* [Buildroot] [PATCH 1/8] dbus: drop user/group from skeleton
@ 2014-10-27 18:18 Gustavo Zacarias
2014-10-27 18:18 ` [Buildroot] [PATCH 2/8] openssh: drop user " Gustavo Zacarias
` (7 more replies)
0 siblings, 8 replies; 11+ messages in thread
From: Gustavo Zacarias @ 2014-10-27 18:18 UTC (permalink / raw)
To: buildroot
It belongs to the package.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
package/dbus/dbus.mk | 4 ++++
system/skeleton/etc/group | 1 -
system/skeleton/etc/passwd | 1 -
3 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/package/dbus/dbus.mk b/package/dbus/dbus.mk
index 28d3dd8..0fa1a0f 100644
--- a/package/dbus/dbus.mk
+++ b/package/dbus/dbus.mk
@@ -14,6 +14,10 @@ define DBUS_PERMISSIONS
/usr/libexec/dbus-daemon-launch-helper f 4755 0 0 - - - - -
endef
+define DBUS_USERS
+dbus -1 dbus -1 * - - - D-Bus
+endef
+
DBUS_DEPENDENCIES = host-pkgconf expat
DBUS_CONF_ENV = ac_cv_have_abstract_sockets=yes
diff --git a/system/skeleton/etc/group b/system/skeleton/etc/group
index 98f712b..fa74ae2 100644
--- a/system/skeleton/etc/group
+++ b/system/skeleton/etc/group
@@ -20,7 +20,6 @@ utmp:x:43:
plugdev:x:46:
staff:x:50:
lock:x:54:
-dbus:x:81:
netdev:x:82:
ftp:x:83
nogroup:x:99:
diff --git a/system/skeleton/etc/passwd b/system/skeleton/etc/passwd
index d2e426b..761d92e 100644
--- a/system/skeleton/etc/passwd
+++ b/system/skeleton/etc/passwd
@@ -8,7 +8,6 @@ proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
operator:x:37:37:Operator:/var:/bin/sh
-dbus:x:81:81:dbus:/var/run/dbus:/bin/sh
ftp:x:83:83:ftp:/home/ftp:/bin/sh
nobody:x:99:99:nobody:/home:/bin/sh
sshd:x:103:99:Operator:/var:/bin/sh
--
2.0.4
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [Buildroot] [PATCH 2/8] openssh: drop user from skeleton
2014-10-27 18:18 [Buildroot] [PATCH 1/8] dbus: drop user/group from skeleton Gustavo Zacarias
@ 2014-10-27 18:18 ` Gustavo Zacarias
2014-10-27 18:18 ` [Buildroot] [PATCH 3/8] system/skeleton: drop backup user Gustavo Zacarias
` (6 subsequent siblings)
7 siblings, 0 replies; 11+ messages in thread
From: Gustavo Zacarias @ 2014-10-27 18:18 UTC (permalink / raw)
To: buildroot
The sshd privilege drop user doesn't belong in the skeleton, it's
exclusively used by OpenSSH.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
package/openssh/openssh.mk | 4 ++++
system/skeleton/etc/passwd | 1 -
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
index e2f2663..4b16c34 100644
--- a/package/openssh/openssh.mk
+++ b/package/openssh/openssh.mk
@@ -12,6 +12,10 @@ OPENSSH_CONF_ENV = LD="$(TARGET_CC)" LDFLAGS="$(TARGET_CFLAGS)"
OPENSSH_CONF_OPTS = --sysconfdir=/etc/ssh --disable-lastlog --disable-utmp \
--disable-utmpx --disable-wtmp --disable-wtmpx --disable-strip
+define OPENSSH_USERS
+sshd -1 sshd -1 * - - - SSH drop priv user
+endef
+
# uClibc toolchain for ARC doesn't support PIE at the moment
ifeq ($(BR2_arc),y)
OPENSSH_CONF_OPTS += --without-pie
diff --git a/system/skeleton/etc/passwd b/system/skeleton/etc/passwd
index 761d92e..46e239f 100644
--- a/system/skeleton/etc/passwd
+++ b/system/skeleton/etc/passwd
