Al,
Al Pacifico Wrote:
> I'm thinking slimserver should not have a home directory or a shell, so
> I didn't follow your last post. I get the part about the '-m' instead
> of '-d', but why not just change the useradd line so that the options
> are '-M' (no home directory) rather than '-d %{slimdir}' (to fix bug
> 3314) and add '-s /sbin/nologin' (to fix your issue regarding SELinux
> and the login shell). Feeling a little dense right now...
Well, a quick 'grep nolog /etc/passwd' shows that there are plenty of
accounts with valid home directories but that are not valid to log into
(as far as SELinux is concerned, anyway). I guess I don't see the
reason to not have a valid home directory if the account can't be
logged into, particularly given that FC5 itself creates a bunch of
accounts like this.
Is this just a "purity" thing from your point of view, or do you have a
firm reason for not wanting a home directory?
My concern for being valid to log into (just with a bad password) is
that this will, most absolutely, give grief to SELinux, particularly if
you try to rebuild/replace context permissions.
> Pertinent portions of .spec.build file (%defines in the first two lines,
> source tags, entire install section and pre-install script) follow:
>
> %define prefix /usr/local
> %define slimdir %{prefix}/slimserver
>
> <snip>
>
> Source: _SOURCE_
> Source1: slimserver.init
> Source2: slimserver.config
>
> <snip>
>
> %install
> mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
> mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
> mkdir -p $RPM_BUILD_ROOT%{slimdir}
> cp -R . $RPM_BUILD_ROOT%{slimdir}
> chmod +x $RPM_BUILD_ROOT%{slimdir}/slimserver.pl
> install -D -m755 %SOURCE1 $RPM_BUILD_ROOT/etc/rc.d/init.d/slimserver
> install -D -m644 %SOURCE2 $RPM_BUILD_ROOT/etc/sysconfig/slimserver
> touch $RPM_BUILD_ROOT/etc/slimserver.conf
>
> <snip>
>
> %pre
> export SLIMSERVER_USER=slimserver
>
> # Someone might have changed the default. Lets make sure we use it.
> if [ -f /etc/sysconfig/slimserver ]; then
> . /etc/sysconfig/slimserver;
> fi
>
> # Add the $SLIMSERVER_USER if there is not one
> if [ `grep -c "^$SLIMSERVER_USER:" /etc/passwd` -eq 0 ]; then
> /usr/sbin/groupadd $SLIMSERVER_USER
> /usr/sbin/useradd -c "SlimServer" -g $SLIMSERVER_USER -d %{slimdir}
> $SLIMSERVER_USER
> fi
>
> <snip>
>
> Comments?
> -al
This is difficult for me; I sort of need to see a diff-style listing
(preferably a universal diff-style listing). Otherwise, it's hard to
tell exactly what has and hasn't changed.
On the useradd, what about the -s bit to get rid of the login shell?
--
Jeff
------------------------------------------------------------------------
Jeff's Profile: http://forums.slimdevices.com/member.php?userid=49
View this thread: http://forums.slimdevices.com/showthread.php?t=23594
_______________________________________________
unix mailing list
[email protected]
http://lists.slimdevices.com/lists/listinfo/unix
