[apparmor] [patch] userdel profile

Christian Boltz apparmor at cboltz.de
Sun Feb 12 21:13:36 UTC 2012


I just noticed that the userdel profile needs an additional permission - 
without it, no users can be deleted.

Looks like userdel is one of the lesser-used commands (more people use 
useradd - which you can verify by the fact that it already has this 
fix ;-) 

=== modified file 'profiles/apparmor/profiles/extras/usr.sbin.userdel'
--- profiles/apparmor/profiles/extras/usr.sbin.userdel  2011-08-27 
+++ profiles/apparmor/profiles/extras/usr.sbin.userdel  2012-02-12 
@@ -28,7 +28,7 @@
   /bin/cat rmix,
   /bin/bash rmix,
   /dev/log w,
-  /etc/.pwd.lock rw,
+  /etc/.pwd.lock rwk,
   /etc/cron.deny r,
   /etc/default/useradd r,
   /etc/group* rwl,

I also propose this patch for the 2.3 branch.


Christian Boltz
schliEßlichle sendi emeiSt Enleut ehier mehralsdreIpo Stingsa Mtag sOd
Asesdoch et. Waserm üdentwärdenkahnimmerrattentsumÜßenw aßIrge
nDeinezUs Ahmäst ell unkvonbU chst, abensagenw iel ;-) 
[Tilman Ahr in dcoulm zum Thema "Rechtschreibfehler stören doch nicht"]

More information about the AppArmor mailing list