| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Closes: https://bugs.gentoo.org/806124
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
|
| |
|
|
|
|
|
| |
Was pushed as stable.
Fixes: 094b04485ed2967a788dc20912de0cc76d2f47ab
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
|
| |
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Ulrich Müller <ulm@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
|
| |
|
|
|
| |
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Ulrich Müller <ulm@gentoo.org>
|
| |
|
|
|
|
|
|
| |
File collision for passwd.5 man page
Bug: https://bugs.gentoo.org/803587
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Ulrich Müller <ulm@gentoo.org>
|
| |
|
|
|
|
|
|
|
| |
This needs a somewhat awkward blocker against sys-apps/man-pages,
which can be simplified when >=man-pages-5.12-r2 becomes stable.
Bug: https://bugs.gentoo.org/776787
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Ulrich Müller <ulm@gentoo.org>
|
| |
|
|
|
|
|
| |
Closes: https://github.com/gentoo/gentoo/pull/20873
Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Michael Mair-Keimberger <mmk@levelnine.at>
Signed-off-by: Conrad Kostecki <conikost@gentoo.org>
|
| |
|
|
|
| |
Package-Manager: Portage-3.0.17, Repoman-3.0.2
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
|
| |
|
|
|
| |
Package-Manager: Portage-3.0.17, Repoman-3.0.2
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
|
| |
|
|
|
| |
Package-Manager: Portage-3.0.17, Repoman-3.0.2
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
| |
The acct-{user,group} eclasses call useradd and groupadd to create
users and groups. This is esentually a circular dependency that needs
to be resolved somehow.
Bug: https://bugs.gentoo.org/720948
Reverts: f065b54fc2420c72d1d248b6a96c52c81f00d141
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
|
| |
|
|
|
|
|
| |
Closes: https://bugs.gentoo.org/720948
Package-Manager: Portage-3.0.4, Repoman-2.3.23
Signed-off-by: David Michael <fedora.dm0@gmail.com>
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
|
| |
|
|
|
|
| |
Closes: https://bugs.gentoo.org/714012
Package-Manager: Portage-2.3.103, Repoman-2.3.23
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Built-in cracklib support is just an alternative to
the stack installed by the sys-auth/pambase package.
If shadow is built with USE=pam,
then it will prefer pam configuration files over cracklib,
so cracklib is useless as an option.
The pam use flag is enabled in the linux profiles
by default, which covers most use cases.
Package-Manager: Portage-2.3.103, Repoman-2.3.23
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
|
| |
|
|
|
|
| |
Bug: https://bugs.gentoo.org/702252
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
|
| |
|
|
|
|
|
|
|
| |
m68k and ~m68k trees are inconsistent. Let's drop keywords
down to ~m68k only. Profiles already accept both keywords:
ACCEPT_KEYWORDS="m68k ~m68k"
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Matt Turner <mattst88@gentoo.org>
|
| |
|
|
|
|
| |
Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --ignore-arches
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
|
| |
|
|
|
|
|
| |
Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="hppa"
Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
|
| |
|
|
|
|
| |
Bug: https://bugs.gentoo.org/708810
Package-Manager: Portage-2.3.92_p3, Repoman-2.3.20_p118
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
|
| |
|
|
|
| |
Package-Manager: Portage-2.3.84, Repoman-2.3.20
Signed-off-by: Mart Raudsepp <leio@gentoo.org>
|
| |
|
|
|
|
| |
Closes: https://bugs.gentoo.org/712372
Package-Manager: Portage-2.3.94, Repoman-2.3.21
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
|
| |
|
|
|
|
| |
Closes: https://bugs.gentoo.org/708810
Package-Manager: Portage-2.3.92_p3, Repoman-2.3.20_p118
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
|
| |
|
|
|
|
| |
Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="ppc64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
|
|
|
|
| |
Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="ia64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
|
|
|
|
| |
Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
|
|
|
|
| |
Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
|
|
|
|
| |
Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="arm"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
|
|
|
|
| |
Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
|
|
|
|
| |
Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
|
| |
|
|
|
|
| |
Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="s390"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
|
|
|
|
|
| |
Update the copyright notice on all files that were touched since
January 1st but did not have the notice updated.
Signed-off-by: Michał Górny <mgorny@gentoo.org>
|
| |
|
|
|
|
| |
Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-2.3.87, Repoman-2.3.20
Signed-off-by: Patrick McLean <chutzpah@gentoo.org>
|
| |
|
|
|
|
| |
Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-2.3.87, Repoman-2.3.20
Signed-off-by: Patrick McLean <chutzpah@gentoo.org>
|
| |
|
|
|
| |
Package-Manager: Portage-2.3.86_p1, Repoman-2.3.20_p43
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Matt Turner <mattst88@gentoo.org>
|
| |
|
|
|
| |
Package-Manager: Portage-2.3.85, Repoman-2.3.20
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
|
| |
|
|
|
| |
Package-Manager: Portage-2.3.85, Repoman-2.3.20
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
shadow includes a number of administrative account management binaries
like useradd, chage and chpasswd, traditionally only useable by root.
In shadow they can be compiled with PAM support and installed setuid.
PAM configuration can then be used to delegate account management to
users other than root.
The previous config contained the pam_rootok module to provide default
behaviour of allowing account management when called as root. But it
also contained pam_permit which would allow everyone else to also do
account management without any authentication.
To close this loophole we remove pam_permit from the config. Also,
chpasswd, chgpasswd and newusers are batch-mode mass-change tools meant
for scripting. They only contain PAM support if configure flag
--enable-account-tools-setuid is in effect and are then installed setuid
root. They should use the same restrictive PAM configuration as their
siblings. But with setuid user management tools and PAM support within
them disabled by commit f569e607 we can stop installing the
configuration files as well.
chfn and chsh are intended to be called by the user as self-service
tools. For this reason they're always installed setuid root and contain
PAM support. They should be allowed to work but maybe not without some
prior authentication to avoid attacks such as someone finding an
unlocked session and using chfn to redirect phone calls intended for the
user to himself. The existing passwd config seems perfect for that and
is aptly named in that both tools change user information normally
stored in /etc/passwd.
groupmems is another user self-service tool. It allows the user to add
people to their user-private group, allowing them trusted access to
normally private files. It is not installed setuid like chfn and chsh
but always contains PAM support. Upstream installs a locked down PAM
config by default.
Since default shell profiles on Gentoo do not change umask to 0002 when
a private user group is in use, impact will only be to allow read access
to those additional users by default.
Since the idea of adding more users to the user *private* group is
questionable, go with upstream's default of locking the PAM config down
so that an admin not only needs to make the binary suid but also adjust
the PAM config, in the process hopefully considering what they're doing.
Bug: https://bugs.gentoo.org/702252
Closes: https://github.com/gentoo/gentoo/pull/14032
Reviewed-by: Mikle Kolyada <zlogene@gentoo.org>
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
|
| |
|
|
|
|
|
| |
Thanks-to: Michael Weiser <michael@weiser.dinsnail.net>
Bug: https://bugs.gentoo.org/702252
Package-Manager: Portage-2.3.82, Repoman-2.3.20
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
|
| |
|
|
|
| |
Package-Manager: Portage-2.3.80, Repoman-2.3.19
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
|
| |
|
|
|
| |
Package-Manager: Portage-2.3.80, Repoman-2.3.19
Signed-off-by: Patrick McLean <chutzpah@gentoo.org>
|
| |
|
|
|
| |
Package-Manager: Portage-2.3.80, Repoman-2.3.19
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
|
| |
|
|
|
|
|
| |
Thanks-to: Arthur Zamarin <arthurzam+gentoo@gmail.com>
Closes: https://bugs.gentoo.org/700750
Package-Manager: Portage-2.3.79, Repoman-2.3.18
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
|
| |
|
|
|
| |
Package-Manager: Portage-2.3.79, Repoman-2.3.18
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
| |
Moved passwd from /usr/bin to /bin (again) as it breaks at least
one package that has passwd path hardcoded (net-misc/scponly)
Thanks-to: fling <fling@member.fsf.org>
Bug: https://bugs.gentoo.org/699930
Package-Manager: Portage-2.3.79, Repoman-2.3.18
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
|
Mike Gilbert
Sam James
Ulrich Müller
Lars Wendler
Michael Mair-Keimberger
Mikle Kolyada
David Michael
Sergei Trofimovich
Matt Turner
Rolf Eike Beer
Mart Raudsepp
Michael Weiser
Agostino Sarubbo
Michał Górny
Patrick McLean
Michael Weiser
Patrick McLean
GitWeb