[arch-commits] Commit in filesystem/trunk (PKGBUILD filesystem.install shadow)

Pierre Schmitz pierre at archlinux.org
Sat Sep 18 22:49:37 UTC 2010 

    Date: Saturday, September 18, 2010 @ 18:49:36
  Author: pierre
Revision: 90912

Fix "Last password change" for system users

Having "Last password change" in /etc/shadow set to 0 will enforce a password chagne for that user on next "login".
This prevents the usage of "su" to run commands with such a user. Therefore settng is to the same value as the root user.

Modified:
  filesystem/trunk/PKGBUILD
  filesystem/trunk/filesystem.install
  filesystem/trunk/shadow

--------------------+
 PKGBUILD           |    4 ++--
 filesystem.install |    7 +++++++
 shadow             |   12 ++++++------
 3 files changed, 15 insertions(+), 8 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2010-09-18 21:28:08 UTC (rev 90911)
+++ PKGBUILD	2010-09-18 22:49:36 UTC (rev 90912)
@@ -3,7 +3,7 @@
 # Contributor: judd <jvinet at zeroflux.org>
 
 pkgname=filesystem
-pkgver=2010.07
+pkgver=2010.09
 pkgrel=1
 pkgdesc="Base filesystem"
 arch=('any')
@@ -28,7 +28,7 @@
          'f28150d4c0b22a017be51b9f7f9977ed'
          '6e488ffecc8ba142c0cf7e2d7aeb832e'
          '8a9042a2cedf6b6b47eb8973f14289cb'
-         '019e5c24f9befef395a28e7ef2e4e5b9'
+         '25d046c06d2400a878095f38f44e9c1f'
          '57c5cc9da249c3b06a70fd7efb8c34a5'
          'e5d8323a4dbee7a6d0d2a19cbf4b819f'
          '81b3cb42a6ddabc2ed2310511ee9c859'

Modified: filesystem.install
===================================================================
--- filesystem.install	2010-09-18 21:28:08 UTC (rev 90911)
+++ filesystem.install	2010-09-18 22:49:36 UTC (rev 90912)
@@ -64,4 +64,11 @@
 
   grep -q '^include /etc/ld.so.conf.d/\*.conf$' etc/ld.so.conf \
     || echo 'include /etc/ld.so.conf.d/*.conf' >> etc/ld.so.conf
+
+  # set "Last password change" > 0; otherwise su $user wont work
+  for user in bin daemon mail ftp http nobody; do
+    if LANG=C chage -l ${user} | grep -q 'password must be changed'; then
+      chage -d 99999 ${user}
+    fi
+  done
 }

Modified: shadow
===================================================================
--- shadow	2010-09-18 21:28:08 UTC (rev 90911)
+++ shadow	2010-09-18 22:49:36 UTC (rev 90912)
@@ -1,7 +1,7 @@
 root::99999::::::
-bin:x:0::::::
-daemon:x:0::::::
-mail:x:0::::::
-ftp:x:0::::::
-http:x:0::::::
-nobody:x:0::::::
+bin:x:99999::::::
+daemon:x:99999::::::
+mail:x:99999::::::
+ftp:x:99999::::::
+http:x:99999::::::
+nobody:x:99999::::::

More information about the arch-commits mailing list