More PATH fallout. Who decided this was a good idea?

Callum Lerwick seg at haxxed.com
Fri Dec 5 23:27:01 UTC 2008


So, I spent 10 minutes trying to figure out why "userm[tab]" only came
up with usermount. usermod had disappeared from my system! I eventually
figured out that it and all the other account tools have been changed to
mode 750, inaccessible to normal users.

$ ls -l /sbin/ /usr/sbin/|grep \\---
-rwxr-x--- 1 root root  97000 2008-11-05 14:58 audispd
-rwxr-x--- 1 root root 121056 2008-11-05 14:58 auditctl
-rwxr-x--- 1 root root 175416 2008-11-05 14:58 auditd
-rwxr-x--- 1 root root  98496 2008-11-05 14:58 autrace
-rwxr-x--- 1 root root 145472 2008-09-11 23:23 dhcp6c
-rwx------ 1 root root  29664 2008-09-23 09:12 unix_update
-rwxr-x--- 1 root root     23192 2008-11-11 07:59 acpid
-rwx------ 1 root root    648560 2008-11-13 17:23 build-locale-archive
-rwx------ 1 root root    564524 2008-11-13 17:41 glibc_post_upgrade.i686
-rwx------ 1 root root    615608 2008-11-13 17:23 glibc_post_upgrade.x86_64
-rwxr-x--- 1 root root     47704 2008-09-24 08:38 groupadd
-rwxr-x--- 1 root root     38832 2008-09-24 08:38 groupdel
-rwxr-x--- 1 root root     33888 2008-09-24 08:38 groupmems
-rwxr-x--- 1 root root     47608 2008-09-24 08:38 groupmod
-rwsr-x--- 1 root gnokii   10384 2008-10-06 02:50 mgnokiidev
-rwx------ 1 root root    615768 2008-08-28 01:11 redhat_lsb_trigger.x86_64
-rwx------ 1 root root      5512 2008-11-13 17:23 tzdata-update
-rwxr-x--- 1 root root     83864 2008-09-24 08:38 useradd
-rwxr-x--- 1 root root     56528 2008-09-24 08:38 userdel
-rwxr-x--- 1 root root     82296 2008-09-24 08:38 usermod

$ /usr/sbin/usermod
bash: /usr/sbin/usermod: Permission denied

$ sudo /usr/sbin/usermod
Usage: usermod [options] LOGIN

Options:
  -c, --comment COMMENT         new value of the GECOS field
  -d, --home HOME_DIR           new home directory for the user account
  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
  -f, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -g, --gid GROUP               force use GROUP as new primary group
  -G, --groups GROUPS           new list of supplementary GROUPS
  -a, --append                  append the user to the supplemental GROUPS
                                mentioned by the -G option without removing
                                him/her from other groups
  -h, --help                    display this help message and exit
  -l, --login NEW_LOGIN         new value of the login name
  -L, --lock                    lock the user account
  -m, --move-home               move contents of the home directory to the
                                new location (use only with -d)
  -o, --non-unique              allow using duplicate (non-unique) UID
  -p, --password PASSWORD       use encrypted password for the new password
  -s, --shell SHELL             new login shell for the user account
  -u, --uid UID                 new UID for the user account
  -U, --unlock                  unlock the user account
  -Z, --selinux-user            new selinux user mapping for the use


As a sudo user, I believe that running admin tools such as usermod as an
unprivileged user to get the help page is a perfectly valid use case,
and this change is a bad idea that should be reversed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20081205/cd073e49/attachment.sig>


More information about the fedora-devel-list mailing list