Bug 230323 - diskdumputils adds netdump account with login shell
Summary: diskdumputils adds netdump account with login shell
Status: CLOSED DUPLICATE of bug 230137
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: diskdumputils
Version: 4.4
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Linda Wang
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2007-02-28 11:06 UTC by Bryn M. Reeves
Modified: 2007-11-17 01:14 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-03-01 10:27:43 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Bryn M. Reeves 2007-02-28 11:06:45 UTC
Description of problem:
The diskdumputils RPM re-uses the netdump user and group accounts as the owner
of /var/crash. This account needs a login shell for netdump to allow the
client-side initscript (propagate/start) to function.

For diskdump this appears unnecessary causes concern for some security concious
diskdump users.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Ensure netdump is not installed
2. Install the diskdump RPM
3. run:
$ getent passwd netdump
Actual results:
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash

Expected results:
netdump:x:34:34:Network Crash Dump user:/var/crash:/sbin/nologin
(Or similar - not having a login shell set when it is not required is the
desired change)

Additional info:
I guess one way to address this would be to create a "crashdump" group that owns
the /var/crash hierarchy and has write permissions to create dumps. The
different dump packages could then add their own accounts (netdump, diskdump) as
members of this group.

Comment 1 Bryn M. Reeves 2007-03-01 10:27:43 UTC

*** This bug has been marked as a duplicate of 230137 ***

Note You need to log in before you can comment on or make changes to this bug.