@@ -10,4 +10,3 @@ backup:x:34:34:backup:/var/backups:/bin/sh
operator:x:37:37:Operator:/var:/bin/sh
ftp:x:83:83:ftp:/home/ftp:/bin/sh
nobody:x:99:99:nobody:/home:/bin/sh
-sshd:x:103:99:Operator:/var:/bin/sh
--
2.0.4
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [Buildroot] [PATCH 3/8] system/skeleton: drop backup user
2014-10-27 18:18 [Buildroot] [PATCH 1/8] dbus: drop user/group from skeleton Gustavo Zacarias
2014-10-27 18:18 ` [Buildroot] [PATCH 2/8] openssh: drop user " Gustavo Zacarias
@ 2014-10-27 18:18 ` Gustavo Zacarias
2014-10-27 18:18 ` [Buildroot] [PATCH 4/8] system/skeleton: drop proxy user Gustavo Zacarias
` (5 subsequent siblings)
7 siblings, 0 replies; 11+ messages in thread
From: Gustavo Zacarias @ 2014-10-27 18:18 UTC (permalink / raw)
To: buildroot
AFAIK no package uses it and even if it did it would belong there.
And it's not a standard user either.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
system/skeleton/etc/passwd | 1 -
1 file changed, 1 deletion(-)
diff --git a/system/skeleton/etc/passwd b/system/skeleton/etc/passwd
index 46e239f..2e7e77a 100644
--- a/system/skeleton/etc/passwd
+++ b/system/skeleton/etc/passwd
@@ -6,7 +6,6 @@ sync:x:4:100:sync:/bin:/bin/sync
mail:x:8:8:mail:/var/spool/mail:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
-backup:x:34:34:backup:/var/backups:/bin/sh
operator:x:37:37:Operator:/var:/bin/sh
ftp:x:83:83:ftp:/home/ftp:/bin/sh
nobody:x:99:99:nobody:/home:/bin/sh
--
2.0.4
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [Buildroot] [PATCH 4/8] system/skeleton: drop proxy user
2014-10-27 18:18 [Buildroot] [PATCH 1/8] dbus: drop user/group from skeleton Gustavo Zacarias
2014-10-27 18:18 ` [Buildroot] [PATCH 2/8] openssh: drop user " Gustavo Zacarias
2014-10-27 18:18 ` [Buildroot] [PATCH 3/8] system/skeleton: drop backup user Gustavo Zacarias
@ 2014-10-27 18:18 ` Gustavo Zacarias
2014-10-27 18:18 ` [Buildroot] [PATCH 5/8] system/skeleton: drop valid shell from non-login users Gustavo Zacarias
` (4 subsequent siblings)
7 siblings, 0 replies; 11+ messages in thread
From: Gustavo Zacarias @ 2014-10-27 18:18 UTC (permalink / raw)
To: buildroot
AFAIK no package uses it and even if it did it would belong there.
And it's not a standard user either.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
system/skeleton/etc/passwd | 1 -
1 file changed, 1 deletion(-)
diff --git a/system/skeleton/etc/passwd b/system/skeleton/etc/passwd
index 2e7e77a..dc78581 100644
--- a/system/skeleton/etc/passwd
+++ b/system/skeleton/etc/passwd
@@ -4,7 +4,6 @@ bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:100:sync:/bin:/bin/sync
mail:x:8:8:mail:/var/spool/mail:/bin/sh
-proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
operator:x:37:37:Operator:/var:/bin/sh
ftp:x:83:83:ftp:/home/ftp:/bin/sh
--
2.0.4
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [Buildroot] [PATCH 5/8] system/skeleton: drop valid shell from non-login users
2014-10-27 18:18 [Buildroot] [PATCH 1/8] dbus: drop user/group from skeleton Gustavo Zacarias
` (2 preceding siblings ...)
