, file, strerror (errno));
|
||||||
|
+ }
|
||||||
|
+ (void) close (fd);
|
||||||
|
+ unlink (file);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+ if (fdatasync (fd) == -1) {
|
||||||
|
+ if (log) {
|
||||||
|
+ (void) fprintf (stderr,
|
||||||
|
+ "%s: %s file sync error: %s\n",
|
||||||
|
Prog, file, strerror (errno));
|
||||||
|
}
|
||||||
|
(void) close (fd);
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
@ -1,6 +1,6 @@
|
|||||||
diff -up shadow-4.8/man/chage.1.xml.manfix shadow-4.8/man/chage.1.xml
|
diff -up shadow-4.8.1/man/chage.1.xml.manfix shadow-4.8.1/man/chage.1.xml
|
||||||
--- shadow-4.8/man/chage.1.xml.manfix 2019-10-05 01:28:34.000000000 +0200
|
--- shadow-4.8.1/man/chage.1.xml.manfix 2019-10-05 01:28:34.000000000 +0200
|
||||||
+++ shadow-4.8/man/chage.1.xml 2020-01-13 10:12:48.445155882 +0100
|
+++ shadow-4.8.1/man/chage.1.xml 2020-03-17 15:34:48.750414984 +0100
|
||||||
@@ -102,6 +102,9 @@
|
@@ -102,6 +102,9 @@
|
||||||
Set the number of days since January 1st, 1970 when the password
|
Set the number of days since January 1st, 1970 when the password
|
||||||
was last changed. The date may also be expressed in the format
|
was last changed. The date may also be expressed in the format
|
||||||
@ -44,9 +44,9 @@ diff -up shadow-4.8/man/chage.1.xml.manfix shadow-4.8/man/chage.1.xml
|
|||||||
<para>The <command>chage</command> command is restricted to the root
|
<para>The <command>chage</command> command is restricted to the root
|
||||||
user, except for the <option>-l</option> option, which may be used by
|
user, except for the <option>-l</option> option, which may be used by
|
||||||
an unprivileged user to determine when their password or account is due
|
an unprivileged user to determine when their password or account is due
|
||||||
diff -up shadow-4.8/man/groupadd.8.xml.manfix shadow-4.8/man/groupadd.8.xml
|
diff -up shadow-4.8.1/man/groupadd.8.xml.manfix shadow-4.8.1/man/groupadd.8.xml
|
||||||
--- shadow-4.8/man/groupadd.8.xml.manfix 2020-01-13 10:12:48.432156100 +0100
|
--- shadow-4.8.1/man/groupadd.8.xml.manfix 2020-03-17 15:34:48.745414917 +0100
|
||||||
+++ shadow-4.8/man/groupadd.8.xml 2020-01-13 10:13:06.096859122 +0100
|
+++ shadow-4.8.1/man/groupadd.8.xml 2020-03-17 15:34:48.750414984 +0100
|
||||||
@@ -320,13 +320,13 @@
|
@@ -320,13 +320,13 @@
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><replaceable>4</replaceable></term>
|
<term><replaceable>4</replaceable></term>
|
||||||
@ -63,15 +63,15 @@ diff -up shadow-4.8/man/groupadd.8.xml.manfix shadow-4.8/man/groupadd.8.xml
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
diff -up shadow-4.8/man/groupmems.8.xml.manfix shadow-4.8/man/groupmems.8.xml
|
diff -up shadow-4.8.1/man/groupmems.8.xml.manfix shadow-4.8.1/man/groupmems.8.xml
|
||||||
--- shadow-4.8/man/groupmems.8.xml.manfix 2019-07-23 17:26:08.000000000 +0200
|
--- shadow-4.8.1/man/groupmems.8.xml.manfix 2020-03-17 15:34:48.750414984 +0100
|
||||||
+++ shadow-4.8/man/groupmems.8.xml 2020-01-13 10:12:48.445155882 +0100
|
+++ shadow-4.8.1/man/groupmems.8.xml 2020-03-17 15:41:13.383588722 +0100
|
||||||
@@ -179,20 +179,10 @@
|
@@ -179,20 +179,10 @@
|
||||||
<refsect1 id='setup'>
|
<refsect1 id='setup'>
|
||||||
<title>SETUP</title>
|
<title>SETUP</title>
|
||||||
<para>
|
<para>
|
||||||
- The <command>groupmems</command> executable should be in mode
|
- The <command>groupmems</command> executable should be in mode
|
||||||
- <literal>2770</literal> as user <emphasis>root</emphasis> and in group
|
- <literal>2710</literal> as user <emphasis>root</emphasis> and in group
|
||||||
- <emphasis>groups</emphasis>. The system administrator can add users to
|
- <emphasis>groups</emphasis>. The system administrator can add users to
|
||||||
- group <emphasis>groups</emphasis> to allow or disallow them using the
|
- group <emphasis>groups</emphasis> to allow or disallow them using the
|
||||||
- <command>groupmems</command> utility to manage their own group
|
- <command>groupmems</command> utility to manage their own group
|
||||||
@ -83,16 +83,16 @@ diff -up shadow-4.8/man/groupmems.8.xml.manfix shadow-4.8/man/groupmems.8.xml
|
|||||||
-
|
-
|
||||||
- <programlisting>
|
- <programlisting>
|
||||||
- $ groupadd -r groups
|
- $ groupadd -r groups
|
||||||
- $ chmod 2770 groupmems
|
- $ chmod 2710 groupmems
|
||||||
- $ chown root.groups groupmems
|
- $ chown root.groups groupmems
|
||||||
- $ groupmems -g groups -a gk4
|
- $ groupmems -g groups -a gk4
|
||||||
- </programlisting>
|
- </programlisting>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
<refsect1 id='configuration'>
|
<refsect1 id='configuration'>
|
||||||
diff -up shadow-4.8/man/ja/man5/login.defs.5.manfix shadow-4.8/man/ja/man5/login.defs.5
|
diff -up shadow-4.8.1/man/ja/man5/login.defs.5.manfix shadow-4.8.1/man/ja/man5/login.defs.5
|
||||||
--- shadow-4.8/man/ja/man5/login.defs.5.manfix 2019-07-23 17:26:08.000000000 +0200
|
--- shadow-4.8.1/man/ja/man5/login.defs.5.manfix 2019-07-23 17:26:08.000000000 +0200
|
||||||
+++ shadow-4.8/man/ja/man5/login.defs.5 2020-01-13 10:12:48.445155882 +0100
|
+++ shadow-4.8.1/man/ja/man5/login.defs.5 2020-03-17 15:34:48.750414984 +0100
|
||||||
@@ -147,10 +147,6 @@ 以下の参照表は、
|
@@ -147,10 +147,6 @@ 以下の参照表は、
|
||||||
shadow パスワード機能のどのプログラムが
|
shadow パスワード機能のどのプログラムが
|
||||||
どのパラメータを使用するかを示したものである。
|
どのパラメータを使用するかを示したものである。
|
||||||
@ -104,10 +104,10 @@ diff -up shadow-4.8/man/ja/man5/login.defs.5.manfix shadow-4.8/man/ja/man5/login
|
|||||||
.IP groupadd 12
|
.IP groupadd 12
|
||||||
GID_MAX GID_MIN
|
GID_MAX GID_MIN
|
||||||
.IP newusers 12
|
.IP newusers 12
|
||||||
diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
|
diff -up shadow-4.8.1/man/login.defs.5.xml.manfix shadow-4.8.1/man/login.defs.5.xml
|
||||||
--- shadow-4.8/man/login.defs.5.xml.manfix 2019-07-23 17:26:08.000000000 +0200
|
--- shadow-4.8.1/man/login.defs.5.xml.manfix 2020-01-17 16:47:56.000000000 +0100
|
||||||
+++ shadow-4.8/man/login.defs.5.xml 2020-01-13 10:14:10.491776547 +0100
|
+++ shadow-4.8.1/man/login.defs.5.xml 2020-03-17 15:34:48.750414984 +0100
|
||||||
@@ -163,6 +163,17 @@
|
@@ -164,6 +164,17 @@
|
||||||
long numeric parameters is machine-dependent.
|
long numeric parameters is machine-dependent.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
@ -125,7 +125,7 @@ diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
|
|||||||
<para>The following configuration items are provided:</para>
|
<para>The following configuration items are provided:</para>
|
||||||
|
|
||||||
<variablelist remap='IP'>
|
<variablelist remap='IP'>
|
||||||
@@ -254,16 +265,6 @@
|
@@ -256,16 +267,6 @@
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
@ -142,7 +142,7 @@ diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
|
|||||||
<term>chgpasswd</term>
|
<term>chgpasswd</term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
@@ -284,14 +285,6 @@
|
@@ -286,14 +287,6 @@
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
@ -157,7 +157,7 @@ diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
|
|||||||
<!-- expiry: no variables (CONSOLE_GROUPS linked, but not used) -->
|
<!-- expiry: no variables (CONSOLE_GROUPS linked, but not used) -->
|
||||||
<!-- faillog: no variables -->
|
<!-- faillog: no variables -->
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
@@ -357,34 +350,6 @@
|
@@ -359,34 +352,6 @@
|
||||||
<para>LASTLOG_UID_MAX</para>
|
<para>LASTLOG_UID_MAX</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
@ -192,7 +192,7 @@ diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
|
|||||||
<!-- logoutd: no variables -->
|
<!-- logoutd: no variables -->
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>newgrp / sg</term>
|
<term>newgrp / sg</term>
|
||||||
@@ -412,17 +377,6 @@
|
@@ -415,17 +380,6 @@
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<!-- nologin: no variables -->
|
<!-- nologin: no variables -->
|
||||||
@ -210,7 +210,7 @@ diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
|
|||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>pwck</term>
|
<term>pwck</term>
|
||||||
<listitem>
|
<listitem>
|
||||||
@@ -449,32 +403,6 @@
|
@@ -452,32 +406,6 @@
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
@ -243,9 +243,9 @@ diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
|
|||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>useradd</term>
|
<term>useradd</term>
|
||||||
<listitem>
|
<listitem>
|
||||||
diff -up shadow-4.8/man/shadow.5.xml.manfix shadow-4.8/man/shadow.5.xml
|
