Bug 1257858 - lock files in /etc
lock files in /etc
Product: Fedora
Classification: Fedora
Component: libuser (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miloslav Trmač
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2015-08-28 05:27 EDT by Marcus Moeller
Modified: 2015-09-10 11:20 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-08-28 13:59:00 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Marcus Moeller 2015-08-28 05:27:05 EDT
We are using lusermod in order to modify user accounts on a readonly filesystem. This was possible till version 0.60 but more recent versions try to create a random lock file in /etc. As we do not mount the complete /etc read-writable this fails. Could the lockfiles please be created e.g. in /var/lock instead?
Comment 1 Miloslav Trmač 2015-08-28 13:59:00 EDT
Thanks for your report.

I’m afraid moving the randomly-named lock filess would not be enough; libuser is also creating new versions of files, and using rename() (e.g. /etc/passwd+ renamed to /etc/passwd).

This atomic replacement using rename() is necessary to fix a security vulnerability (#1233052). rename() only works within a single filesystem, which can only be reasonably guaranteed only by working within /etc.

(And rename() also does not work if the source or destination are bind mounts.)

So, for security reasons it is necessary to give libuser write access to the directory (not necessarily to all files in there but write access to the directory allows replacing the files anyway). I’m afraid I can’t see any other option; if you do, please reopen this report.
Comment 2 Marcus Moeller 2015-09-10 07:44:18 EDT
Would it be possible to place those lock files in /var/lock instead? So we would get a defined set of files that we could make read-writable (e.g. /etc/passwd, /etc/passwd+, /etc/shadow, /etc/shadow+, /var/lock).
Comment 3 Miloslav Trmač 2015-09-10 11:19:15 EDT
rename() _to_ /etc/passwd must work; which implies write access to the _directory_.

(Also, /var can be a separate partitition, and is thus unsuitable; really anything outside /etc or perhaps /, which is even worse, is not a possible path).
Comment 4 Marcus Moeller 2015-09-10 11:20:01 EDT
Ok, got it. Thanks for making that clear.

Note You need to log in before you can comment on or make changes to this bug.