2014-10-27 18:18 ` [Buildroot] [PATCH 4/8] system/skeleton: drop proxy user Gustavo Zacarias
@ 2014-10-27 18:18 ` Gustavo Zacarias
2014-10-27 18:18 ` [Buildroot] [PATCH 6/8] system/skeleton: drop adm user from shadow Gustavo Zacarias
` (3 subsequent siblings)
7 siblings, 0 replies; 11+ messages in thread
From: Gustavo Zacarias @ 2014-10-27 18:18 UTC (permalink / raw)
To: buildroot
Non-login users shouldn't have a valid shell so drop it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
system/skeleton/etc/passwd | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/system/skeleton/etc/passwd b/system/skeleton/etc/passwd
index dc78581..3a80341 100644
--- a/system/skeleton/etc/passwd
+++ b/system/skeleton/etc/passwd
@@ -1,10 +1,10 @@
root:x:0:0:root:/root:/bin/sh
-daemon:x:1:1:daemon:/usr/sbin:/bin/sh
-bin:x:2:2:bin:/bin:/bin/sh
-sys:x:3:3:sys:/dev:/bin/sh
+daemon:x:1:1:daemon:/usr/sbin:/bin/false
+bin:x:2:2:bin:/bin:/bin/false
+sys:x:3:3:sys:/dev:/bin/false
sync:x:4:100:sync:/bin:/bin/sync
-mail:x:8:8:mail:/var/spool/mail:/bin/sh
-www-data:x:33:33:www-data:/var/www:/bin/sh
-operator:x:37:37:Operator:/var:/bin/sh
-ftp:x:83:83:ftp:/home/ftp:/bin/sh
-nobody:x:99:99:nobody:/home:/bin/sh
+mail:x:8:8:mail:/var/spool/mail:/bin/false
+www-data:x:33:33:www-data:/var/www:/bin/false
+operator:x:37:37:Operator:/var:/bin/false
+ftp:x:83:83:ftp:/home/ftp:/bin/false
+nobody:x:99:99:nobody:/home:/bin/false
--
2.0.4
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [Buildroot] [PATCH 6/8] system/skeleton: drop adm user from shadow
2014-10-27 18:18 [Buildroot] [PATCH 1/8] dbus: drop user/group from skeleton Gustavo Zacarias
` (3 preceding siblings ...)
2014-10-27 18:18 ` [Buildroot] [PATCH 5/8] system/skeleton: drop valid shell from non-login users Gustavo Zacarias
@ 2014-10-27 18:18 ` Gustavo Zacarias
2014-10-27 18:19 ` [Buildroot] [PATCH 7/8] system/skeleton: drop shutdown " Gustavo Zacarias
` (2 subsequent siblings)
7 siblings, 0 replies; 11+ messages in thread
From: Gustavo Zacarias @ 2014-10-27 18:18 UTC (permalink / raw)
To: buildroot
It has no counterpart in passwd so it's basically a NOP.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
system/skeleton/etc/shadow | 1 -
1 file changed, 1 deletion(-)
diff --git a/system/skeleton/etc/shadow b/system/skeleton/etc/shadow
index d5734d7..69ab451 100644
--- a/system/skeleton/etc/shadow
+++ b/system/skeleton/etc/shadow
@@ -1,7 +1,6 @@
root::10933:0:99999:7:::
bin:*:10933:0:99999:7:::
daemon:*:10933:0:99999:7:::
-adm:*:10933:0:99999:7:::
lp:*:10933:0:99999:7:::
sync:*:10933:0:99999:7:::
shutdown:*:10933:0:99999:7:::
--
2.0.4
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [Buildroot] [PATCH 7/8] system/skeleton: drop shutdown user from shadow
2014-10-27 18:18 [Buildroot] [PATCH 1/8] dbus: drop user/group from skeleton Gustavo Zacarias
` (4 preceding siblings ...)
