[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#771925: release-notes: Add a note of base-passwd hardening shell on backup user

Control: tags -1 pending


I have committed the attached patch to the release-notes to document the
migration of the base-passwd system users to the nologin shell.  A
review is appreciated. :)


(Original bug submission text included below for the base-passwd
maintainers, whom I added to CC)

On 2014-12-10 06:32, Niels Thykier wrote:
> Control: tags -1 patch
> On 2014-12-03 15:51, Olivier Berger wrote:
>> Package: release-notes
>> Severity: normal
>> Hi.
>> AFAIU, since base-passwd 3.5.30, new in Jessie, update-passwd (triggered by dpkg-configuration of base-passwd) may update (silently ? depening on dpkg priority) the password of users like 'backup' to /usr/sbin/nologin (instead of /bin/sh for instance, previously).
>> This is likely to break remote backups performed over SSH for instance (see #737735 for instance).
>> While securing such accounts connectivity is great, I fear the release notes for Jessie lack a mention of this fact.
>> Of course, backup user may not be the only one affected, but this is at least one case that may occur, hence worth documenting, IMHO.
>> Thanks in advance.
>> Best regards,
>> [...]
> [...]

Attachment: 0001-en-issues-Document-the-base-password-shell-reset.patch
Description: application/mbox

Reply to: