Bug 230323

Summary: diskdumputils adds netdump account with login shell
Product: Red Hat Enterprise Linux 4 Reporter: Bryn M. Reeves <bmr>
Component: diskdumputilsAssignee: Linda Wang <lwang>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.4CC: tao
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-03-01 10:27:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Bryn M. Reeves 2007-02-28 11:06:45 UTC
Description of problem:
The diskdumputils RPM re-uses the netdump user and group accounts as the owner
of /var/crash. This account needs a login shell for netdump to allow the
client-side initscript (propagate/start) to function.

For diskdump this appears unnecessary causes concern for some security concious
diskdump users.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Ensure netdump is not installed
2. Install the diskdump RPM
3. run:
$ getent passwd netdump
Actual results:
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash

Expected results:
netdump:x:34:34:Network Crash Dump user:/var/crash:/sbin/nologin
(Or similar - not having a login shell set when it is not required is the
desired change)

Additional info:
I guess one way to address this would be to create a "crashdump" group that owns
the /var/crash hierarchy and has write permissions to create dumps. The
different dump packages could then add their own accounts (netdump, diskdump) as
members of this group.

Comment 1 Bryn M. Reeves 2007-03-01 10:27:43 UTC

*** This bug has been marked as a duplicate of 230137 ***