[Pkg-shadow-devel] Bug#554170: passwd: handle /var/backups/passwd.bak

Nicolas François nicolas.francois at centraliens.net
Fri Mar 19 20:53:59 UTC 2010


Hello,

On Tue, Nov 03, 2009 at 03:19:10PM +0000, Justin B Rye wrote:
> 
> The section in /etc/cron.daily/standard currently looks like this:
> ----------------------------------------------------------------------
> #!/bin/sh
> [...]
> bak=/var/backups
> [...]
> #
> # Backup key system files
> #
> 
> if cd $bak ; then
> 	cmp -s passwd.bak /etc/passwd || (cp -p /etc/passwd passwd.bak &&
> 					  chmod 600 passwd.bak)
> 	cmp -s group.bak /etc/group || (cp -p /etc/group group.bak &&
> 					chmod 600 group.bak)
>         if [ -f /etc/shadow ] ; then
> 	  cmp -s shadow.bak /etc/shadow || (cp -p /etc/shadow shadow.bak &&
>                                             chmod 600 shadow.bak)
> 	fi
>         if [ -f /etc/gshadow ] ; then
> 	  cmp -s gshadow.bak /etc/gshadow || (cp -p /etc/gshadow gshadow.bak &&
> 					      chmod 600 gshadow.bak)
> 	fi
> fi
> [...]
> Or preferably something more like this:
> ----------------------------------------------------------------------
> #!/bin/sh
> cd /var/backups || exit 0
> for	FILE in passwd group shadow gshadow; do
> 	test -f /etc/$FILE		|| continue
> 	cmp -s $FILE.bak /etc/$FILE	&& continue
> 	install --preserve-context -pm 0600 /etc/$FILE $FILE.bak
> done
> ----------------------------------------------------------------------

Is there a reason you changed cp + chmod to install --preserve-context ?

The --preserve-context causes warnings (which would be sent daily) on
non-SELinux machines.

Thanks in advance,
-- 
Nekral





More information about the Pkg-shadow-devel mailing list