diff -up shadow-4.8.1/man/shadow.5.xml.manfix shadow-4.8.1/man/shadow.5.xml
|
||||||
--- shadow-4.8/man/shadow.5.xml.manfix 2019-12-01 17:52:32.000000000 +0100
|
--- shadow-4.8.1/man/shadow.5.xml.manfix 2019-12-01 17:52:32.000000000 +0100
|
||||||
+++ shadow-4.8/man/shadow.5.xml 2020-01-13 10:12:48.446155865 +0100
|
+++ shadow-4.8.1/man/shadow.5.xml 2020-03-17 15:34:48.750414984 +0100
|
||||||
@@ -129,7 +129,7 @@
|
@@ -129,7 +129,7 @@
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
@ -275,10 +275,10 @@ diff -up shadow-4.8/man/shadow.5.xml.manfix shadow-4.8/man/shadow.5.xml
|
|||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
Note that an account expiration differs from a password
|
Note that an account expiration differs from a password
|
||||||
diff -up shadow-4.8/man/useradd.8.xml.manfix shadow-4.8/man/useradd.8.xml
|
diff -up shadow-4.8.1/man/useradd.8.xml.manfix shadow-4.8.1/man/useradd.8.xml
|
||||||
--- shadow-4.8/man/useradd.8.xml.manfix 2020-01-13 10:12:48.432156100 +0100
|
--- shadow-4.8.1/man/useradd.8.xml.manfix 2020-03-17 15:34:48.745414917 +0100
|
||||||
+++ shadow-4.8/man/useradd.8.xml 2020-01-13 10:12:48.446155865 +0100
|
+++ shadow-4.8.1/man/useradd.8.xml 2020-03-17 15:34:48.751414997 +0100
|
||||||
@@ -358,6 +358,11 @@
|
@@ -359,6 +359,11 @@
|
||||||
<option>CREATE_HOME</option> is not enabled, no home
|
<option>CREATE_HOME</option> is not enabled, no home
|
||||||
directories are created.
|
directories are created.
|
||||||
</para>
|
</para>
|
||||||
@ -290,10 +290,10 @@ diff -up shadow-4.8/man/useradd.8.xml.manfix shadow-4.8/man/useradd.8.xml
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
diff -up shadow-4.8/man/usermod.8.xml.manfix shadow-4.8/man/usermod.8.xml
|
diff -up shadow-4.8.1/man/usermod.8.xml.manfix shadow-4.8.1/man/usermod.8.xml
|
||||||
--- shadow-4.8/man/usermod.8.xml.manfix 2019-10-05 03:23:58.000000000 +0200
|
--- shadow-4.8.1/man/usermod.8.xml.manfix 2019-12-20 06:58:23.000000000 +0100
|
||||||
+++ shadow-4.8/man/usermod.8.xml 2020-01-13 10:12:48.446155865 +0100
|
+++ shadow-4.8.1/man/usermod.8.xml 2020-03-17 15:34:48.751414997 +0100
|
||||||
@@ -153,7 +153,8 @@
|
@@ -143,7 +143,8 @@
|
||||||
If the <option>-m</option>
|
If the <option>-m</option>
|
||||||
option is given, the contents of the current home directory will
|
option is given, the contents of the current home directory will
|
||||||
be moved to the new home directory, which is created if it does
|
be moved to the new home directory, which is created if it does
|
||||||
@ -303,7 +303,7 @@ diff -up shadow-4.8/man/usermod.8.xml.manfix shadow-4.8/man/usermod.8.xml
|
|||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
@@ -215,6 +216,12 @@
|
@@ -205,6 +206,12 @@
|
||||||
The group ownership of files outside of the user's home directory
|
The group ownership of files outside of the user's home directory
|
||||||
must be fixed manually.
|
must be fixed manually.
|
||||||
</para>
|
</para>
|
||||||
@ -316,7 +316,7 @@ diff -up shadow-4.8/man/usermod.8.xml.manfix shadow-4.8/man/usermod.8.xml
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
@@ -277,7 +284,8 @@
|
@@ -267,7 +274,8 @@
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Move the content of the user's home directory to the new
|
Move the content of the user's home directory to the new
|
||||||
@ -326,7 +326,7 @@ diff -up shadow-4.8/man/usermod.8.xml.manfix shadow-4.8/man/usermod.8.xml
|
|||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
This option is only valid in combination with the
|
This option is only valid in combination with the
|
||||||
@@ -391,6 +399,12 @@
|
@@ -381,6 +389,12 @@
|
||||||
must be fixed manually.
|
must be fixed manually.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
35
shadow-4.8.1-useradd-man-clarification.patch
Normal file
35
shadow-4.8.1-useradd-man-clarification.patch
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
From 6543c600d841e4f7779269412d470e50eae25b13 Mon Sep 17 00:00:00 2001
|
||||||
|
From: ikerexxe <ipedrosa@redhat.com>
|
||||||
|
Date: Wed, 4 Mar 2020 14:50:04 +0100
|
||||||
|
Subject: [PATCH] useradd: clarify the useradd -d parameter behavior in man
|
||||||
|
page
|
||||||
|
|
||||||
|
Explanation: clarify the useradd -d parameter as it does create directory HOME_DIR if it doesn't exit.
