Bug 17718 - the init-script should check the intended access permissions configuration
Summary: the init-script should check the intended access permissions configuration
Status: CLOSED WONTFIX
Alias: None
Product: Branch 4.1
Classification: Distributions
Component: klogd (show other bugs)
Version: unspecified
Hardware: all Linux
: P2 enhancement
Assignee: Nobody's working on this, feel free to take it
QA Contact: qa-4.1@altlinux.org
URL:
Keywords:
Depends on: 17719
Blocks: 17250
  Show dependency tree
 
Reported: 2008-10-29 00:59 MSK by Ivan Zakharyaschev
Modified: 2014-11-05 20:41 MSK (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ivan Zakharyaschev 2008-10-29 00:59:24 MSK
klogd-1.4.1-alt28

As https://bugzilla.altlinux.org/show_bug.cgi?id=17250 has shown, an error in the configuration of access permissions can lead to unnoticed failures of klogd: the primary group of the user "klogd" (/etc/passwd) didn't match the group named "klogd" (/etc/group), which was the owner of the working directories for klogd (/var/lib/klogd/...).

The init-script could check whether the actual configuration (/etc/passwd, /etc/group, access permissions) matches the intended configuration. The intended configuration is a known thing: now, it is expressed by the commands in the RPM preinstall script:

# rpm -q klogd --scripts 
preinstall scriptlet (through /bin/sh):
/usr/sbin/groupadd -r -f klogd
/usr/sbin/useradd -r -g klogd -d /dev/null -s /dev/null -n klogd >/dev/null 2>&1 ||:

So, the init script could check that the primary gid of the user "klogd" is indeed the group named "klogd" (and perhaps that /var/lib/klogd/... is indeed owned by the group).
Comment 1 Michael Shigorin 2014-11-05 20:41:08 MSK
В 4.1/branch исправления не будут вноситься уже технически (заглушена очередь на сборку), поэтому прошу ошибки, актуальные для sisyphus/p7/t7, перевесить на текущие ветки или сизиф.