New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

make uid_min and gid_min of login.defs configurable #62

Merged
merged 6 commits into from Nov 28, 2014

Conversation

Projects
None yet
2 participants
@bkw
Contributor

bkw commented Nov 28, 2014

This PR lets UID_MIN and GID_MIN in login.defs come from attributes/default.rb, defaulting to same values as before. In order to achieve that, I fixed some minor issues along the way:

  • fix some rubocop issues
  • update to chefspec 4.1.1
  • bump sysctl dependency to 0.6.0 as described in the readme
  • use quotes for file mode of login.defs template
  • add a chefspec test for login_defs creation

Tell me if you want me to split these into smaller PRs.

@@ -109,14 +109,14 @@ PASS_MIN_DAYS <%= @password_min_age.to_s %>
PASS_WARN_AGE 7
# Min/max values for automatic uid selection in useradd
UID_MIN 1000
UID_MIN <%= @uid_min.to_s %>
UID_MAX 60000

This comment has been minimized.

@chris-rock

chris-rock Nov 28, 2014

Member

if we start to make min configurable, why not max?

@chris-rock

chris-rock Nov 28, 2014

Member

if we start to make min configurable, why not max?

This comment has been minimized.

@bkw

bkw Nov 28, 2014

Contributor

Lazyness as a virtue - I just did not need that for my usecase ;-)

The lower limit of 1000 is much more often a problem, for instance if you create your admins at uid 2300+ with fixed uids. The next automatic install might add a user with uid 2305, and when you add the next admin user, it will conflict on that system. I can't envision a similar thing happening because of wrong max settings.
But feel free to add them, if you do ;-)

@bkw

bkw Nov 28, 2014

Contributor

Lazyness as a virtue - I just did not need that for my usecase ;-)

The lower limit of 1000 is much more often a problem, for instance if you create your admins at uid 2300+ with fixed uids. The next automatic install might add a user with uid 2305, and when you add the next admin user, it will conflict on that system. I can't envision a similar thing happening because of wrong max settings.
But feel free to add them, if you do ;-)

@chris-rock

This comment has been minimized.

Show comment
Hide comment
@chris-rock

chris-rock Nov 28, 2014

Member

@bkw great work.

Member

chris-rock commented Nov 28, 2014

@bkw great work.

Show outdated Hide outdated metadata.rb Outdated
@bkw

This comment has been minimized.

Show comment
Hide comment
@bkw

bkw Nov 28, 2014

Contributor

force-pushed a new version without the sysctl-0.6.0 dependency bump.

Contributor

bkw commented Nov 28, 2014

force-pushed a new version without the sysctl-0.6.0 dependency bump.

@chris-rock

This comment has been minimized.

Show comment
Hide comment
@chris-rock

chris-rock Nov 28, 2014

Member

thanks @bkw

Member

chris-rock commented Nov 28, 2014

thanks @bkw

chris-rock added a commit that referenced this pull request Nov 28, 2014

Merge pull request #62 from bkw/uid_min+gid_min
make uid_min and gid_min of login.defs configurable

@chris-rock chris-rock merged commit a8250f3 into dev-sec:master Nov 28, 2014

1 check passed

continuous-integration/travis-ci The Travis CI build passed
Details

@bkw bkw deleted the bkw:uid_min+gid_min branch Nov 28, 2014

@dupuy dupuy referenced this pull request Mar 18, 2015

Closed

Adduser consistency #73

rollbrettler pushed a commit to rollbrettler/chef-os-hardening that referenced this pull request Sep 16, 2016

1.0.2
fixes dev-sec#62

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment