commit: 85488c6829d9fb7bf9c148a6dc4a06c5a7a33a73 Author: James Taylor <james <AT> jtaylor <DOT> id <DOT> au> AuthorDate: Fri Feb 20 13:33:35 2015 +0000 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> CommitDate: Mon Feb 23 12:53:25 2015 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=85488c68
sys-libs/pam: Fixed building under musl using patchset from Alpine Linux Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org> --- sys-libs/pam/files/pam-1.1.8-doc-install.patch | 142 +++++++++++++++++ sys-libs/pam/files/pam-1.1.8-fix-compat.patch | 21 +++ sys-libs/pam/files/pam-1.1.8-innetgr.patch | 54 +++++++ sys-libs/pam/metadata.xml | 32 ++++ sys-libs/pam/pam-1.1.8-r99.ebuild | 205 +++++++++++++++++++++++++ 5 files changed, 454 insertions(+) diff --git a/sys-libs/pam/files/pam-1.1.8-doc-install.patch b/sys-libs/pam/files/pam-1.1.8-doc-install.patch new file mode 100644 index 0000000..bdd5b9d --- /dev/null +++ b/sys-libs/pam/files/pam-1.1.8-doc-install.patch @@ -0,0 +1,142 @@ +https://bugs.gentoo.org/473650 +https://fedorahosted.org/linux-pam/ticket/31 + +fix doc installs when doing out of tree builds + +--- a/doc/adg/Makefile.in ++++ b/doc/adg/Makefile.in +@@ -463,17 +463,17 @@ install-data-local: + $(mkinstalldirs) $(DESTDIR)$(docdir) + $(mkinstalldirs) $(DESTDIR)$(pdfdir) + $(mkinstalldirs) $(DESTDIR)$(htmldir) +- test -f html/Linux-PAM_ADG.html || exit 0; \ ++ test -f html/Linux-PAM_ADG.html -o -f $(srcdir)/html/Linux-PAM_ADG.html || exit 0; \ + $(install_sh_DATA) html/Linux-PAM_ADG.html html/adg-*.html \ + $(DESTDIR)$(htmldir)/ || \ + $(install_sh_DATA) $(srcdir)/html/Linux-PAM_ADG.html \ +- $(srcdir)/html/sag-*.html \ ++ $(srcdir)/html/adg-*.html \ + $(DESTDIR)$(htmldir)/ +- test -f Linux-PAM_ADG.txt || exit 0; \ ++ test -f Linux-PAM_ADG.txt -o -f $(srcdir)/Linux-PAM_ADG.txt || exit 0; \ + $(install_sh_DATA) Linux-PAM_ADG.txt $(DESTDIR)$(docdir)/ || \ + $(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.txt \ + $(DESTDIR)$(docdir)/ +- test -f Linux-PAM_ADG.pdf || exit 0; \ ++ test -f Linux-PAM_ADG.pdf -o -f $(srcdir)/Linux-PAM_ADG.pdf || exit 0; \ + $(install_sh_DATA) Linux-PAM_ADG.pdf $(DESTDIR)$(pdfdir)/ || \ + $(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.pdf \ + $(DESTDIR)$(pdfdir)/ +@@ -486,18 +486,18 @@ uninstall-local: + + releasedocs: all + $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html +- test -f html/Linux-PAM_ADG.html || exit 0; \ ++ test -f html/Linux-PAM_ADG.html -o -f $(srcdir)/html/Linux-PAM_ADG.html || exit 0; \ + cp -ap html/Linux-PAM_ADG.html html/adg-*.html \ + $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/ || \ + cp -ap $(srcdir)/html/Linux-PAM_ADG.html \ + $(srcdir)/html/adg-*.html \ + $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/ +- test -f Linux-PAM_ADG.txt || exit 0; \ ++ test -f Linux-PAM_ADG.txt -o -f $(srcdir)/Linux-PAM_ADG.txt || exit 0; \ + cp -p Linux-PAM_ADG.txt \ + $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ || \ + cp -p $(srcdir)/Linux-PAM_ADG.txt \ + $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ +- test -f Linux-PAM_ADG.pdf || exit 0; \ ++ test -f Linux-PAM_ADG.pdf -o -f $(srcdir)/Linux-PAM_ADG.pdf || exit 0; \ + cp -p Linux-PAM_ADG.pdf \ + $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ || \ + cp -p $(srcdir)/Linux-PAM_ADG.pdf \ +--- a/doc/mwg/Makefile.in ++++ b/doc/mwg/Makefile.in +@@ -463,17 +463,17 @@ install-data-local: + $(mkinstalldirs) $(DESTDIR)$(docdir) + $(mkinstalldirs) $(DESTDIR)$(pdfdir) + $(mkinstalldirs) $(DESTDIR)$(htmldir) +- test -f html/Linux-PAM_MWG.html || exit 0; \ ++ test -f