document that groupmems is not setuid root
- document that expiration of the password after inactivity period locks the user account completely
This commit is contained in:
parent
25899fefb0
commit
c2f1a1c502
@ -1,3 +1,30 @@
|
||||
diff -up shadow-4.2.1/man/groupmems.8.xml.manfix shadow-4.2.1/man/groupmems.8.xml
|
||||
--- shadow-4.2.1/man/groupmems.8.xml.manfix 2014-03-01 19:59:51.000000000 +0100
|
||||
+++ shadow-4.2.1/man/groupmems.8.xml 2015-11-06 14:21:03.013060324 +0100
|
||||
@@ -179,20 +179,10 @@
|
||||
<refsect1 id='setup'>
|
||||
<title>SETUP</title>
|
||||
<para>
|
||||
- The <command>groupmems</command> executable should be in mode
|
||||
- <literal>2770</literal> as user <emphasis>root</emphasis> and in group
|
||||
- <emphasis>groups</emphasis>. The system administrator can add users to
|
||||
- group <emphasis>groups</emphasis> to allow or disallow them using the
|
||||
- <command>groupmems</command> utility to manage their own group
|
||||
- membership list.
|
||||
+ In this operating system the <command>groupmems</command> executable
|
||||
+ is not setuid and regular users cannot use it to manipulate
|
||||
+ the membership of their own group.
|
||||
</para>
|
||||
-
|
||||
- <programlisting>
|
||||
- $ groupadd -r groups
|
||||
- $ chmod 2770 groupmems
|
||||
- $ chown root.groups groupmems
|
||||
- $ groupmems -g groups -a gk4
|
||||
- </programlisting>
|
||||
</refsect1>
|
||||
|
||||
<refsect1 id='configuration'>
|
||||
diff -up shadow-4.2.1/man/chage.1.xml.manfix shadow-4.2.1/man/chage.1.xml
|
||||
--- shadow-4.2.1/man/chage.1.xml.manfix 2014-03-01 19:59:51.000000000 +0100
|
||||
+++ shadow-4.2.1/man/chage.1.xml 2014-11-26 15:34:51.256978960 +0100
|
||||
@ -32,6 +59,20 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
|
||||
<para>The following configuration items are provided:</para>
|
||||
|
||||
<variablelist remap='IP'>
|
||||
diff -up shadow-4.2.1/man/shadow.5.xml.manfix shadow-4.2.1/man/shadow.5.xml
|
||||
--- shadow-4.2.1/man/shadow.5.xml.manfix 2014-03-01 19:59:51.000000000 +0100
|
||||
+++ shadow-4.2.1/man/shadow.5.xml 2015-10-27 16:54:29.304231353 +0100
|
||||
@@ -208,8 +208,8 @@
|
||||
</para>
|
||||
<para>
|
||||
After expiration of the password and this expiration period is
|
||||
- elapsed, no login is possible using the current user's
|
||||
- password. The user should contact her administrator.
|
||||
+ elapsed, no login is possible for the user.
|
||||
+ The user should contact her administrator.
|
||||
</para>
|
||||
<para>
|
||||
An empty field means that there are no enforcement of an
|
||||
diff -up shadow-4.2.1/man/useradd.8.xml.manfix shadow-4.2.1/man/useradd.8.xml
|
||||
--- shadow-4.2.1/man/useradd.8.xml.manfix 2014-11-26 15:34:51.234978891 +0100
|
||||
+++ shadow-4.2.1/man/useradd.8.xml 2014-11-26 15:34:51.257978963 +0100
|
||||
|
@ -1,7 +1,7 @@
|
||||
Summary: Utilities for managing accounts and shadow password files
|
||||
Name: shadow-utils
|
||||
Version: 4.2.1
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Epoch: 2
|
||||
URL: http://pkg-shadow.alioth.debian.org/
|
||||
Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz
|
||||
@ -252,6 +252,11 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_mandir}/man8/vigr.8*
|
||||
|
||||
%changelog
|
||||
* Fri Nov 6 2015 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-4
|
||||
- document that groupmems is not setuid root
|
||||
- document that expiration of the password after inactivity period
|
||||
locks the user account completely
|
||||
|
||||
* Thu Aug 27 2015 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-3
|
||||
- unlock also passwords locked with passwd -l
|
||||
- prevent breaking user entry by entering a password containing colon
|
||||
|
Loading…
Reference in New Issue
Block a user