diff --git a/tests/kola/files/etc-passwd-group-permissions b/tests/kola/files/etc-passwd-group-permissions deleted file mode 100755 index 5eb98363a8..0000000000 --- a/tests/kola/files/etc-passwd-group-permissions +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -## kola: -## exclusive: false -## description: Verify /etc/passwd and /etc/group have correct permissions. - -set -xeuo pipefail - -# shellcheck disable=SC1091 -. "$KOLA_EXT_DATA/commonlib.sh" - -for f in '/etc/passwd' '/etc/group'; do - if [[ $(stat --format="%a %u %g" "${f}") != "644 0 0" ]]; then - ls -al "${f}" - fatal "found incorrect permissions for ${f}" - fi -done -ok "correct ownership and mode on /etc/passwd & /etc/group" diff --git a/tests/kola/files/etc-permissions b/tests/kola/files/etc-permissions new file mode 100755 index 0000000000..13430b047c --- /dev/null +++ b/tests/kola/files/etc-permissions @@ -0,0 +1,44 @@ +#!/bin/bash +## kola: +## exclusive: false +## description: Verify that /etc/(passwd|group|shadow|gshadow) have correct permissions. + +set -xeuo pipefail + +# shellcheck disable=SC1091 +. "$KOLA_EXT_DATA/commonlib.sh" + +incorrect="" +for f in '/etc/passwd' '/etc/group'; do + if [[ $(stat --format="%a %u %g" "${f}") != "644 0 0" ]]; then + incorrect+=" ${f}" + fi +done +for f in '/etc/passwd-' '/etc/group-'; do + if [[ -f "${f}" ]]; then + if [[ $(stat --format="%a %u %g" "${f}") != "644 0 0" ]]; then + incorrect+=" ${f}" + fi + fi +done +for f in '/etc/shadow' '/etc/gshadow'; do + if [[ $(stat --format="%a %u %g" "${f}") != "0 0 0" ]]; then + incorrect+=" ${f}" + fi +done +for f in '/etc/shadow-' '/etc/gshadow-'; do + if [[ -f "${f}" ]]; then + if [[ $(stat --format="%a %u %g" "${f}") != "0 0 0" ]]; then + incorrect+=" ${f}" + fi + fi +done + +if [[ -n "${incorrect}" ]]; then + # We explicitely want to split on whitespace here + # shellcheck disable=SC2086 + ls -al ${incorrect} + fatal "found incorrect permissions for: ${incorrect}" +fi + +ok "correct ownership and mode on /etc/passwd, /etc/group, /etc/shadow and /etc/gshadow"