html/Linux-PAM_MWG.html -o -f $(srcdir)/html/Linux-PAM_MWG.html || exit 0; \ + $(install_sh_DATA) html/Linux-PAM_MWG.html html/mwg-*.html \ + $(DESTDIR)$(htmldir)/ || \ + $(install_sh_DATA) $(srcdir)/html/Linux-PAM_MWG.html \ +- $(srcdir)/html/sag-*.html \ ++ $(srcdir)/html/mwg-*.html \ + $(DESTDIR)$(htmldir)/ +- test -f Linux-PAM_MWG.txt || exit 0; \ ++ test -f Linux-PAM_MWG.txt -o -f $(srcdir)/Linux-PAM_MWG.txt || exit 0; \ + $(install_sh_DATA) Linux-PAM_MWG.txt $(DESTDIR)$(docdir)/ || \ + $(install_sh_DATA) $(srcdir)/Linux-PAM_MWG.txt \ + $(DESTDIR)$(docdir)/ +- test -f Linux-PAM_MWG.pdf || exit 0; \ ++ test -f Linux-PAM_MWG.pdf -o -f $(srcdir)/Linux-PAM_MWG.pdf || exit 0; \ + $(install_sh_DATA) Linux-PAM_MWG.pdf $(DESTDIR)$(pdfdir)/ || \ + $(install_sh_DATA) $(srcdir)/Linux-PAM_MWG.pdf \ + $(DESTDIR)$(pdfdir)/ +@@ -486,18 +486,18 @@ uninstall-local: + + releasedocs: all + $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html +- test -f html/Linux-PAM_MWG.html || exit 0; \ ++ test -f html/Linux-PAM_MWG.html -o -f $(srcdir)/html/Linux-PAM_MWG.html || exit 0; \ + cp -ap html/Linux-PAM_MWG.html html/mwg-*.html \ + $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/ || \ + cp -ap $(srcdir)/html/Linux-PAM_MWG.html \ + $(srcdir)/html/mwg-*.html \ + $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/ +- test -f Linux-PAM_MWG.txt || exit 0; \ ++ test -f Linux-PAM_MWG.txt -o -f $(srcdir)/Linux-PAM_MWG.txt || exit 0; \ + cp -p Linux-PAM_MWG.txt \ + $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ || \ + cp -p $(srcdir)/Linux-PAM_MWG.txt \ + $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ +- test -f Linux-PAM_MWG.pdf || exit 0; \ ++ test -f Linux-PAM_MWG.pdf -o -f $(srcdir)/Linux-PAM_MWG.pdf || exit 0; \ + cp -p Linux-PAM_MWG.pdf \ + $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ || \ + cp -p $(srcdir)/Linux-PAM_MWG.pdf \ +--- a/doc/sag/Makefile.in ++++ b/doc/sag/Makefile.in +@@ -463,17 +463,17 @@ install-data-local: + $(mkinstalldirs) $(DESTDIR)$(docdir) + $(mkinstalldirs) $(DESTDIR)$(pdfdir) + $(mkinstalldirs) $(DESTDIR)$(htmldir) +- test -f html/Linux-PAM_SAG.html || exit 0; \ ++ test -f html/Linux-PAM_SAG.html -o -f $(srcdir)/html/Linux-PAM_SAG.html || exit 0; \ + $(install_sh_DATA) html/Linux-PAM_SAG.html html/sag-*.html \ + $(DESTDIR)$(htmldir)/ || \ + $(install_sh_DATA) $(srcdir)/html/Linux-PAM_SAG.html \ + $(srcdir)/html/sag-*.html \ + $(DESTDIR)$(htmldir)/ +- test -f Linux-PAM_SAG.txt || exit 0; \ ++ test -f Linux-PAM_SAG.txt -o -f $(srcdir)/Linux-PAM_SAG.txt || exit 0; \ + $(install_sh_DATA) Linux-PAM_SAG.txt $(DESTDIR)$(docdir)/ || \ + $(install_sh_DATA) $(srcdir)/Linux-PAM_SAG.txt \ + $(DESTDIR)$(docdir)/ +- test -f Linux-PAM_SAG.pdf || exit 0; \ ++ test -f Linux-PAM_SAG.pdf -o -f $(srcdir)/Linux-PAM_SAG.pdf || exit 0; \ + $(install_sh_DATA) Linux-PAM_SAG.pdf $(DESTDIR)$(pdfdir)/ || \ + $(install_sh_DATA) $(srcdir)/Linux-PAM_SAG.pdf \ + $(DESTDIR)$(pdfdir)/ +@@ -486,18 +486,18 @@ uninstall-local: + + releasedocs: all + $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html +- test -f html/Linux-PAM_SAG.html || exit 0; \ ++ test -f html/Linux-PAM_SAG.html -o -f $(srcdir)/html/Linux-PAM_SAG.html || exit 0; \ + cp -ap html/Linux-PAM_SAG.html html/sag-*.html \ + $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/ || \ + cp -ap $(srcdir)/html/Linux-PAM_SAG.html \ + $(srcdir)/html/sag-*.html \ + $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/ +- test -f Linux-PAM_SAG.txt || exit 0; \ ++ test -f Linux-PAM_SAG.txt -o -f $(srcdir)/Linux-PAM_SAG.txt || exit 0; \ + cp -p Linux-PAM_SAG.txt \ + $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ || \ + cp -p $(srcdir)/Linux-PAM_SAG.txt \ + $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ +- test -f Linux-PAM_SAG.pdf || exit 0; \ ++ test -f Linux-PAM_SAG.pdf -o -f $(srcdir)/Linux-PAM_SAG.pdf || exit 0; \ + cp -p Linux-PAM_SAG.pdf \ + $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ || \ + cp -p $(srcdir)/Linux-PAM_SAG.pdf \ diff --git a/sys-libs/pam/files/pam-1.1.8-fix-compat.patch b/sys-libs/pam/files/pam-1.1.8-fix-compat.patch new file mode 100644 index 0000000..332f609 --- /dev/null +++ b/sys-libs/pam/files/pam-1.1.8-fix-compat.patch @@ -0,0 +1,21 @@ +--- a/modules/pam_lastlog/pam_lastlog.c ++++ b/modules/pam_lastlog/pam_lastlog.c +@@ -10,6 +10,7 @@ + + #include "config.h" + ++#include <paths.h> + #include <fcntl.h> + #include <time.h> + #include <errno.h> +@@ -48,6 +49,10 @@ + + #ifndef _PATH_BTMP + # define _PATH_BTMP "/var/log/btmp" ++#endif ++ ++#ifndef __GLIBC__ ++#define logwtmp(args...) + #endif + + /* XXX - time before ignoring lock. Is 1 sec enough? */ diff --git a/sys-libs/pam/files/pam-1.1.8-innetgr.patch b/sys-libs/pam/files/pam-1.1.8-innetgr.patch new file mode 100644 index 0000000..a94fa3d --- /dev/null +++ b/sys-libs/pam/files/pam-1.1.8-innetgr.patch @@ -0,0 +1,54 @@ +--- Linux-PAM-1.1.3.orig/modules/pam_group/pam_group.c ++++ Linux-PAM-1.1.3/modules/pam_group/pam_group.c +@@ -658,10 +658,13 @@ + continue; + } + /* If buffer starts with @, we are using netgroups */ ++#ifdef HAVE_INNETGR + if (buffer[0] == '@') + good &= innetgr (&buffer[1], NULL, user, NULL); + /* otherwise, if the buffer starts with %, it's a UNIX group */ +- else if (buffer[0] == '%') ++ else ++#endif ++ if (buffer[0] == '%') + good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]); + else + good &= logic_field(pamh,user, buffer, count, is_same); +--- Linux-PAM-1.1.3.orig/modules/pam_succeed_if/pam_succeed_if.c ++++ Linux-PAM-1.1.3/modules/pam_succeed_if/pam_succeed_if.c +@@ -233,16 +233,20 @@ + static int + evaluate_innetgr(const char *host, const char *user, const char *group) + { ++#ifdef HAVE_INNETGR + if (innetgr(group, host, user, NULL) == 1) + return PAM_SUCCESS; ++#endif + return PAM_AUTH_ERR; + } + /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */ + static int + evaluate_notinnetgr(const char *host, const char *user, const char *group) + { ++#ifdef HAVE_INNETGR + if (innetgr(group, host, user, NULL) == 0) + return PAM_SUCCESS; ++#endif + return PAM_AUTH_ERR; + } + +--- Linux-PAM-1.1.3.orig/modules/pam_time/pam_time.c ++++ Linux-PAM-1.1.3/modules/pam_time/pam_time.c +@@ -554,9 +554,11 @@ + continue; + } + /* If buffer starts with @, we are using netgroups */ ++#ifdef HAVE_INNETGR + if (buffer[0] == '@') + good &= innetgr (&buffer[1], NULL, user, NULL); + else ++#endif + good &= logic_field(pamh, user, buffer, count, is_same); + D(("with user: %s", good ? "passes":"fails" )); + diff --git a/sys-libs/pam/metadata.xml b/sys-libs/pam/metadata.xml new file mode 100644 index 0000000..4ee5aec --- /dev/null +++ b/sys-libs/pam/metadata.xml @@ -0,0 +1,32 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";> +<pkgmetadata> + <herd>pam</herd> + <maintainer> + <email>[email protected]</email> + </maintainer> + <use> + <flag name='audit'>Enable support for <pkg>sys-process/audit</pkg></flag> + + <flag name="berkdb"> + Build the pam_userdb module, that allows to authenticate users + against a Berkeley DB file. Please note that enabling this USE + flag will create a PAM module that links to the Berkeley DB (as + provided by <pkg>sys-libs/db</pkg>) installed