568499 – Please add /etc/nslcd.conf to the list of files which are acceptably non-readable

Bug 568499 - Please add /etc/nslcd.conf to the list of files which are acceptably non-readable

Summary: Please add /etc/nslcd.conf to the list of files which are acceptably non-read...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rpmlint
Sub Component:
Version:	13
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Tom "spot" Callaway
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-02-25 20:37 UTC by Nalin Dahyabhai
Modified:	2011-04-25 01:08 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-04-25 01:08:37 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Nalin Dahyabhai 2010-02-25 20:37:29 UTC

rpmlint flags /etc/nslcd.conf (owner: root, permissions 0600) as a permissions error.  That configuration file may contain privileged information that's needed by nslcd to let it authenticate to a directory server, and it only needs to be read by nslcd, which as running as root, so I don't think it should be counted as an error.

Comment 1 Ville Skyttä 2010-02-25 22:14:31 UTC

We don't currently maintain such a list in rpmlint's config, there's just a very basic upstream built-in list.  I'm reluctant to start maintaining such a list in the Fedora rpmlint package itself.

If this error bothers you, the package that ships /etc/nslcd.conf can ship a *.config snippet in /etc/rpmlint which filters the message out (be sure to own the /etc/rpmlint dir and not depend on rpmlint if you do this), something like this could do the trick, would this work for you?

addFilter('non-readable\s+/etc/nslcd\.conf')

(I'm unable to verify this because I can't find a package in Fedora that ships /etc/nslcd.conf, tried guesswork and repoquery.)

Comment 2 Nalin Dahyabhai 2010-02-25 22:29:08 UTC

Sorry about that -- it's something for a package that's undergoing review (bug #555121 if you want to have a look).  If the rpmlint warning is something I should ignore and not try to change in rpmlint, that's fine by me.

Can you advise me as to the more common practice?  Is it customary for packages to drop files into /etc/rpmlint, or is it something people ignore?

Comment 3 Ville Skyttä 2010-03-02 17:42:58 UTC

Dropping files into /etc/rpmlint is not very common, I suppose mainly because the settings in them apply only when the package containing those settings has already been installed which is an annoyance when one wants to check uninstalled packages (although we do recommend checking installed ones) from *.rpm files.  AFAIK the ones usually installing those files are *-filesystem and *-common like packages which then apply to a bunch of others related to it.

It is always ok to ignore rpmlint when one knows better.  OTOH I'm starting to think that we should set up a fedora-rpmlint-config  package or somesuch where more fine grained config like this would reside rather than having it in the rpmlint package.

Comment 4 Nalin Dahyabhai 2010-03-02 18:07:39 UTC

Fair enough.  I'm a bit worried about packaging guidelines moving in the direction of treating any rpmlint output as a must-fix item, but I could easily be imagining that.  Unless you want to keep it open, I think we can close this.

Comment 5 Fedora Admin XMLRPC Client 2010-12-07 21:19:11 UTC

This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 6 Tom "spot" Callaway 2011-04-25 01:08:37 UTC

I do not think that it is likely that the Packaging Guidelines will ever require strict enforcement of rpmlint output being mapped to must-fix items. :)

Closing.

Note You need to log in before you can comment on or make changes to this bug.