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1677005
|
||||||
|
|
||||||
|
Changelog: [serge] minor tweak to the text
|
||||||
|
---
|
||||||
|
man/useradd.8.xml | 6 ++++--
|
||||||
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/man/useradd.8.xml b/man/useradd.8.xml
|
||||||
|
index 03612ce8..023c0d69 100644
|
||||||
|
--- a/man/useradd.8.xml
|
||||||
|
+++ b/man/useradd.8.xml
|
||||||
|
@@ -181,8 +181,10 @@
|
||||||
|
login directory. The default is to append the
|
||||||
|
<replaceable>LOGIN</replaceable> name to
|
||||||
|
<replaceable>BASE_DIR</replaceable> and use that as the login
|
||||||
|
- directory name. The directory <replaceable>HOME_DIR</replaceable>
|
||||||
|
- does not have to exist but will not be created if it is missing.
|
||||||
|
+ directory name. If the directory
|
||||||
|
+ <replaceable>HOME_DIR</replaceable> does not exist, then it
|
||||||
|
+ will be created unless the <option>-M</option> option is
|
||||||
|
+ specified.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
--
|
||||||
|
2.25.1
|
||||||
|
|
43
shadow-utils.HOME_MODE.xml
Normal file
43
shadow-utils.HOME_MODE.xml
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
<!--
|
||||||
|
Copyright (c) 1991 - 1993, Julianne Frances Haugh
|
||||||
|
Copyright (c) 1991 - 1993, Chip Rosenthal
|
||||||
|
Copyright (c) 2007 - 2009, Nicolas François
|
||||||
|
All rights reserved.
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without
|
||||||
|
modification, are permitted provided that the following conditions
|
||||||
|
are met:
|
||||||
|
1. Redistributions of source code must retain the above copyright
|
||||||
|
notice, this list of conditions and the following disclaimer.
|
||||||
|
2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
notice, this list of conditions and the following disclaimer in the
|
||||||
|
documentation and/or other materials provided with the distribution.
|
||||||
|
3. The name of the copyright holders or contributors may not be used to
|
||||||
|
endorse or promote products derived from this software without
|
||||||
|
specific prior written permission.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
|
``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
|
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||||
|
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||||
|
HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||||
|
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||||
|
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||||
|
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||||
|
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||||
|
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
-->
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>HOME_MODE</option> (number)</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The mode for new home directories. If not specified,
|
||||||
|
the <option>UMASK</option> is used to create the mode.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<command>useradd</command> and <command>newusers</command> use this
|
||||||
|
to set the mode of the home directory they create.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