in /usr/lib and + will thus not work for boot-critical services authentication. + </flag> + + <flag name="cracklib"> + Build the pam_cracklib module, that allows to verify the chosen + passwords' strength through the use of + <pkg>sys-libs/cracklib</pkg>. Please note that simply enabling + the USE flag on this package will not make use of pam_cracklib + by default, you should also enable it in + <pkg>sys-auth/pambase</pkg> as well as update your configuration + files. + </flag> + </use> + <upstream> + <remote-id type="cpe">cpe:/a:kernel:linux-pam</remote-id> + </upstream> +</pkgmetadata> diff --git a/sys-libs/pam/pam-1.1.8-r99.ebuild b/sys-libs/pam/pam-1.1.8-r99.ebuild new file mode 100644 index 0000000..4b3c659 --- /dev/null +++ b/sys-libs/pam/pam-1.1.8-r99.ebuild @@ -0,0 +1,205 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +EAPI=5 + +inherit libtool multilib multilib-minimal eutils pam toolchain-funcs flag-o-matic db-use + +MY_PN="Linux-PAM" +MY_P="${MY_PN}-${PV}" + +HOMEPAGE="https://fedorahosted.org/linux-pam/"; +DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)" + +SRC_URI="http://www.linux-pam.org/library/${MY_P}.tar.bz2 + http://www.linux-pam.org/documentation/${MY_P}-docs.tar.bz2"; + +LICENSE="|| ( BSD GPL-2 )" +SLOT="0" +KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86" +IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_musl elibc_glibc debug berkdb nis" + +RDEPEND="nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] ) + cracklib? ( >=sys-libs/cracklib-2.9.1-r1[${MULTILIB_USEDEP}] ) + audit? ( >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] ) + selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] ) + berkdb? ( >=sys-libs/db-4.8.30-r1[${MULTILIB_USEDEP}] ) + elibc_glibc? ( + >=sys-libs/glibc-2.7 + nis? ( || ( >=net-libs/libtirpc-0.2.4-r2[${MULTILIB_USEDEP}] <sys-libs/glibc-2.14 ) ) + )" +DEPEND="${RDEPEND} + >=sys-devel/libtool-2 + >=sys-devel/flex-2.5.39-r1[${MULTILIB_USEDEP}] + nls? ( sys-devel/gettext ) + >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]" +PDEPEND="sys-auth/pambase + vim-syntax? ( app-vim/pam-syntax )" +RDEPEND="${RDEPEND} + !<sys-apps/openrc-0.11.8 + !sys-auth/openpam + !sys-auth/pam_userdb + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20140508-r7 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + )" + +S="${WORKDIR}/${MY_P}" + +check_old_modules() { + local retval="0" + + if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then + eerror "" + eerror "Your current setup is using the pam_stack module." + eerror "This module is deprecated and no longer supported, and since version" + eerror "0.99 is no longer installed, nor provided by any other package." + eerror "The package will be built (to allow binary package builds), but will" + eerror "not be installed." + eerror "Please replace pam_stack usage with proper include directive usage," + eerror "following the PAM Upgrade guide at the following URL" + eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"; + eerror "" + + retval=1 + fi + + if sed -e 's:#.*::' "${EROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|console)'; then + eerror "" + eerror "Your current setup is using one or more of the following modules," + eerror "that are not built or supported anymore:" + eerror "pam_pwdb, pam_console" + eerror "If you are in real need for these modules, please contact the maintainers" + eerror "of PAM through http://bugs.gentoo.org/ providing information about its" + eerror "use cases." + eerror "Please also make sure to read the PAM Upgrade guide at the following URL:" + eerror " http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"; + eerror "" + + retval=1 + fi + + return $retval +} + +pkg_pretend() { + # do not error out, this is just a warning, one could build a binpkg + # with old modules enabled. + check_old_modules +} + +src_prepare() { + epatch "${FILESDIR}"/${PN}-1.1.8-doc-install.patch #473650 + epatch "${FILESDIR}"/${PN}-1.1.8-fix-compat.patch + epatch "${FILESDIR}"/${PN}-1.1.8-innetgr.patch + + # disable insecure modules (musl-libc doesn't implement the functions anyway) + use elibc_musl && sed -e 's/pam_rhosts//g' -i modules/Makefile.am modules/Makefile.in + elibtoolize +} + +multilib_src_configure() { + # Disable automatic detection of libxcrypt; we _don't_ want the + # user to link libxcrypt in by default, since we won't track the + # dependency and allow to break PAM this way. + export ac_cv_header_xcrypt_h=no + + # Disable automatic detection of libcrypt + use elibc_musl && export ac_cv_search_crypt=no + + local myconf=( + --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html + --libdir="${EPREFIX}"/usr/$(get_libdir) \ + --enable-securedir="${EPREFIX}"/$(get_libdir)/security + --enable-isadir="${EPREFIX}"/$(get_libdir)/security + $(use_enable nls) + $(use_enable selinux) + $(use_enable cracklib) + $(use_enable audit) + $(use_enable debug) + $(use_enable berkdb db) + $(use_enable nis) + --with-db-uniquename=-$(db_findver sys-libs/db) + --disable-prelude + ) + + if use hppa || use elibc_FreeBSD; then + myconf+=( --disable-pie ) + fi + + ECONF_SOURCE=${S} \ + econf "${myconf[@]}" +} + +multilib_src_compile() { + emake sepermitlockdir="${EPREFIX}/run/sepermit" +} + +multilib_src_install() { + emake DESTDIR="${D}" install \ + sepermitlockdir="${EPREFIX}/run/sepermit" + + local prefix + if multilib_is_native_abi; then + prefix= + gen_usr_ldscript -a pam pamc pam_misc + else + prefix=/usr + fi + + # create extra symlinks just in case something depends on them... + local lib + for lib in pam pamc pam_misc; do + if ! [[ -f "${ED}"${prefix}/$(get_libdir)/lib${lib}$(get_libname) ]]; then + dosym lib${lib}$(get_libname 0) ${prefix}/$(get_libdir)/lib${lib}$(get_libname) + fi + done +} + +DOCS=( CHANGELOG ChangeLog README AUTHORS Copyright NEWS ) + +multilib_src_install_all() { + einstalldocs + prune_libtool_files --all + + # Need to be suid + fperms u+s /sbin/unix_chkpwd + + docinto modules + for dir in modules/pam_*; do + newdoc "${dir}"/README README."$(basename "${dir}")" + done + + if use selinux; then + dodir /usr/lib/tmpfiles.d + cat - > "${D}"/usr/lib/tmpfiles.d/${CATEGORY}:${PN}:${SLOT}.conf <<EOF +d /run/sepermit 0755 root root +EOF + fi +} + +pkg_preinst() { + check_old_modules || die "deprecated PAM modules still used" +} + +pkg_postinst() { + ewarn "Some software with pre-loaded PAM libraries might experience" + ewarn "warnings or failures related to missing symbols and/or versions" + ewarn "after any update. While unfortunate this is a limit of the" + ewarn "implementation of PAM and the software, and it requires you to" + ewarn "restart the software manually after the update." + ewarn "" + ewarn "You can get a list of such software running a command like" + ewarn " lsof / | egrep -i 'del.*libpam\\.so'" + ewarn "" + ewarn "Alternatively, simply reboot your system." + if [[ -x "${EROOT}"/var/log/tallylog ]] ; then + elog "" + elog "Because of a bug present up to version 1.1.1-r2, you have" + elog "an executable /var/log/tallylog file. You can safely" + elog "correct it by running the command" + elog " chmod -x /var/log/tallylog" + elog "" + fi +}
