Package: openstack-pkg-tools
Version: update log creation permissions and pkgos_adduser shell
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu kinetic ubuntu-patch
In Ubuntu, the attached patch was applied to achieve the following:
* Set umask in init-script-template to ensure log files are created
with 0640 mode bits.
* Update pkgos_adduser to use /usr/sbin/nologin instead of /bin/false
when creating system accounts that do not run a shell.
Thanks for considering the patch.
-- System Information:
Debian Release: bookworm/sid
APT prefers kinetic
APT policy: (500, 'kinetic')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.15.0-37-generic (SMP w/4 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru openstack-pkg-tools-119/init-template/init-script-template
openstack-pkg-tools-119ubuntu1/init-template/init-script-template
--- openstack-pkg-tools-119/init-template/init-script-template 2021-02-09
08:44:31.000000000 -0500
+++ openstack-pkg-tools-119ubuntu1/init-template/init-script-template
2022-07-08 15:12:01.000000000 -0400
@@ -181,6 +181,8 @@
}
do_systemd_start() {
+ # Set umask to ensure log files are created with 0640 mode bits
+ umask 0026
if [ -n "${PYARGV}" ] ; then
exec $DAEMON $DAEMON_ARGS --pyargv "${PYARGV}"
else
diff -Nru openstack-pkg-tools-119/pkgos_func
openstack-pkg-tools-119ubuntu1/pkgos_func
--- openstack-pkg-tools-119/pkgos_func 2021-02-09 08:44:31.000000000 -0500
+++ openstack-pkg-tools-119ubuntu1/pkgos_func 2022-07-08 15:12:01.000000000
-0400
@@ -838,7 +838,7 @@
VAR_UG_SHELL=${2}
if [ -z "${VAR_UG_SHELL}" ] ; then
- VAR_UG_SHELL='/bin/false'
+ VAR_UG_SHELL='/usr/sbin/nologin'
fi
# These are reserved UID/GID allocation
