Discussion:
[Sqlgrey-users] .spec missing /etc/sqlgrey/discrimination.regexp
John Thomas
2007-07-21 20:16:06 UTC
Permalink
On Centos 5.0
rpmbuild -ta sqlgrey-1.7.5.tar.bz2
failed with
error: Installed (but unpackaged) file(s) found:
/etc/sqlgrey/discrimination.regexp
Adding /etc/sqlgrey/discrimination.regexp
to the %files section of the spec file solved the problem for me.
--
Sincerely,
John Thomas
John Thomas
2007-08-04 00:39:08 UTC
Permalink
I know little and suspect the following would help:
The spec file creates a user that is allowed to login
sqlgrey:x:509:509::/var/sqlgrey:/bin/bash
If possible, wouldn't it be better have the spec file create a user like
this:
sqlgrey:x:509:509::/var/sqlgrey:/sbin/nologin
?
Post by John Thomas
On Centos 5.0
rpmbuild -ta sqlgrey-1.7.5.tar.bz2
failed with
/etc/sqlgrey/discrimination.regexp
Adding /etc/sqlgrey/discrimination.regexp
to the %files section of the spec file solved the problem for me.
--
Sincerely,
John Thomas
Dan Mason
2007-08-04 00:57:05 UTC
Permalink
Post by John Thomas
The spec file creates a user that is allowed to login
sqlgrey:x:509:509::/var/sqlgrey:/bin/bash
If possible, wouldn't it be better have the spec file create a user like
sqlgrey:x:509:509::/var/sqlgrey:/sbin/nologin
?
Under FreeBSD 6 (the professional ISP OS) the shell is nologin.

sqlgrey:*:1002:1002:Postgrey Owner:/usr/local/share/sqlgrey:/sbin/nologin

Leave it to Linux to do things wrong. (flame on!)


Dan
Post by John Thomas
Post by John Thomas
On Centos 5.0
rpmbuild -ta sqlgrey-1.7.5.tar.bz2
failed with
/etc/sqlgrey/discrimination.regexp
Adding /etc/sqlgrey/discrimination.regexp
to the %files section of the spec file solved the problem for me.
--
Sincerely,
John Thomas
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Sqlgrey-users mailing list
https://lists.sourceforge.net/lists/listinfo/sqlgrey-users
--
Daniel R Mason = ***@danmason.net = Unix Systems Engineer;
"Fanatical Islam is not a religion. It is the lust for power and control
over other people. It is a destructive, evil force that will sweep away
all that is good and fine in this world." -- Orson Scott Card
John Thomas
2007-08-04 01:40:16 UTC
Permalink
Dan Mason said the following on 08/03/2007 05:57 PM:
<snip>
Post by Dan Mason
Under FreeBSD 6 (the professional ISP OS) the shell is nologin.
I am using Centos 5
Post by Dan Mason
Leave it to Linux to do things wrong. (flame on!)
It seems to a rookie that it is rather cool that two fairly different
OS's are able get fairly accurate installs, excepting a, possible,
security hole. Further, it seems this hole is pluggable.

I wish Mr. Linux would create a clean install for all Linux's (apt-get
yum, rpm, deb, etc), whatever works.

(flame off!)
--
Sincerely,
John Thomas
Chris Samuel
2007-08-04 09:47:01 UTC
Permalink
Leave it to Linux to do things wrong.  (flame on!)
s/Linux/people/
--
Chris Samuel : http://www.csamuel.org/ : Melbourne, VIC

This email may come with a PGP signature as a file. Do not panic.
For more info see: http://en.wikipedia.org/wiki/OpenPGP
Dan Faerch
2007-08-04 13:41:20 UTC
Permalink
Post by Dan Mason
Under FreeBSD 6 (the professional ISP OS) the shell is nologin.
sqlgrey:*:1002:1002:Postgrey Owner:/usr/local/share/sqlgrey:/sbin/nologin
Leave it to Linux to do things wrong. (flame on!)
*nix-religious ppl are funny ;)

Bleh. Well.. Many times linux does use /bin/true or /bin/false (which
practically does the same thing), but AFAIK makes little difference. The
shadowfile contains '!' as password, thus no valid password can be entered.
If a valid password COULD be entered, setting /sbin/nologin would do
little to save you, as
$ su <username> -s /bin/bash
would bypass whatever defined in passwd. So i dont see /sbin/nologin
hindering anything you cant do another way if you already have so much
access that you can define a password for the user.

So that said, sure i can make it put in /bin/true or whatever in the
.spec file, because it DOES look neater. :) Ill stick it into CVS, but
unless someone can convince me otherwise, i dont see it as a problem and
wont make a new release based on this alone.

- Dan

Loading...