Patchwork [1/2] mariadb: use /bin/false as the login shell

login
register
mail settings
Submitter Chong.Lu@windriver.com
Date April 14, 2014, 7:16 a.m.
Message ID <bbac515278f9507ebb997506af418a1b8fe02753.1397459226.git.Chong.Lu@windriver.com>
Download mbox | patch
Permalink /patch/70567/
State Accepted, archived
Headers show

Comments

Chong.Lu@windriver.com - April 14, 2014, 7:16 a.m.
Use /bin/false as the login shell, just like what Ubuntu does,
otherwise there might be secure issue.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
---
 meta-oe/recipes-support/mysql/mariadb_5.1.67.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Martin Jansa - April 20, 2014, 9:28 a.m.
On Mon, Apr 14, 2014 at 03:16:38PM +0800, Chong Lu wrote:
> Use /bin/false as the login shell, just like what Ubuntu does,
> otherwise there might be secure issue.

1/2 Merged, thanks

2/2 has question from koen, which needs to be resolved first

> 
> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
> Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
> ---
>  meta-oe/recipes-support/mysql/mariadb_5.1.67.inc | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/meta-oe/recipes-support/mysql/mariadb_5.1.67.inc b/meta-oe/recipes-support/mysql/mariadb_5.1.67.inc
> index 100b3a7..37a0f0c 100644
> --- a/meta-oe/recipes-support/mysql/mariadb_5.1.67.inc
> +++ b/meta-oe/recipes-support/mysql/mariadb_5.1.67.inc
> @@ -35,7 +35,7 @@ INITSCRIPT_NAME = "mysqld"
>  INITSCRIPT_PARAMS = "start 45 5 . stop 45 0 6 1 ."
>  
>  USERADD_PACKAGES = "${PN}-server"
> -USERADD_PARAM_${PN}-server = "--system --home-dir /var/mysql -g nogroup mysql"
> +USERADD_PARAM_${PN}-server = "--system --home-dir /var/mysql -g nogroup --shell /bin/false mysql"
>  
>  
>  export ac_cv_path_PS="/bin/ps"
> -- 
> 1.8.1.2
> 
> -- 
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Patch

diff --git a/meta-oe/recipes-support/mysql/mariadb_5.1.67.inc b/meta-oe/recipes-support/mysql/mariadb_5.1.67.inc
index 100b3a7..37a0f0c 100644
--- a/meta-oe/recipes-support/mysql/mariadb_5.1.67.inc
+++ b/meta-oe/recipes-support/mysql/mariadb_5.1.67.inc
@@ -35,7 +35,7 @@  INITSCRIPT_NAME = "mysqld"
 INITSCRIPT_PARAMS = "start 45 5 . stop 45 0 6 1 ."
 
 USERADD_PACKAGES = "${PN}-server"
-USERADD_PARAM_${PN}-server = "--system --home-dir /var/mysql -g nogroup mysql"
+USERADD_PARAM_${PN}-server = "--system --home-dir /var/mysql -g nogroup --shell /bin/false mysql"
 
 
 export ac_cv_path_PS="/bin/ps"