[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#771925: marked as done (release-notes: Add a note of base-passwd hardening shell on backup user)

Your message dated Tue, 27 Jan 2015 21:42:50 +0100
with message-id <54C7F84A.3080504@thykier.net>
and subject line Re: Bug#771925: [release-notes] Add a note of base-passwd hardening shell on backup user - reviewed (corrected some typos and spaces)
has caused the Debian Bug report #771925,
regarding release-notes: Add a note of base-passwd hardening shell on backup user
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

771925: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771925
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: release-notes
Severity: normal


AFAIU, since base-passwd 3.5.30, new in Jessie, update-passwd (triggered by dpkg-configuration of base-passwd) may update (silently ? depening on dpkg priority) the password of users like 'backup' to /usr/sbin/nologin (instead of /bin/sh for instance, previously).

This is likely to break remote backups performed over SSH for instance (see #737735 for instance).

While securing such accounts connectivity is great, I fear the release notes for Jessie lack a mention of this fact.

Of course, backup user may not be the only one affected, but this is at least one case that may occur, hence worth documenting, IMHO.

Thanks in advance.

Best regards,

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message ---
On 2015-01-27 11:06, Niels Thykier wrote:
> On 2015-01-27 10:38, Stephan Beck wrote:
>> Package: release-notes
>> Hi Niels,
>> I reviewed the patch and corrected some typos and spaces.
>> Moreover, I'd prefer to use ..."corresponding" instead of "necessary" in the "If
>> your local setup requires..." sentence, merely a question of style, though.
>> Take it or leave it :-)
>> Attached you'll find the diff of the patch. I renamed it using 0002-...
>> I hope that's ok.
>> Regards
>> Stephan Beck
> Applied, thanks.
> ~Niels

Once again thanks for the review.  I will close this bug now - should
you find anything else, please let me know (or file a new bug).


--- End Message ---

Reply to: