Bug 215036

Summary: In useradd make faillog reset optional with -l flag
Product: Red Hat Enterprise Linux 5 Reporter: Bastien Nocera <bnocera>
Component: shadow-utilsAssignee: Peter Vrabec <pvrabec>
Status: CLOSED CURRENTRELEASE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.0CC: dwalsh, sgrubb
Target Milestone: ---Keywords: Regression, Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: beta2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-12-23 02:31:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 209646    
Bug Blocks:    
Attachments:
Description Flags
shadow-useradd-minus-l-dont-touch-faillog.patch none

Description Bastien Nocera 2006-11-10 18:08:57 UTC 
+++ This bug was initially created as a clone of Bug #209646 +++

Description of problem:
For correctnes and for getting the SELinux labels correctly set pam package
should contain empty /var/log/tallylog and /var/log/faillog files.

-- Additional comment from sgrubb on 2006-10-06 12:56 EST --
Setting beta blocker request since labels being correct is part of beta2 release
criteria.

-- Additional comment from pm-rhel on 2006-10-06 13:03 EST --
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux release.  Product Management has requested further review
of this request by Red Hat Engineering.  This request is not yet committed for
inclusion in release.

-- Additional comment from tmraz on 2006-10-13 14:54 EST --
Fixed in pam-0.99.6.2-3.1.el5.



This means that /var/log/faillog will be huge after a new install, on 64-bit
machines, as "useradd -l" for the nfsnobody user (see nfs-utils scripts) only
handles not touching /var/log/lastlog, and not /var/log/faillog

ie.
$ ls -l /var/log/faillog 
-rw------- 1 root root 137438953440 Nov 10 15:20 /var/log/faillog
$ du /var/log/faillog 
28      /var/log/faillog

See bug 165058 for details on why it should be updated.

Quick and easy patch attached below.
Comment 1 Bastien Nocera 2006-11-10 18:08:57 UTC 
Created attachment 140917 [details]
shadow-useradd-minus-l-dont-touch-faillog.patch
Comment 2 RHEL Program Management 2006-11-10 18:20:55 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 3 Peter Vrabec 2006-11-13 10:48:24 UTC 

*** This bug has been marked as a duplicate of 213450 ***
Comment 5 Peter Vrabec 2006-11-13 10:57:27 UTC 
This problem is fixed in 
shadow-utils-4.0.17-8.el5.
Comment 6 RHEL Program Management 2006-12-12 16:50:50 UTC 
This bugzilla has Keywords: Regression.  

Since no regressions are allowed between releases, 
it is also being proposed as a blocker for this release.  

Please resolve ASAP.
Comment 7 Jay Turner 2006-12-14 13:21:21 UTC 
QE ack for RHEL5.
Comment 8 RHEL Program Management 2006-12-23 02:31:37 UTC 
A package has been built which should help the problem described in 
this bug report. This report is therefore being closed with a resolution 
of CURRENTRELEASE. You may reopen this bug report if the solution does 
not work for you.