Dnia Tue, Jul 11, 2023 at 03:59:41PM +0000, Mateusz Kocielski napisaĆ(a): > > That's peculiar -- what screen locker needs suid bit for? Why wheel > > group? > > Wheel group is taken from my BSD heritage I guess, fixed it. :) It requires > PAM for an authentication. > > > > %{_mandir}/man1/i3lock.1*
Hi, those suid privileges were bothering me and I did my homework, it seems that on Linux i3lock can work without them because of the unix_chkpwd(8) utility. On the FreeBSD (which uses OpenPAM) however SUID is necessary [1]. The reason why I couldn't get it work without root privileges was /etc/pam.d/login file which is installed with u-r permission by default. I guess there's no need to keep it that way since PAM configuration rather not contain any secrets. I attached fixed version of the spec file and patch against util-linux to set u+r permissions. Thanks for your suggestions! [1] - https://cgit.freebsd.org/ports/tree/deskutils/i3lock/Makefile?id=924204922ac441410520f46695dd91a87c001ee9#n27 Regards, Mateusz
>From 1e9086102e3c09827475a221ecba2745b519b2e6 Mon Sep 17 00:00:00 2001 From: Mateusz Kocielski <s...@digitalsun.pl> Date: Tue, 11 Jul 2023 22:11:18 +0200 Subject: [PATCH] Add u+r for /etc/pam.d/ configuration files --- util-linux.spec | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/util-linux.spec b/util-linux.spec index aeb33fa..e84b4f0 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -1344,10 +1344,10 @@ fi %attr(755,root,root) /bin/runuser %attr(755,root,root) /sbin/runuser %attr(4755,root,root) /bin/su -%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/runuser -%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/runuser-l -%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/su -%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/su-l +%attr(644,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/runuser +%attr(644,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/runuser-l +%attr(644,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/su +%attr(644,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/su-l %{_mandir}/man1/runuser.1* %{_mandir}/man1/su.1* %lang(cs) %{_mandir}/cs/man1/su.1* @@ -2240,7 +2240,7 @@ fi %files -n login %defattr(644,root,root,755) -%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/login +%attr(644,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/login %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.login %attr(755,root,root) /bin/login %{_mandir}/man1/login.1* -- 2.41.0
Summary: improved screen locker Name: i3lock Version: 2.14.1 Release: 1 License: BSD Group: Applications Source0: https://i3wm.org/i3lock/%{name}-%{version}.tar.xz # Source0-md5: 33d4bc8256a1566fbac911e405e53fdd URL: https://i3wm.org/i3lock/ BuildRequires: cairo-devel >= 1.14.4 BuildRequires: libev-devel BuildRequires: libxcb-devel BuildRequires: meson >= 0.45.0 BuildRequires: ninja BuildRequires: pam-devel BuildRequires: pkgconfig BuildRequires: rpmbuild(macros) >= 1.726 BuildRequires: xcb-util-devel BuildRequires: xcb-util-image-devel BuildRequires: xcb-util-xrm-devel BuildRequires: xorg-lib-libxkbcommon-x11-devel Requires: cairo >= 1.14.4 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) %description Minimalist screen locker based on slock. %prep %setup -q %build %meson build %ninja_build -C build %install rm -rf $RPM_BUILD_ROOT %ninja_install -C build %clean rm -rf $RPM_BUILD_ROOT %files %defattr(644,root,root,755) %doc LICENSE CHANGELOG %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/i3lock %attr(755,root,root) %{_bindir}/i3lock %{_mandir}/man1/i3lock.1*
_______________________________________________ pld-devel-en mailing list pld-devel-en@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-devel-en