@ -6,15 +6,121 @@
|
|||||||
# /etc/pam.d/system-auth for more information.
|
# /etc/pam.d/system-auth for more information.
|
||||||
#
|
#
|
||||||
|
|
||||||
|
#
|
||||||
|
# Delay in seconds before being allowed another attempt after a login failure
|
||||||
|
# Note: When PAM is used, some modules may enforce a minimum delay (e.g.
|
||||||
|
# pam_unix(8) enforces a 2s delay)
|
||||||
|
#
|
||||||
|
#FAIL_DELAY 3
|
||||||
|
|
||||||
|
# Currently FAILLOG_ENAB is not supported
|
||||||
|
|
||||||
|
#
|
||||||
|
# Enable display of unknown usernames when login(1) failures are recorded.
|
||||||
|
#
|
||||||
|
#LOG_UNKFAIL_ENAB no
|
||||||
|
|
||||||
|
# Currently LOG_OK_LOGINS is not supported
|
||||||
|
|
||||||
|
# Currently LASTLOG_ENAB is not supported
|
||||||
|
|
||||||
|
#
|
||||||
|
# Limit the highest user ID number for which the lastlog entries should
|
||||||
|
# be updated.
|
||||||
|
#
|
||||||
|
# No LASTLOG_UID_MAX means that there is no user ID limit for writing
|
||||||
|
# lastlog entries.
|
||||||
|
#
|
||||||
|
#LASTLOG_UID_MAX
|
||||||
|
|
||||||
|
# Currently MAIL_CHECK_ENAB is not supported
|
||||||
|
|
||||||
|
# Currently OBSCURE_CHECKS_ENAB is not supported
|
||||||
|
|
||||||
|
# Currently PORTTIME_CHECKS_ENAB is not supported
|
||||||
|
|
||||||
|
# Currently QUOTAS_ENAB is not supported
|
||||||
|
|
||||||
|
# Currently SYSLOG_SU_ENAB is not supported
|
||||||
|
|
||||||
|
#
|
||||||
|
# Enable "syslog" logging of newgrp(1) and sg(1) activity.
|
||||||
|
#
|
||||||
|
#SYSLOG_SG_ENAB yes
|
||||||
|
|
||||||
|
# Currently CONSOLE is not supported
|
||||||
|
|
||||||
|
# Currently SULOG_FILE is not supported
|
||||||
|
|
||||||
|
# Currently MOTD_FILE is not supported
|
||||||
|
|
||||||
|
# Currently ISSUE_FILE is not supported
|
||||||
|
|
||||||
|
# Currently TTYTYPE_FILE is not supported
|
||||||
|
|
||||||
|
# Currently FTMP_FILE is not supported
|
||||||
|
|
||||||
|
# Currently NOLOGINS_FILE is not supported
|
||||||
|
|
||||||
|
# Currently SU_NAME is not supported
|
||||||
|
|
||||||
# *REQUIRED*
|
# *REQUIRED*
|
||||||
# Directory where mailboxes reside, _or_ name of file, relative to the
|
# Directory where mailboxes reside, _or_ name of file, relative to the
|
||||||
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
|
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
|
||||||
# QMAIL_DIR is for Qmail
|
|
||||||
#
|
#
|
||||||
#QMAIL_DIR Maildir
|
|
||||||
MAIL_DIR /var/spool/mail
|
MAIL_DIR /var/spool/mail
|
||||||
#MAIL_FILE .mail
|
#MAIL_FILE .mail
|
||||||
|
|
||||||
|
#
|
||||||
|
# If defined, file which inhibits all the usual chatter during the login
|
||||||
|
# sequence. If a full pathname, then hushed mode will be enabled if the
|
||||||
|
# user's name or shell are found in the file. If not a full pathname, then
|
||||||
|
# hushed mode will be enabled if the file exists in the user's home directory.
|
||||||
|
#
|
||||||
|
#HUSHLOGIN_FILE .hushlogin
|
||||||
|
#HUSHLOGIN_FILE /etc/hushlogins
|
||||||
|
|
||||||
|
# Currently ENV_TZ is not supported
|
||||||
|
|
||||||
|
# Currently ENV_HZ is not supported
|
||||||
|
|
||||||
|
#
|
||||||
|
# The default PATH settings, for superuser and normal users.
|
||||||
|
#
|
||||||
|
# (they are minimal, add the rest in the shell startup files)
|
||||||
|
#ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
#ENV_PATH PATH=/bin:/usr/bin
|
||||||
|
|
||||||
|
#
|
||||||
|
# Terminal permissions
|
||||||
|
#
|
||||||
|
# TTYGROUP Login tty will be assigned this group ownership.
|
||||||
|
# TTYPERM Login tty will be set to this permission.
|
||||||
|
#
|
||||||
|
# If you have a write(1) program which is "setgid" to a special group
|
||||||
|
# which owns the terminals, define TTYGROUP as the number of such group
|
||||||
|
# and TTYPERM as 0620. Otherwise leave TTYGROUP commented out and
|
||||||
|
# set TTYPERM to either 622 or 600.
|
||||||
|
#
|
||||||
|
#TTYGROUP tty
|
||||||
|
#TTYPERM 0600
|
||||||
|
|
||||||
|
# Currently ERASECHAR, KILLCHAR and ULIMIT are not supported
|
||||||
|
|
||||||
|
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
|
||||||
|
# Default "umask" value for pam_umask(8) on PAM enabled systems.
|
||||||
|
# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
|
||||||
|
# home directories if HOME_MODE is not set.
|
||||||
|
# 022 is the default value, but 027, or even 077, could be considered
|
||||||
|
# for increased privacy. There is no One True Answer here: each sysadmin
|
||||||
|
# must make up their mind.
|
