Bug 568499 - Please add /etc/nslcd.conf to the list of files which are acceptably non-readable
Please add /etc/nslcd.conf to the list of files which are acceptably non-read...
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: rpmlint (Show other bugs)
13
All Linux
low Severity medium
: ---
: ---
Assigned To: Tom "spot" Callaway
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-02-25 15:37 EST by Nalin Dahyabhai
Modified: 2011-04-24 21:08 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-04-24 21:08:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Nalin Dahyabhai 2010-02-25 15:37:29 EST
rpmlint flags /etc/nslcd.conf (owner: root, permissions 0600) as a permissions error.  That configuration file may contain privileged information that's needed by nslcd to let it authenticate to a directory server, and it only needs to be read by nslcd, which as running as root, so I don't think it should be counted as an error.
Comment 1 Ville Skyttä 2010-02-25 17:14:31 EST
We don't currently maintain such a list in rpmlint's config, there's just a very basic upstream built-in list.  I'm reluctant to start maintaining such a list in the Fedora rpmlint package itself.

If this error bothers you, the package that ships /etc/nslcd.conf can ship a *.config snippet in /etc/rpmlint which filters the message out (be sure to own the /etc/rpmlint dir and not depend on rpmlint if you do this), something like this could do the trick, would this work for you?

addFilter('non-readable\s+/etc/nslcd\.conf')

(I'm unable to verify this because I can't find a package in Fedora that ships /etc/nslcd.conf, tried guesswork and repoquery.)
Comment 2 Nalin Dahyabhai 2010-02-25 17:29:08 EST
Sorry about that -- it's something for a package that's undergoing review (bug #555121 if you want to have a look).  If the rpmlint warning is something I should ignore and not try to change in rpmlint, that's fine by me.

Can you advise me as to the more common practice?  Is it customary for packages to drop files into /etc/rpmlint, or is it something people ignore?
Comment 3 Ville Skyttä 2010-03-02 12:42:58 EST
Dropping files into /etc/rpmlint is not very common, I suppose mainly because the settings in them apply only when the package containing those settings has already been installed which is an annoyance when one wants to check uninstalled packages (although we do recommend checking installed ones) from *.rpm files.  AFAIK the ones usually installing those files are *-filesystem and *-common like packages which then apply to a bunch of others related to it.

It is always ok to ignore rpmlint when one knows better.  OTOH I'm starting to think that we should set up a fedora-rpmlint-config  package or somesuch where more fine grained config like this would reside rather than having it in the rpmlint package.
Comment 4 Nalin Dahyabhai 2010-03-02 13:07:39 EST
Fair enough.  I'm a bit worried about packaging guidelines moving in the direction of treating any rpmlint output as a must-fix item, but I could easily be imagining that.  Unless you want to keep it open, I think we can close this.
Comment 5 Fedora Admin XMLRPC Client 2010-12-07 16:19:11 EST
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 6 Tom "spot" Callaway 2011-04-24 21:08:37 EDT
I do not think that it is likely that the Packaging Guidelines will ever require strict enforcement of rpmlint output being mapped to must-fix items. :)

Closing.

Note You need to log in before you can comment on or make changes to this bug.