Red Hat Bugzilla – Bug 568499
Please add /etc/nslcd.conf to the list of files which are acceptably non-readable
Last modified: 2011-04-24 21:08:37 EDT
rpmlint flags /etc/nslcd.conf (owner: root, permissions 0600) as a permissions error. That configuration file may contain privileged information that's needed by nslcd to let it authenticate to a directory server, and it only needs to be read by nslcd, which as running as root, so I don't think it should be counted as an error.
We don't currently maintain such a list in rpmlint's config, there's just a very basic upstream built-in list. I'm reluctant to start maintaining such a list in the Fedora rpmlint package itself.
If this error bothers you, the package that ships /etc/nslcd.conf can ship a *.config snippet in /etc/rpmlint which filters the message out (be sure to own the /etc/rpmlint dir and not depend on rpmlint if you do this), something like this could do the trick, would this work for you?
(I'm unable to verify this because I can't find a package in Fedora that ships /etc/nslcd.conf, tried guesswork and repoquery.)
Sorry about that -- it's something for a package that's undergoing review (bug #555121 if you want to have a look). If the rpmlint warning is something I should ignore and not try to change in rpmlint, that's fine by me.
Can you advise me as to the more common practice? Is it customary for packages to drop files into /etc/rpmlint, or is it something people ignore?
Dropping files into /etc/rpmlint is not very common, I suppose mainly because the settings in them apply only when the package containing those settings has already been installed which is an annoyance when one wants to check uninstalled packages (although we do recommend checking installed ones) from *.rpm files. AFAIK the ones usually installing those files are *-filesystem and *-common like packages which then apply to a bunch of others related to it.
It is always ok to ignore rpmlint when one knows better. OTOH I'm starting to think that we should set up a fedora-rpmlint-config package or somesuch where more fine grained config like this would reside rather than having it in the rpmlint package.
Fair enough. I'm a bit worried about packaging guidelines moving in the direction of treating any rpmlint output as a must-fix item, but I could easily be imagining that. Unless you want to keep it open, I think we can close this.
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
I do not think that it is likely that the Packaging Guidelines will ever require strict enforcement of rpmlint output being mapped to must-fix items. :)