2014-10-27 18:18 ` [Buildroot] [PATCH 6/8] system/skeleton: drop adm user from shadow Gustavo Zacarias
@ 2014-10-27 18:19 ` Gustavo Zacarias
2014-10-27 18:19 ` [Buildroot] [PATCH 8/8] system/skeleton: drop lp " Gustavo Zacarias
2014-10-27 18:28 ` [Buildroot] [PATCH 1/8] dbus: drop user/group from skeleton Thomas Petazzoni
7 siblings, 0 replies; 11+ messages in thread
From: Gustavo Zacarias @ 2014-10-27 18:19 UTC (permalink / raw)
To: buildroot
It has no counterpart in passwd so it's basically a NOP.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
system/skeleton/etc/shadow | 1 -
1 file changed, 1 deletion(-)
diff --git a/system/skeleton/etc/shadow b/system/skeleton/etc/shadow
index 69ab451..3cd1649 100644
--- a/system/skeleton/etc/shadow
+++ b/system/skeleton/etc/shadow
@@ -3,7 +3,6 @@ bin:*:10933:0:99999:7:::
daemon:*:10933:0:99999:7:::
lp:*:10933:0:99999:7:::
sync:*:10933:0:99999:7:::
-shutdown:*:10933:0:99999:7:::
halt:*:10933:0:99999:7:::
uucp:*:10933:0:99999:7:::
operator:*:10933:0:99999:7:::
--
2.0.4
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [Buildroot] [PATCH 8/8] system/skeleton: drop lp user from shadow
2014-10-27 18:18 [Buildroot] [PATCH 1/8] dbus: drop user/group from skeleton Gustavo Zacarias
` (5 preceding siblings ...)
2014-10-27 18:19 ` [Buildroot] [PATCH 7/8] system/skeleton: drop shutdown " Gustavo Zacarias
@ 2014-10-27 18:19 ` Gustavo Zacarias
2014-10-27 19:08 ` Danomi Manchego
2014-10-27 18:28 ` [Buildroot] [PATCH 1/8] dbus: drop user/group from skeleton Thomas Petazzoni
7 siblings, 1 reply; 11+ messages in thread
From: Gustavo Zacarias @ 2014-10-27 18:19 UTC (permalink / raw)
To: buildroot
It has no counterpart in passwd so it's basically a NOP.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
system/skeleton/etc/shadow | 1 -
1 file changed, 1 deletion(-)
diff --git a/system/skeleton/etc/shadow b/system/skeleton/etc/shadow
index 3cd1649..972dd59 100644
--- a/system/skeleton/etc/shadow
+++ b/system/skeleton/etc/shadow
@@ -1,7 +1,6 @@
root::10933:0:99999:7:::
bin:*:10933:0:99999:7:::
daemon:*:10933:0:99999:7:::
-lp:*:10933:0:99999:7:::
sync:*:10933:0:99999:7:::
halt:*:10933:0:99999:7:::
uucp:*:10933:0:99999:7:::
--
2.0.4
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [Buildroot] [PATCH 1/8] dbus: drop user/group from skeleton
2014-10-27 18:18 [Buildroot] [PATCH 1/8] dbus: drop user/group from skeleton Gustavo Zacarias
` (6 preceding siblings ...)
2014-10-27 18:19 ` [Buildroot] [PATCH 8/8] system/skeleton: drop lp " Gustavo Zacarias
@ 2014-10-27 18:28 ` Thomas Petazzoni
7 siblings, 0 replies; 11+ messages in thread
From: Thomas Petazzoni @ 2014-10-27 18:28 UTC (permalink / raw)
To: buildroot
Dear Gustavo Zacarias,
On Mon, 27 Oct 2014 15:18:54 -0300, Gustavo Zacarias wrote:
> It belongs to the package.
