Bug 752889
| Summary: | Home directory for account 'saslauth' does not exist. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | DaveG <daveg> |
| Component: | cyrus-sasl | Assignee: | Petr Lautrbach <plautrba> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | rvokal, tmraz |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | cyrus-sasl-2.1.23-29.fc18 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-02-08 16:45:51 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 802465, 816135 | ||
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. I believe that change homedir to already existing directory would be enough:
-%define homedir %{_var}/empty/%{username}
+%define homedir /run/saslauthd
Thanks for your report
|
Description of problem: The pre-install scriptlet creates the saslauth account with a home directory, /var/empty/saslauth, that does not exist in the package. Users may create the home directory to "fix" the "problem" and inadvertently provide a privilege escalation path by setting inappropriate ownership or protection. Version-Release number of selected component (if applicable): cyrus-sasl-2.1.23-12.fc14.x86_64 (Still in git HEAD) How reproducible: # yum install cyrus-sasl⏎ # pwck⏎ user 'saslauth': directory '/var/empty/saslauth' does not exist pwck: no changes Additional info: Does not affect functionality, just trying to reduce the background noise from system integrity checks. A simple fix would be to create the directory /var/empty/saslauth in %install and include it in %files, setting the required ownership and mode. Including the directory in the package would initialise the directory securely (root:root 0711?) and provide a verification mechanism. Suggested fix for spec file (add 2 lines): +++ %define username saslauth %define hint "Saslauthd user" %define homedir %{_var}/empty/%{username} ... %install ... + install -d -m711 $RPM_BUILD_ROOT/%{homedir} ... %pre getent group %{username} >/dev/null || groupadd -r %{username} getent passwd %{username} >/dev/null || useradd -r -g %{username} -d %{homedir} -s /sbin/nologin -c \"%{hint}\" %{username} ... %files %defattr(-,root,root) ... + %dir %{homedir} ... --- P.S. Might want to change %define to %global while there.