Bug#771925: release-notes: Add a note of base-passwd hardening shell on backup user
Control: tags -1 patch
On 2014-12-03 15:51, Olivier Berger wrote:
> Package: release-notes
> Severity: normal
>
> Hi.
>
> AFAIU, since base-passwd 3.5.30, new in Jessie, update-passwd (triggered by dpkg-configuration of base-passwd) may update (silently ? depening on dpkg priority) the password of users like 'backup' to /usr/sbin/nologin (instead of /bin/sh for instance, previously).
>
> This is likely to break remote backups performed over SSH for instance (see #737735 for instance).
>
> While securing such accounts connectivity is great, I fear the release notes for Jessie lack a mention of this fact.
>
> Of course, backup user may not be the only one affected, but this is at least one case that may occur, hence worth documenting, IMHO.
>
> Thanks in advance.
>
> Best regards,
>
> [...]
Hi Olivier,
Thanks for reporting this issue.
I have made an initial draft (please see attached file). It could
certainly use a review and possibly a different approach / angle.
I am also wondering if you know how to "preseed" this, so an admin
with "high" (or above) debconf priority could have this handled
automatically on upgrades without changing debconf priority?
Thanks,
~Niels
diff --git a/en/issues.dbk b/en/issues.dbk
index ca473ee..8b57fc4 100644
--- a/en/issues.dbk
+++ b/en/issues.dbk
@@ -327,4 +327,80 @@ Pin-Priority: -1
the â??settingsâ?? icon.
</para>
</section>
+
+<section id="base-passwd-hardening">
+ <!-- Wheezy to Jessie -->
+ <title>Changes to default shell of system users provided by
+ <systemitem role="package">base-passwd</systemitem></title>
+ <para>
+ The upgrade of <systemitem role="package">base-passwd</systemitem>
+ package will reset the shell of system users that is provides to
+ the "nologin" shell. This includes the following users:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>daemon</para>
+ </listitem>
+ <listitem>
+ <para>bin</para>
+ </listitem>
+ <listitem>
+ <para>sys</para>
+ </listitem>
+ <listitem>
+ <para>games</para>
+ </listitem>
+ <listitem>
+ <para>man</para>
+ </listitem>
+ <listitem>
+ <para>lp</para>
+ </listitem>
+ <listitem>
+ <para>mail</para>
+ </listitem>
+ <listitem>
+ <para>news</para>
+ </listitem>
+ <listitem>
+ <para>uucp</para>
+ </listitem>
+ <listitem>
+ <para>proxy</para>
+ </listitem>
+ <listitem>
+ <para>www-data</para>
+ </listitem>
+ <listitem>
+ <para>backup</para>
+ </listitem>
+ <listitem>
+ <para>list</para>
+ </listitem>
+ <listitem>
+ <para>irc</para>
+ </listitem>
+ <listitem>
+ <para>gnats</para>
+ </listitem>
+ <listitem>
+ <para>nobody</para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ If your local setup requires that any of these users have a shell,
+ you should say no to migrating or migrate and then change the shell
+ of the necessary users. Notable examples includes local backups
+ done via the "backup" user with an "ssh-key" authentication.
+ </para>
+ <caution>
+ <para>
+ The migration will happen automatically if your debconf question
+ priorty is "high" or above.
+ </para>
+ </caution>
+ <para>
+ a<!-- Pre-seeding base-passwd/system/<user>/shell/<old>/<new> -->
+ </para>
+</section>
</chapter>
Reply to: