Bug 174392 - incorrect audit record in userdel
Summary: incorrect audit record in userdel
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: shadow-utils
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Peter Vrabec
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks: 168429
TreeView+ depends on / blocked
 
Reported: 2005-11-28 19:14 UTC by Linda Knippers
Modified: 2007-11-30 22:07 UTC (History)
3 users (show)

Fixed In Version: RHBA-2006-0035
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-03-07 18:29:42 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
patch to fix incorrect audit record (372 bytes, patch)
2005-11-28 19:14 UTC, Linda Knippers
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2006:0035 0 qe-ready SHIPPED_LIVE shadow-utils bug fix update 2006-03-06 05:00:00 UTC

Description Linda Knippers 2005-11-28 19:14:49 UTC
Description of problem:
The audit record emitted from userdel when a user's mail file is removed 
incorrectly says the operation failed even when it succeeded.

Version-Release number of selected component (if applicable):
shadow-utils-4.0.3-52.RHEL4

How reproducible:


Steps to Reproduce:
1.  Make sure auditd is running
2.  Create a user account with useradd
3.  Delete the account with 'userdel -r'
  
Actual results:
type=USER_CHAUTHTOK msg=audit(1132783148.877:449): user pid=18753 uid=0 auid=501
msg='userdel: op=deleting mail file acct=ljk2 res=failed'

Expected results:
Should say "res=success"

Additional info:
A one line fix (attached) is needed in userdel.c

We need a version of shadow-utils with this fix so that HP can complete its CAPP
evaluation of RHEL4 U2.

Comment 1 Linda Knippers 2005-11-28 19:14:50 UTC
Created attachment 121557 [details]
patch to fix incorrect audit record

Comment 3 Peter Vrabec 2005-11-29 11:09:42 UTC
/mnt/redhat/dist/4E-EAL-HP/shadow-utils/4.0.3-60.RHEL4
rawhide fixed.

Comment 7 Red Hat Bugzilla 2006-03-07 18:29:42 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0035.html



Note You need to log in before you can comment on or make changes to this bug.