Dnia Tue, Jul 11, 2023 at 03:59:41PM +0000, Mateusz Kocielski napisaĆ(a):
> > That's peculiar -- what screen locker needs suid bit for? Why wheel
> > group?
>
> Wheel group is taken from my BSD heritage I guess, fixed it. :) It requires
> PAM for an authentication.
>
> > > %{_mandir}/man1/i3lock.1*
Hi,
those suid privileges were bothering me and I did my homework, it seems that
on Linux i3lock can work without them because of the unix_chkpwd(8) utility.
On the FreeBSD (which uses OpenPAM) however SUID is necessary [1]. The reason
why I couldn't get it work without root privileges was /etc/pam.d/login
file which is installed with u-r permission by default. I guess there's no
need to keep it that way since PAM configuration rather not contain any
secrets. I attached fixed version of the spec file and patch against
util-linux to set u+r permissions. Thanks for your suggestions!
[1] -
https://cgit.freebsd.org/ports/tree/deskutils/i3lock/Makefile?id=924204922ac441410520f46695dd91a87c001ee9#n27
Regards,
Mateusz
>From 1e9086102e3c09827475a221ecba2745b519b2e6 Mon Sep 17 00:00:00 2001
From: Mateusz Kocielski <[email protected]>
Date: Tue, 11 Jul 2023 22:11:18 +0200
Subject: [PATCH] Add u+r for /etc/pam.d/ configuration files
---
util-linux.spec | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/util-linux.spec b/util-linux.spec
index aeb33fa..e84b4f0 100644
--- a/util-linux.spec
+++ b/util-linux.spec
@@ -1344,10 +1344,10 @@ fi
%attr(755,root,root) /bin/runuser
%attr(755,root,root) /sbin/runuser
%attr(4755,root,root) /bin/su
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/runuser
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/runuser-l
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/su
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/su-l
+%attr(644,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/runuser
+%attr(644,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/runuser-l
+%attr(644,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/su
+%attr(644,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/su-l
%{_mandir}/man1/runuser.1*
%{_mandir}/man1/su.1*
%lang(cs) %{_mandir}/cs/man1/su.1*
@@ -2240,7 +2240,7 @@ fi
%files -n login
%defattr(644,root,root,755)
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/login
+%attr(644,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/login
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.login
%attr(755,root,root) /bin/login
%{_mandir}/man1/login.1*
--
2.41.0
Summary: improved screen locker
Name: i3lock
Version: 2.14.1
Release: 1
License: BSD
Group: Applications
Source0: https://i3wm.org/i3lock/%{name}-%{version}.tar.xz
# Source0-md5: 33d4bc8256a1566fbac911e405e53fdd
URL: https://i3wm.org/i3lock/
BuildRequires: cairo-devel >= 1.14.4
BuildRequires: libev-devel
BuildRequires: libxcb-devel
BuildRequires: meson >= 0.45.0
BuildRequires: ninja
BuildRequires: pam-devel
BuildRequires: pkgconfig
BuildRequires: rpmbuild(macros) >= 1.726
BuildRequires: xcb-util-devel
BuildRequires: xcb-util-image-devel
BuildRequires: xcb-util-xrm-devel
BuildRequires: xorg-lib-libxkbcommon-x11-devel
Requires: cairo >= 1.14.4
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%description
Minimalist screen locker based on slock.
%prep
%setup -q
%build
%meson build
%ninja_build -C build
%install
rm -rf $RPM_BUILD_ROOT
%ninja_install -C build
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(644,root,root,755)
%doc LICENSE CHANGELOG
%config(noreplace) %verify(not md5 mtime size) /etc/pam.d/i3lock
%attr(755,root,root) %{_bindir}/i3lock
%{_mandir}/man1/i3lock.1*
_______________________________________________
pld-devel-en mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