||||||
|
UMASK 022
|
||||||
|
|
||||||
|
# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
|
||||||
|
# home directories.
|
||||||
|
# If HOME_MODE is not set, the value of UMASK is used to create the mode.
|
||||||
|
HOME_MODE 0700
|
||||||
|
|
||||||
# Password aging controls:
|
# Password aging controls:
|
||||||
#
|
#
|
||||||
# PASS_MAX_DAYS Maximum number of days a password may be used.
|
# PASS_MAX_DAYS Maximum number of days a password may be used.
|
||||||
@ -24,26 +130,105 @@ MAIL_DIR /var/spool/mail
|
|||||||
#
|
#
|
||||||
PASS_MAX_DAYS 99999
|
PASS_MAX_DAYS 99999
|
||||||
PASS_MIN_DAYS 0
|
PASS_MIN_DAYS 0
|
||||||
PASS_MIN_LEN 5
|
|
||||||
PASS_WARN_AGE 7
|
PASS_WARN_AGE 7
|
||||||
|
|
||||||
|
# Currently PASS_MIN_LEN is not supported
|
||||||
|
|
||||||
|
# Currently SU_WHEEL_ONLY is not supported
|
||||||
|
|
||||||
|
# Currently CRACKLIB_DICTPATH is not supported
|
||||||
|
|
||||||
#
|
#
|
||||||
# Min/max values for automatic uid selection in useradd
|
# Min/max values for automatic uid selection in useradd(8)
|
||||||
#
|
#
|
||||||
UID_MIN 1000
|
UID_MIN 1000
|
||||||
UID_MAX 60000
|
UID_MAX 60000
|
||||||
# System accounts
|
# System accounts
|
||||||
SYS_UID_MIN 201
|
SYS_UID_MIN 201
|
||||||
SYS_UID_MAX 999
|
SYS_UID_MAX 999
|
||||||
|
# Extra per user uids
|
||||||
|
SUB_UID_MIN 100000
|
||||||
|
SUB_UID_MAX 600100000
|
||||||
|
SUB_UID_COUNT 65536
|
||||||
|
|
||||||
#
|
#
|
||||||
# Min/max values for automatic gid selection in groupadd
|
# Min/max values for automatic gid selection in groupadd(8)
|
||||||
#
|
#
|
||||||
GID_MIN 1000
|
GID_MIN 1000
|
||||||
GID_MAX 60000
|
GID_MAX 60000
|
||||||
# System accounts
|
# System accounts
|
||||||
SYS_GID_MIN 201
|
SYS_GID_MIN 201
|
||||||
SYS_GID_MAX 999
|
SYS_GID_MAX 999
|
||||||
|
# Extra per user group ids
|
||||||
|
SUB_GID_MIN 100000
|
||||||
|
SUB_GID_MAX 600100000
|
||||||
|
SUB_GID_COUNT 65536
|
||||||
|
|
||||||
|
#
|
||||||
|
# Max number of login(1) retries if password is bad
|
||||||
|
#
|
||||||
|
#LOGIN_RETRIES 3
|
||||||
|
|
||||||
|
#
|
||||||
|
# Max time in seconds for login(1)
|
||||||
|
#
|
||||||
|
#LOGIN_TIMEOUT 60
|
||||||
|
|
||||||
|
# Currently PASS_CHANGE_TRIES is not supported
|
||||||
|
|
||||||
|
# Currently PASS_ALWAYS_WARN is not supported
|
||||||
|
|
||||||
|
# Currently PASS_MAX_LEN is not supported
|
||||||
|
|
||||||
|
# Currently CHFN_AUTH is not supported
|
||||||
|
|
||||||
|
#
|
||||||
|
# Which fields may be changed by regular users using chfn(1) - use
|
||||||
|
# any combination of letters "frwh" (full name, room number, work
|
||||||
|
# phone, home phone). If not defined, no changes are allowed.
|
||||||
|
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
|
||||||
|
#
|
||||||
|
#CHFN_RESTRICT rwh
|
||||||
|
|
||||||
|
# Currently LOGIN_STRING is not supported
|
||||||
|
|
||||||
|
# Currently MD5_CRYPT_ENAB is not supported
|
||||||
|
|
||||||
|
#
|
||||||
|
# If set to MD5, MD5-based algorithm will be used for encrypting password
|
||||||
|
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
|
||||||
|
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
|
||||||
|
# If set to BLOWFISH, BLOWFISH-based algorithm will be used for encrypting password
|
||||||
|
# If set to DES, DES-based algorithm will be used for encrypting password (default)
|
||||||
|
#
|
||||||
|
ENCRYPT_METHOD SHA512
|
||||||
|
|
||||||
|
#
|
||||||
|
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
|
||||||
|
#
|
||||||
|
# Define the number of SHA rounds.
|
||||||
|
# With a lot of rounds, it is more difficult to brute-force the password.
|
||||||
|
# However, more CPU resources will be needed to authenticate users if
|
||||||
|
# this value is increased.
|
||||||
|
#
|
||||||
|
# If not specified, the libc will choose the default number of rounds (5000).
|
||||||
|
# The values must be within the 1000-999999999 range.
|
||||||
|
#
|
||||||
|
#SHA_CRYPT_MAX_ROUNDS 5000
|
||||||
|
|
||||||
|
# Currently SHA_CRYPT_MIN_ROUNDS is not supported
|
||||||
|
|
||||||
|
# Currently BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS are not supported
|
||||||
|
|
||||||
|
# Currently CONSOLE_GROUPS is not supported
|
||||||
|
|
||||||
|
#
|
||||||
|
# Should login be allowed if we can't cd to the home directory?
|
||||||
|
# Default is yes.
|
||||||
|
#
|
||||||
|
#DEFAULT_HOME yes
|
||||||
|
|
||||||
|
# Currently ENVIRON_FILE is not supported
|
||||||
|
|
||||||
#
|
#
|
||||||
# If defined, this command is run when removing a user.
|
