Local users get to play root?
Todd Zullinger
tmz at pobox.com
Thu Nov 19 01:22:57 UTC 2009
[At the risk of letting this get lost in the shuffle of this
thread...]
Seth Vidal wrote:
> If there are pkgs which run daemons which are defaulting to ON when
> installed or on next reboot - then we should be auditing those pkgs.
> Last I checked we default to OFF and that should continue to be the
> case.
I happened to install func the other day on several Fedora and CentOS
boxes and was surprised that both services defaulted to on.
Trying this on clean Fedora 12 box I found that a combination of a
poor init script and the presence of redhat-lsb had prevented the
services from being configured as the packages intend them to be:
$ sudo yum install certmaster
...
$ sudo chkconfig --list certmaster
service certmaster supports chkconfig, but is not referenced in any runlevel (run 'chkconfig --add certmaster')
The problem is that %post checks first for the presence of
/usr/lib/lsb/install_initd, which redhat-lsb provides:
# for suse
if [ -x /usr/lib/lsb/install_initd ]; then
/usr/lib/lsb/install_initd /etc/init.d/funcd
# for red hat distros
elif [ -x /sbin/chkconfig ]; then
/sbin/chkconfig --add funcd
...
fi
Fortunately, neither funcd nor certmaster provide critical things
like, say, remote control of a system. ;)
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We are free not because we claim freedom, but because we PRACTICE it.
-- William Faulkner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20091118/c6e33507/attachment.sig>
More information about the fedora-devel-list
mailing list