[systemd-devel] sysusers: Unconditional chown on /etc/{passwd, group, shadow, gshadow}? Is it sane?
Colin Guthrie
gmane at colin.guthr.ie
Tue Oct 28 09:34:30 PDT 2014
Hi,
It seems we have different permissions for /etc/{g}shadow than fedora.
We don't package it as 0000,root,root but rather 0440,root,shadow.
We can then run some tools that need direct access as setgid rather than
full blown setuid. I'm not totally convinced of the security benefits
here (and I think actually 0440 is buggy for a setgid tool like chage -
I'd have thought it would need to be 0660 to actually change the age,
but I digress).
Is it correct that sysusers should unconditionally impose it's file
permissions? Wouldn't it be better to only do the fchmod() if the file
has been created by us and just leave it alone if not? That way, if we
do something different downstream we can just ship a tmpfiles snippet to
ensure it's owned and moded correctly as to our tastes?*
Would a patch that implemented such behaviour be welcome? Is there
anything I'd need to watch out for (thinking things like checking for
the file existing being racy or the like)?
Cheers
Col
* There could even be some magical RPM-esque hack that automatically
parses packages for files in /etc and /var and finds any that are owned
or modded differently to the overall default and automatically creates
tmpfiles snippets that are included in the rpm.... that would be nice.
--
Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/
Day Job:
Tribalogic Limited http://www.tribalogic.net/
Open Source:
Mageia Contributor http://www.mageia.org/
PulseAudio Hacker http://www.pulseaudio.org/
Trac Hacker http://trac.edgewall.org/
More information about the systemd-devel
mailing list