# If defined, this command is run when removing a user.
|
||||||
@ -53,20 +238,31 @@ SYS_GID_MAX 999
|
|||||||
#USERDEL_CMD /usr/sbin/userdel_local
|
#USERDEL_CMD /usr/sbin/userdel_local
|
||||||
|
|
||||||
#
|
#
|
||||||
# If useradd should create home directories for users by default
|
# Enables userdel(8) to remove user groups if no members exist.
|
||||||
# On RH systems, we do. This option is overridden with the -m flag on
|
|
||||||
# useradd command line.
|
|
||||||
#
|
|
||||||
CREATE_HOME yes
|
|
||||||
|
|
||||||
# The permission mask is initialized to this value. If not specified,
|
|
||||||
# the permission mask will be initialized to 022.
|
|
||||||
UMASK 077
|
|
||||||
|
|
||||||
# This enables userdel to remove user groups if no members exist.
|
|
||||||
#
|
#
|
||||||
USERGROUPS_ENAB yes
|
USERGROUPS_ENAB yes
|
||||||
|
|
||||||
# Use SHA512 to encrypt password.
|
#
|
||||||
ENCRYPT_METHOD SHA512
|
# If set to a non-zero number, the shadow utilities will make sure that
|
||||||
|
# groups never have more than this number of users on one line.
|
||||||
|
# This permits to support split groups (groups split into multiple lines,
|
||||||
|
# with the same group ID, to avoid limitation of the line length in the
|
||||||
|
# group file).
|
||||||
|
#
|
||||||
|
# 0 is the default value and disables this feature.
|
||||||
|
#
|
||||||
|
#MAX_MEMBERS_PER_GROUP 0
|
||||||
|
|
||||||
|
#
|
||||||
|
# If useradd(8) should create home directories for users by default (non
|
||||||
|
# system users only).
|
||||||
|
# This option is overridden with the -M or -m flags on the useradd(8)
|
||||||
|
# command-line.
|
||||||
|
#
|
||||||
|
CREATE_HOME yes
|
||||||
|
|
||||||
|
#
|
||||||
|
# Force use shadow, even if shadow passwd & shadow group files are
|
||||||
|
# missing.
|
||||||
|
#
|
||||||
|
#FORCE_SHADOW yes
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
Summary: Utilities for managing accounts and shadow password files
|
Summary: Utilities for managing accounts and shadow password files
|
||||||
Name: shadow-utils
|
Name: shadow-utils
|
||||||
Version: 4.8
|
Version: 4.8.1
|
||||||
Release: 3%{?dist}
|
Release: 3%{?dist}
|
||||||
Epoch: 2
|
Epoch: 2
|
||||||
URL: http://pkg-shadow.alioth.debian.org/
|
URL: http://pkg-shadow.alioth.debian.org/
|
||||||
@ -10,6 +10,7 @@ Source2: shadow-utils.useradd
|
|||||||
Source3: shadow-utils.login.defs
|
Source3: shadow-utils.login.defs
|
||||||
Source4: shadow-bsd.txt
|
Source4: shadow-bsd.txt
|
||||||
Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
|
Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
|
||||||
|
Source6: shadow-utils.HOME_MODE.xml
|
||||||
# Misc small changes - most probably non-upstreamable
|
# Misc small changes - most probably non-upstreamable
|
||||||
Patch0: shadow-4.6-redhat.patch
|
Patch0: shadow-4.6-redhat.patch
|
||||||
# Be more lenient with acceptable user/group names - non upstreamable
|
# Be more lenient with acceptable user/group names - non upstreamable
|
||||||
@ -23,7 +24,7 @@ Patch11: shadow-4.1.5.1-logmsg.patch
|
|||||||
# SElinux related - upstreamability unknown
|
# SElinux related - upstreamability unknown
|
||||||
Patch14: shadow-4.1.5.1-default-range.patch
|
Patch14: shadow-4.1.5.1-default-range.patch
|
||||||
# Misc manual page changes - only some of them could be upstreamed
|
# Misc manual page changes - only some of them could be upstreamed
|
||||||
Patch15: shadow-4.8-manfix.patch
|
Patch15: shadow-4.8.1-manfix.patch
|
||||||
# Userdel usage message change - could be upstreamed
|
# Userdel usage message change - could be upstreamed
|
||||||
Patch17: shadow-4.1.5.1-userdel-helpfix.patch
|
Patch17: shadow-4.1.5.1-userdel-helpfix.patch
|
||||||
# Date parsing improvement - could be upstreamed
|
# Date parsing improvement - could be upstreamed
|
||||||
@ -31,7 +32,7 @@ Patch19: shadow-4.2.1-date-parsing.patch
|
|||||||
# Additional error message - could be upstreamed
|
# Additional error message - could be upstreamed
|
||||||
Patch21: shadow-4.6-move-home.patch
|
Patch21: shadow-4.6-move-home.patch
|
||||||
# Audit message changes - upstreamability unknown
|
# Audit message changes - upstreamability unknown
|
||||||
Patch22: shadow-4.8-audit-update.patch
|
Patch22: shadow-4.8.1-audit-update.patch
|
||||||
# Changes related to password unlocking - could be upstreamed
|
# Changes related to password unlocking - could be upstreamed
|
||||||
Patch23: shadow-4.5-usermod-unlock.patch
|
Patch23: shadow-4.5-usermod-unlock.patch
|
||||||