>
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> ---
> package/dbus/dbus.mk | 4 ++++
> system/skeleton/etc/group | 1 -
> system/skeleton/etc/passwd | 1 -
> 3 files changed, 4 insertions(+), 2 deletions(-)
All 8 patches applied, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Buildroot] [PATCH 8/8] system/skeleton: drop lp user from shadow
2014-10-27 18:19 ` [Buildroot] [PATCH 8/8] system/skeleton: drop lp " Gustavo Zacarias
@ 2014-10-27 19:08 ` Danomi Manchego
2014-10-27 19:12 ` Gustavo Zacarias
0 siblings, 1 reply; 11+ messages in thread
From: Danomi Manchego @ 2014-10-27 19:08 UTC (permalink / raw)
To: buildroot
Gustavo,
On Mon, Oct 27, 2014 at 2:19 PM, Gustavo Zacarias
<gustavo@zacarias.com.ar> wrote:
> It has no counterpart in passwd so it's basically a NOP.
>
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> ---
> system/skeleton/etc/shadow | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/system/skeleton/etc/shadow b/system/skeleton/etc/shadow
> index 3cd1649..972dd59 100644
> --- a/system/skeleton/etc/shadow
> +++ b/system/skeleton/etc/shadow
> @@ -1,7 +1,6 @@
> root::10933:0:99999:7:::
> bin:*:10933:0:99999:7:::
> daemon:*:10933:0:99999:7:::
> -lp:*:10933:0:99999:7:::
> sync:*:10933:0:99999:7:::
> halt:*:10933:0:99999:7:::
> uucp:*:10933:0:99999:7:::
> --
> 2.0.4
I find that udev-182 logs a warning when the "lp" group isn't defined.
Is it a "don't care"?
Danomi -
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Buildroot] [PATCH 8/8] system/skeleton: drop lp user from shadow
2014-10-27 19:08 ` Danomi Manchego
@ 2014-10-27 19:12 ` Gustavo Zacarias
0 siblings, 0 replies; 11+ messages in thread
From: Gustavo Zacarias @ 2014-10-27 19:12 UTC (permalink / raw)
To: buildroot
On 10/27/2014 04:08 PM, Danomi Manchego wrote:
> I find that udev-182 logs a warning when the "lp" group isn't defined.
> Is it a "don't care"?
That's on system/skeleton/etc/group and i've kept it, this is just the
shadow copy of the (inexistant) lp user from /etc/passwd.
And udev rules don't concern with the lp user at all anyway.
But since you say udev-182 that means you're using an older BR version
aren't you?
Regards.
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2014-10-27 19:12 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-10-27 18:18 [Buildroot] [PATCH 1/8] dbus: drop user/group from skeleton Gustavo Zacarias
2014-10-27 18:18 ` [Buildroot] [PATCH 2/8] openssh: drop user " Gustavo Zacarias
2014-10-27 18:18 ` [Buildroot] [PATCH 3/8] system/skeleton: drop backup user Gustavo Zacarias
2014-10-27 18:18 ` [Buildroot] [PATCH 4/8] system/skeleton: drop proxy user Gustavo Zacarias
2014-10-27 18:18 ` [Buildroot] [PATCH 5/8] system/skeleton: drop valid shell from non-login users Gustavo Zacarias
2014-10-27 18:18 ` [Buildroot] [PATCH 6/8] system/skeleton: drop adm user from shadow Gustavo Zacarias
2014-10-27 18:19 ` [Buildroot] [PATCH 7/8] system/skeleton: drop shutdown " Gustavo Zacarias
2014-10-27 18:19 ` [Buildroot] [PATCH 8/8] system/skeleton: drop lp " Gustavo Zacarias
2014-10-27 19:08 ` Danomi Manchego
2014-10-27 19:12 ` Gustavo Zacarias
2014-10-27 18:28 ` [Buildroot] [PATCH 1/8] dbus: drop user/group from skeleton Thomas Petazzoni
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox