Merge pull request #160 from yast/huha-drop-scripts

Drop Obsolete login.defs Scripts USERADD_CMD, USERDEL_PRECMD, USERDEL_POSTCMD, GROUPADD_CMD
yast · Oct 2, 2024 · 3036ecc · 3036ecc
2 parents fc068b3 + 77fcca6
commit 3036ecc
Show file tree

Hide file tree

Showing 9 changed files with 12 additions and 56 deletions.
diff --git a/package/yast2-security.changes b/package/yast2-security.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Sep 30 14:36:10 UTC 2024 - Stefan Hundhammer <[email protected]>
+
+- Drop obsolete USERADD_CMD, USERDEL_PRECMD, USERDEL_POSTCMD in
+  /etc/login.defs.d/70-yast.defs (bsc#1231006)
+- 5.0.2
+
 -------------------------------------------------------------------
 Tue Aug  6 11:34:20 UTC 2024 - Knut Anderssen <[email protected]>
 

diff --git a/package/yast2-security.spec b/package/yast2-security.spec
@@ -17,7 +17,7 @@
 
 
 Name:           yast2-security
-Version:        5.0.1
+Version:        5.0.2
 Release:        0
 Group:          System/YaST
 License:        GPL-2.0-only

diff --git a/src/autoyast-rnc/security.rnc b/src/autoyast-rnc/security.rnc
@@ -65,9 +65,6 @@ sys_uid_min = element sys_uid_min { STRING }
 systohc = element systohc { STRING }
 uid_max = element uid_max { STRING }
 uid_min = element uid_min { STRING }
-useradd_cmd = element useradd_cmd { STRING }
-userdel_postcmd = element userdel_postcmd { STRING }
-userdel_precmd = element userdel_precmd { STRING }
 hibernate_system = element hibernate_system  { STRING }
 kernel.sysrq = element kernel.sysrq  { STRING }
 mandatory_services = element mandatory_services  { STRING }
@@ -125,9 +122,6 @@ y2_security =
   | systohc
   | uid_max
   | uid_min
-  | useradd_cmd
-  | userdel_postcmd
-  | userdel_precmd
   | hibernate_system
   | kernel.sysrq
   | mandatory_services

diff --git a/src/data/security/level1.yml b/src/data/security/level1.yml
@@ -29,9 +29,6 @@ SYS_UID_MAX:                      '499'
 SYS_UID_MIN:                      '100'
 UID_MAX:                          '60000'
 UID_MIN:                          '1000'
-USERADD_CMD:                      "/usr/sbin/useradd.local"
-USERDEL_POSTCMD:                  "/usr/sbin/userdel-post.local"
-USERDEL_PRECMD:                   "/usr/sbin/userdel-pre.local"
 kernel.sysrq:                     '0'
 net.ipv4.ip_forward:              false
 net.ipv4.tcp_syncookies:          true

diff --git a/src/data/security/level2.yml b/src/data/security/level2.yml
@@ -29,9 +29,6 @@ SYS_UID_MAX:                      '499'
 SYS_UID_MIN:                      '100'
 UID_MAX:                          '60000'
 UID_MIN:                          '1000'
-USERADD_CMD:                      "/usr/sbin/useradd.local"
-USERDEL_POSTCMD:                  "/usr/sbin/userdel-post.local"
-USERDEL_PRECMD:                   "/usr/sbin/userdel-pre.local"
 kernel.sysrq:                     '0'
 net.ipv4.ip_forward:              false
 net.ipv4.tcp_syncookies:          true

diff --git a/src/data/security/level3.yml b/src/data/security/level3.yml
@@ -29,9 +29,6 @@ SYS_UID_MAX:                      '499'
 SYS_UID_MIN:                      '100'
 UID_MAX:                          '60000'
 UID_MIN:                          '1000'
-USERADD_CMD:                      "/usr/sbin/useradd.local"
-USERDEL_POSTCMD:                  "/usr/sbin/userdel-post.local"
-USERDEL_PRECMD:                   "/usr/sbin/userdel-pre.local"
 kernel.sysrq:                     '0'
 net.ipv4.ip_forward:              false
 net.ipv4.tcp_syncookies:          true

diff --git a/src/modules/Security.rb b/src/modules/Security.rb
@@ -64,10 +64,7 @@ class SecurityClass < Module # rubocop:disable Metrics/ClassLength
       "SYS_UID_MAX",
       "SYS_UID_MIN",
       "SYS_GID_MAX",
-      "SYS_GID_MIN",
-      "USERADD_CMD",
-      "USERDEL_PRECMD",
-      "USERDEL_POSTCMD"
+      "SYS_GID_MIN"
     ].freeze
 
     attr_reader :display_manager
@@ -153,9 +150,6 @@ def init_settings
         "SYS_UID_MIN"                               => "100",
         "SYS_GID_MAX"                               => "499",
         "SYS_GID_MIN"                               => "100",
-        "USERADD_CMD"                               => "/usr/sbin/useradd.local",
-        "USERDEL_PRECMD"                            => "/usr/sbin/userdel-pre.local",
-        "USERDEL_POSTCMD"                           => "/usr/sbin/userdel-post.local",
         "PASSWD_REMEMBER_HISTORY"                   => "0",
         "SYSLOG_ON_NO_ERROR"                        => "yes",
         "DISPLAYMANAGER_ROOT_LOGIN_REMOTE"          => "no",

diff --git a/test/data/system/etc/login.defs b/test/data/system/etc/login.defs
@@ -163,7 +163,7 @@ LOGIN_TIMEOUT		60
 # any combination of letters "frwh" (full name, room number, work
 # phone, home phone).  If not defined, no changes are allowed.
 # For backward compatibility, "yes" = "rwh" and "no" = "frwh".
-# 
+#
 CHFN_RESTRICT		rwh
 
 #
@@ -217,8 +217,6 @@ DEFAULT_HOME	yes
 # It should remove any at/cron/print jobs etc. owned by
 # the user to be removed (passed as the first argument).
 #
-# See USERDEL_PRECMD/POSTCMD below.
-#
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
@@ -257,31 +255,3 @@ CREATE_HOME     no
 #CHARACTER_CLASS                [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?
 CHARACTER_CLASS         [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\?
 
-#
-# If defined, this command is run when adding a group.
-# It should rebuild any NIS database etc. to add the
-# new created group.
-#
-GROUPADD_CMD             /usr/sbin/groupadd.local
-
-#
-# If defined, this command is run when adding a user.
-# It should rebuild any NIS database etc. to add the
-# new created account.
-#
-USERADD_CMD             /usr/sbin/useradd.local
-
-#
-# If defined, this command is run before removing a user.
-# It should remove any at/cron/print jobs etc. owned by
-# the user to be removed.
-#
-USERDEL_PRECMD          /usr/sbin/userdel-pre.local
-
-#
-# If defined, this command is run after removing a user.
-# It should rebuild any NIS database etc. to remove the
-# account from it.
-#
-USERDEL_POSTCMD         /usr/sbin/userdel-post.local
-
diff --git a/test/security_test.rb b/test/security_test.rb
@@ -242,9 +242,9 @@ def enabled?
       end
 
       it "doesn't allow empty value to enter into model for an attribute" do
-        Security.Settings["USERADD_CMD"] = ""
+        Security.Settings["ENCRYPT_METHOD"] = ""
 
-        expect(shadow_config).not_to receive(:useradd_cmd=)
+        expect(shadow_config).not_to receive(:encrypt_method=)
         expect(shadow_config).to receive(:save)
 
         Security.write_shadow_config