Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Drop Obsolete login.defs Scripts USERADD_CMD, USERDEL_PRECMD, USERDEL_POSTCMD, GROUPADD_CMD #160

Merged
merged 3 commits into from
Oct 2, 2024
Merged

Drop Obsolete login.defs Scripts USERADD_CMD, USERDEL_PRECMD, USERDEL_POSTCMD, GROUPADD_CMD #160

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
3e35646
Removed obsolete USERADD_CMD, USERDEL_PRECMD, USERDEL_POSTCMD (bsc#12…
shundhammer Sep 30, 2024
27f04e3
Version bump and change log
shundhammer Sep 30, 2024
77fcca6
Dropped obsolete GROUPADD_CMD as well
shundhammer Oct 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions package/yast2-security.changes
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
-------------------------------------------------------------------
Mon Sep 30 14:36:10 UTC 2024 - Stefan Hundhammer <shundhammer@suse.com>

- Drop obsolete USERADD_CMD, USERDEL_PRECMD, USERDEL_POSTCMD in
/etc/login.defs.d/70-yast.defs (bsc#1231006)
- 5.0.2

-------------------------------------------------------------------
Tue Aug 6 11:34:20 UTC 2024 - Knut Anderssen <kanderssen@suse.com>

Expand Down
2 changes: 1 addition & 1 deletion package/yast2-security.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@


Name: yast2-security
Version: 5.0.1
Version: 5.0.2
Release: 0
Group: System/YaST
License: GPL-2.0-only
Expand Down
6 changes: 0 additions & 6 deletions src/autoyast-rnc/security.rnc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,9 +65,6 @@ sys_uid_min = element sys_uid_min { STRING }
systohc = element systohc { STRING }
uid_max = element uid_max { STRING }
uid_min = element uid_min { STRING }
useradd_cmd = element useradd_cmd { STRING }
userdel_postcmd = element userdel_postcmd { STRING }
userdel_precmd = element userdel_precmd { STRING }
hibernate_system = element hibernate_system { STRING }
kernel.sysrq = element kernel.sysrq { STRING }
mandatory_services = element mandatory_services { STRING }
Expand Down Expand Up @@ -125,9 +122,6 @@ y2_security =
| systohc
| uid_max
| uid_min
| useradd_cmd
| userdel_postcmd
| userdel_precmd
| hibernate_system
| kernel.sysrq
| mandatory_services
Expand Down
3 changes: 0 additions & 3 deletions src/data/security/level1.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,6 @@ SYS_UID_MAX: '499'
SYS_UID_MIN: '100'
UID_MAX: '60000'
UID_MIN: '1000'
USERADD_CMD: "/usr/sbin/useradd.local"
USERDEL_POSTCMD: "/usr/sbin/userdel-post.local"
USERDEL_PRECMD: "/usr/sbin/userdel-pre.local"
kernel.sysrq: '0'
net.ipv4.ip_forward: false
net.ipv4.tcp_syncookies: true
Expand Down
3 changes: 0 additions & 3 deletions src/data/security/level2.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,6 @@ SYS_UID_MAX: '499'
SYS_UID_MIN: '100'
UID_MAX: '60000'
UID_MIN: '1000'
USERADD_CMD: "/usr/sbin/useradd.local"
USERDEL_POSTCMD: "/usr/sbin/userdel-post.local"
USERDEL_PRECMD: "/usr/sbin/userdel-pre.local"
kernel.sysrq: '0'
net.ipv4.ip_forward: false
net.ipv4.tcp_syncookies: true
Expand Down
3 changes: 0 additions & 3 deletions src/data/security/level3.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,6 @@ SYS_UID_MAX: '499'
SYS_UID_MIN: '100'
UID_MAX: '60000'
UID_MIN: '1000'
USERADD_CMD: "/usr/sbin/useradd.local"
USERDEL_POSTCMD: "/usr/sbin/userdel-post.local"
USERDEL_PRECMD: "/usr/sbin/userdel-pre.local"
kernel.sysrq: '0'
net.ipv4.ip_forward: false
net.ipv4.tcp_syncookies: true
Expand Down
8 changes: 1 addition & 7 deletions src/modules/Security.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,10 +64,7 @@ class SecurityClass < Module # rubocop:disable Metrics/ClassLength
"SYS_UID_MAX",
"SYS_UID_MIN",
"SYS_GID_MAX",
"SYS_GID_MIN",
"USERADD_CMD",
"USERDEL_PRECMD",
"USERDEL_POSTCMD"
"SYS_GID_MIN"
].freeze

attr_reader :display_manager
Expand Down Expand Up @@ -153,9 +150,6 @@ def init_settings
"SYS_UID_MIN" => "100",
"SYS_GID_MAX" => "499",
"SYS_GID_MIN" => "100",
"USERADD_CMD" => "/usr/sbin/useradd.local",
"USERDEL_PRECMD" => "/usr/sbin/userdel-pre.local",
"USERDEL_POSTCMD" => "/usr/sbin/userdel-post.local",
"PASSWD_REMEMBER_HISTORY" => "0",
"SYSLOG_ON_NO_ERROR" => "yes",
"DISPLAYMANAGER_ROOT_LOGIN_REMOTE" => "no",
Expand Down
32 changes: 1 addition & 31 deletions test/data/system/etc/login.defs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,7 @@ LOGIN_TIMEOUT 60
# any combination of letters "frwh" (full name, room number, work
# phone, home phone). If not defined, no changes are allowed.
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
#
#
CHFN_RESTRICT rwh

#
Expand Down Expand Up @@ -217,8 +217,6 @@ DEFAULT_HOME yes
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
# See USERDEL_PRECMD/POSTCMD below.
#
#USERDEL_CMD /usr/sbin/userdel_local

#
Expand Down Expand Up @@ -257,31 +255,3 @@ CREATE_HOME no
#CHARACTER_CLASS [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?
CHARACTER_CLASS [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\?

#
# If defined, this command is run when adding a group.
# It should rebuild any NIS database etc. to add the
# new created group.
#
GROUPADD_CMD /usr/sbin/groupadd.local

#
# If defined, this command is run when adding a user.
# It should rebuild any NIS database etc. to add the
# new created account.
#
USERADD_CMD /usr/sbin/useradd.local

#
# If defined, this command is run before removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed.
#
USERDEL_PRECMD /usr/sbin/userdel-pre.local

#
# If defined, this command is run after removing a user.
# It should rebuild any NIS database etc. to remove the
# account from it.
#
USERDEL_POSTCMD /usr/sbin/userdel-post.local

4 changes: 2 additions & 2 deletions test/security_test.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -242,9 +242,9 @@ def enabled?
end

it "doesn't allow empty value to enter into model for an attribute" do
Security.Settings["USERADD_CMD"] = ""
Security.Settings["ENCRYPT_METHOD"] = ""

expect(shadow_config).not_to receive(:useradd_cmd=)
expect(shadow_config).not_to receive(:encrypt_method=)
expect(shadow_config).to receive(:save)

Security.write_shadow_config
Expand Down
Loading