diff --git a/package/yast2-security.changes b/package/yast2-security.changes index 476a33a7..744b4565 100644 --- a/package/yast2-security.changes +++ b/package/yast2-security.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Sep 30 14:36:10 UTC 2024 - Stefan Hundhammer + +- Drop obsolete USERADD_CMD, USERDEL_PRECMD, USERDEL_POSTCMD in + /etc/login.defs.d/70-yast.defs (bsc#1231006) +- 5.0.2 + ------------------------------------------------------------------- Tue Aug 6 11:34:20 UTC 2024 - Knut Anderssen diff --git a/package/yast2-security.spec b/package/yast2-security.spec index e2566ebc..07856a44 100644 --- a/package/yast2-security.spec +++ b/package/yast2-security.spec @@ -17,7 +17,7 @@ Name: yast2-security -Version: 5.0.1 +Version: 5.0.2 Release: 0 Group: System/YaST License: GPL-2.0-only diff --git a/src/autoyast-rnc/security.rnc b/src/autoyast-rnc/security.rnc index 5407354f..547754db 100644 --- a/src/autoyast-rnc/security.rnc +++ b/src/autoyast-rnc/security.rnc @@ -65,9 +65,6 @@ sys_uid_min = element sys_uid_min { STRING } systohc = element systohc { STRING } uid_max = element uid_max { STRING } uid_min = element uid_min { STRING } -useradd_cmd = element useradd_cmd { STRING } -userdel_postcmd = element userdel_postcmd { STRING } -userdel_precmd = element userdel_precmd { STRING } hibernate_system = element hibernate_system { STRING } kernel.sysrq = element kernel.sysrq { STRING } mandatory_services = element mandatory_services { STRING } @@ -125,9 +122,6 @@ y2_security = | systohc | uid_max | uid_min - | useradd_cmd - | userdel_postcmd - | userdel_precmd | hibernate_system | kernel.sysrq | mandatory_services diff --git a/src/data/security/level1.yml b/src/data/security/level1.yml index 01aa48c5..21fe28d2 100644 --- a/src/data/security/level1.yml +++ b/src/data/security/level1.yml @@ -29,9 +29,6 @@ SYS_UID_MAX: '499' SYS_UID_MIN: '100' UID_MAX: '60000' UID_MIN: '1000' -USERADD_CMD: "/usr/sbin/useradd.local" -USERDEL_POSTCMD: "/usr/sbin/userdel-post.local" -USERDEL_PRECMD: "/usr/sbin/userdel-pre.local" kernel.sysrq: '0' net.ipv4.ip_forward: false net.ipv4.tcp_syncookies: true diff --git a/src/data/security/level2.yml b/src/data/security/level2.yml index 0d709477..ebd597ba 100644 --- a/src/data/security/level2.yml +++ b/src/data/security/level2.yml @@ -29,9 +29,6 @@ SYS_UID_MAX: '499' SYS_UID_MIN: '100' UID_MAX: '60000' UID_MIN: '1000' -USERADD_CMD: "/usr/sbin/useradd.local" -USERDEL_POSTCMD: "/usr/sbin/userdel-post.local" -USERDEL_PRECMD: "/usr/sbin/userdel-pre.local" kernel.sysrq: '0' net.ipv4.ip_forward: false net.ipv4.tcp_syncookies: true diff --git a/src/data/security/level3.yml b/src/data/security/level3.yml index 40f00968..1cd40529 100644 --- a/src/data/security/level3.yml +++ b/src/data/security/level3.yml @@ -29,9 +29,6 @@ SYS_UID_MAX: '499' SYS_UID_MIN: '100' UID_MAX: '60000' UID_MIN: '1000' -USERADD_CMD: "/usr/sbin/useradd.local" -USERDEL_POSTCMD: "/usr/sbin/userdel-post.local" -USERDEL_PRECMD: "/usr/sbin/userdel-pre.local" kernel.sysrq: '0' net.ipv4.ip_forward: false net.ipv4.tcp_syncookies: true diff --git a/src/modules/Security.rb b/src/modules/Security.rb index 5c019e23..4bb4b6e6 100644 --- a/src/modules/Security.rb +++ b/src/modules/Security.rb @@ -64,10 +64,7 @@ class SecurityClass < Module # rubocop:disable Metrics/ClassLength "SYS_UID_MAX", "SYS_UID_MIN", "SYS_GID_MAX", - "SYS_GID_MIN", - "USERADD_CMD", - "USERDEL_PRECMD", - "USERDEL_POSTCMD" + "SYS_GID_MIN" ].freeze attr_reader :display_manager @@ -153,9 +150,6 @@ def init_settings "SYS_UID_MIN" => "100", "SYS_GID_MAX" => "499", "SYS_GID_MIN" => "100", - "USERADD_CMD" => "/usr/sbin/useradd.local", - "USERDEL_PRECMD" => "/usr/sbin/userdel-pre.local", - "USERDEL_POSTCMD" => "/usr/sbin/userdel-post.local", "PASSWD_REMEMBER_HISTORY" => "0", "SYSLOG_ON_NO_ERROR" => "yes", "DISPLAYMANAGER_ROOT_LOGIN_REMOTE" => "no", diff --git a/test/data/system/etc/login.defs b/test/data/system/etc/login.defs index 2f936fc7..6a1ef05e 100644 --- a/test/data/system/etc/login.defs +++ b/test/data/system/etc/login.defs @@ -163,7 +163,7 @@ LOGIN_TIMEOUT 60 # any combination of letters "frwh" (full name, room number, work # phone, home phone). If not defined, no changes are allowed. # For backward compatibility, "yes" = "rwh" and "no" = "frwh". -# +# CHFN_RESTRICT rwh # @@ -217,8 +217,6 @@ DEFAULT_HOME yes # It should remove any at/cron/print jobs etc. owned by # the user to be removed (passed as the first argument). # -# See USERDEL_PRECMD/POSTCMD below. -# #USERDEL_CMD /usr/sbin/userdel_local # @@ -257,31 +255,3 @@ CREATE_HOME no #CHARACTER_CLASS [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\? CHARACTER_CLASS [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\? -# -# If defined, this command is run when adding a group. -# It should rebuild any NIS database etc. to add the -# new created group. -# -GROUPADD_CMD /usr/sbin/groupadd.local - -# -# If defined, this command is run when adding a user. -# It should rebuild any NIS database etc. to add the -# new created account. -# -USERADD_CMD /usr/sbin/useradd.local - -# -# If defined, this command is run before removing a user. -# It should remove any at/cron/print jobs etc. owned by -# the user to be removed. -# -USERDEL_PRECMD /usr/sbin/userdel-pre.local - -# -# If defined, this command is run after removing a user. -# It should rebuild any NIS database etc. to remove the -# account from it. -# -USERDEL_POSTCMD /usr/sbin/userdel-post.local - diff --git a/test/security_test.rb b/test/security_test.rb index b50a969b..2ef2a6ad 100755 --- a/test/security_test.rb +++ b/test/security_test.rb @@ -242,9 +242,9 @@ def enabled? end it "doesn't allow empty value to enter into model for an attribute" do - Security.Settings["USERADD_CMD"] = "" + Security.Settings["ENCRYPT_METHOD"] = "" - expect(shadow_config).not_to receive(:useradd_cmd=) + expect(shadow_config).not_to receive(:encrypt_method=) expect(shadow_config).to receive(:save) Security.write_shadow_config