[apparmor] [patch] userdel profile
Christian Boltz
apparmor at cboltz.de
Sun Feb 12 21:13:36 UTC 2012
Hello,
I just noticed that the userdel profile needs an additional permission -
without it, no users can be deleted.
Looks like userdel is one of the lesser-used commands (more people use
useradd - which you can verify by the fact that it already has this
fix ;-)
=== modified file 'profiles/apparmor/profiles/extras/usr.sbin.userdel'
--- profiles/apparmor/profiles/extras/usr.sbin.userdel 2011-08-27
+++ profiles/apparmor/profiles/extras/usr.sbin.userdel 2012-02-12
@@ -28,7 +28,7 @@
/bin/cat rmix,
/bin/bash rmix,
/dev/log w,
- /etc/.pwd.lock rw,
+ /etc/.pwd.lock rwk,
/etc/cron.deny r,
/etc/default/useradd r,
/etc/group* rwl,
I also propose this patch for the 2.3 branch.
Regards,
Christian Boltz
--
schliEßlichle sendi emeiSt Enleut ehier mehralsdreIpo Stingsa Mtag sOd
Asesdoch et. Waserm üdentwärdenkahnimmerrattentsumÜßenw aßIrge
nDeinezUs Ahmäst ell unkvonbU chst, abensagenw iel ;-)
[Tilman Ahr in dcoulm zum Thema "Rechtschreibfehler stören doch nicht"]
More information about the AppArmor
mailing list