# Additional SElinux related changes - upstreamability unknown
|
# Additional SElinux related changes - upstreamability unknown
|
||||||
@ -48,8 +49,12 @@ Patch33: shadow-4.8-long-entry.patch
|
|||||||
Patch38: shadow-4.6-sysugid-min-limit.patch
|
Patch38: shadow-4.6-sysugid-min-limit.patch
|
||||||
# Ignore LOGIN_PLAIN_PROMPT in login.defs - upstreamability unknown
|
# Ignore LOGIN_PLAIN_PROMPT in login.defs - upstreamability unknown
|
||||||
Patch40: shadow-4.8-ignore-login-prompt.patch
|
Patch40: shadow-4.8-ignore-login-prompt.patch
|
||||||
# Make the missing shell check into warning - could be upstreamed
|
# Generate /var/spool/mail/$USER with the proper SELinux user identity - already upstreamed
|
||||||
Patch41: shadow-4.8-invalid-shell-check.patch
|
Patch42: shadow-4.8-useradd-selinux-mail.patch
|
||||||
|
# Clarify useradd man regarding "-d" parameter - already upstreamed
|
||||||
|
Patch43: shadow-4.8.1-useradd-man-clarification.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/599cc003daf833bffdc9cbe0d33dc8b3e7ec74c8
|
||||||
|
Patch44: shadow-4.8.1-commonio-force-lock-file-sync.patch
|
||||||
|
|
||||||
License: BSD and GPLv2+
|
License: BSD and GPLv2+
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
@ -63,6 +68,7 @@ BuildRequires: /usr/bin/xsltproc, /usr/bin/itstool
|
|||||||
Requires: libselinux >= 1.25.2-1
|
Requires: libselinux >= 1.25.2-1
|
||||||
Requires: audit-libs >= 1.6.5
|
Requires: audit-libs >= 1.6.5
|
||||||
Requires: setup
|
Requires: setup
|
||||||
|
Provides: shadow = %{epoch}:%{version}-%{release}
|
||||||
|
|
||||||
%description
|
%description
|
||||||
The shadow-utils package includes the necessary programs for
|
The shadow-utils package includes the necessary programs for
|
||||||
@ -97,12 +103,15 @@ are used for managing group accounts.
|
|||||||
%patch33 -p1 -b .long-entry
|
%patch33 -p1 -b .long-entry
|
||||||
%patch38 -p1 -b .sysugid-min-limit
|
%patch38 -p1 -b .sysugid-min-limit
|
||||||
%patch40 -p1 -b .login-prompt
|
%patch40 -p1 -b .login-prompt
|
||||||
%patch41 -p1 -b .invalid-shell
|
%patch42 -p1 -b .useradd-selinux-mail
|
||||||
|
%patch43 -p1 -b .useradd-man-clarification
|
||||||
|
%patch44 -p1 -b .commonio-force-lock-file-sync
|
||||||
|
|
||||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||||
cp -f doc/HOWTO.utf8 doc/HOWTO
|
cp -f doc/HOWTO.utf8 doc/HOWTO
|
||||||
|
|
||||||
cp -a %{SOURCE4} %{SOURCE5} .
|
cp -a %{SOURCE4} %{SOURCE5} .
|
||||||
|
cp -a %{SOURCE6} man/login.defs.d/HOME_MODE.xml
|
||||||
|
|
||||||
# Force regeneration of getdate.c
|
# Force regeneration of getdate.c
|
||||||
rm libmisc/getdate.c
|
rm libmisc/getdate.c
|
||||||
@ -252,6 +261,23 @@ done
|
|||||||
%{_mandir}/man8/vigr.8*
|
%{_mandir}/man8/vigr.8*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Nov 23 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8.1-3
|
||||||
|
- commonio: force lock file sync (#1862056)
|
||||||
|
- spec: add Provides keyword
|
||||||
|
|
||||||
|
* Tue Mar 24 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8.1-2
|
||||||
|
- useradd: clarify the useradd -d parameter behavior in man page
|
||||||
|
|
||||||
|
* Tue Mar 17 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8.1-1
|
||||||
|
- updated upstream to 4.8.1
|
||||||
|
|
||||||
|
* Tue Mar 17 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8-5
|
||||||
|
- synchronized login.defs with upstream file (#1261099 and #1807957)
|
||||||
|
|
||||||
|
* Mon Feb 24 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8-4
|
||||||
|
- fix useradd: doesn't generate spool mail with the proper SELinux user identity
|
||||||
|
(#1690527)
|
||||||
|
|
||||||
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.8-3
|
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.8-3
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
|||||||
SHA512 (shadow-4.8.tar.xz) = 1c607aec541400fc179d6cbbac7511289c618ab2ce6ee9d7c18a8bfda00421c62d4b9e58aff52b5f82d485468e7db955c186ea0faad9a08003ffc01bdf2ccece
|
SHA512 (shadow-4.8.1.tar.xz) = 780a983483d847ed3c91c82064a0fa902b6f4185225978241bc3bc03fcc3aa143975b46aee43151c6ba43efcfdb1819516b76ba7ad3d1d3c34fcc38ea42e917b
|
||||||
SHA512 (shadow-4.8.tar.xz.asc) = 200f7793e55447cc5c0d11988ee26511167c5fe23e1f6622b6b0c8cb74498052f2df855f02e351fee0da16562f6a6510ad3954b4c5e13dd9a8da0d998f8dc5e6
|
SHA512 (shadow-4.8.1.tar.xz.asc) = ec7686263c81d3feb8ee4314c3323a9a3ada74aafaaf99f4f0d9af9b1341f8c5ff5477ecf98dd94dbb7d921f532d655b0b6a87d94c71893f35dc9bc54c84dd42
|
||||||
|
Loading…
Reference in New Issue
Block a user