Bug 230323 - diskdumputils adds netdump account with login shell
diskdumputils adds netdump account with login shell
Status: CLOSED DUPLICATE of bug 230137
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: diskdumputils (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Linda Wang
Depends On:
  Show dependency treegraph
Reported: 2007-02-28 06:06 EST by Bryn M. Reeves
Modified: 2007-11-16 20:14 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-03-01 05:27:43 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bryn M. Reeves 2007-02-28 06:06:45 EST
Description of problem:
The diskdumputils RPM re-uses the netdump user and group accounts as the owner
of /var/crash. This account needs a login shell for netdump to allow the
client-side initscript (propagate/start) to function.

For diskdump this appears unnecessary causes concern for some security concious
diskdump users.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Ensure netdump is not installed
2. Install the diskdump RPM
3. run:
$ getent passwd netdump
Actual results:
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash

Expected results:
netdump:x:34:34:Network Crash Dump user:/var/crash:/sbin/nologin
(Or similar - not having a login shell set when it is not required is the
desired change)

Additional info:
I guess one way to address this would be to create a "crashdump" group that owns
the /var/crash hierarchy and has write permissions to create dumps. The
different dump packages could then add their own accounts (netdump, diskdump) as
members of this group.
Comment 1 Bryn M. Reeves 2007-03-01 05:27:43 EST

*** This bug has been marked as a duplicate of 230137 ***

Note You need to log in before you can comment on or make changes to this bug.