From e028a3391aaec02fccff5fd65e92a24ade8587ad Mon Sep 17 00:00:00 2001 From: akdengi Date: Wed, 27 Nov 2013 09:20:17 +0400 Subject: [PATCH 1/4] add user to lp group for default --- Linux-PAM-1.1.4-group_add_users.patch | 2 +- pam.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Linux-PAM-1.1.4-group_add_users.patch b/Linux-PAM-1.1.4-group_add_users.patch index 307307c..cc65735 100644 --- a/Linux-PAM-1.1.4-group_add_users.patch +++ b/Linux-PAM-1.1.4-group_add_users.patch @@ -4,7 +4,7 @@ #xsh; tty* ;%admin;Al0000-2400;plugdev -+*;*;*;Al0000-2400;users ++*;*;*;Al0000-2400;users, lp + # # End of group.conf file diff --git a/pam.spec b/pam.spec index 7ea9dab..3d56395 100644 --- a/pam.spec +++ b/pam.spec @@ -19,7 +19,7 @@ Epoch: 1 Summary: A security tool which provides authentication for applications Name: pam Version: 1.1.4 -Release: 14 +Release: 15 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+, License: BSD and GPLv2+ From bca163d2995871692be0b2dd19430329cacae136 Mon Sep 17 00:00:00 2001 From: Alexander Kazancev Date: Wed, 4 Dec 2013 11:44:49 +0400 Subject: [PATCH 2/4] system-auth will not rewrite existing rule --- pam.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pam.spec b/pam.spec index 3d56395..989c4df 100644 --- a/pam.spec +++ b/pam.spec @@ -19,7 +19,7 @@ Epoch: 1 Summary: A security tool which provides authentication for applications Name: pam Version: 1.1.4 -Release: 15 +Release: 16 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+, License: BSD and GPLv2+ @@ -285,7 +285,7 @@ fi %dir /etc/pam.d %config(noreplace) /etc/environment %config /etc/pam.d/other -%attr(0644,root,shadow) %config /etc/pam.d/system-auth +%attr(0644,root,shadow) %config(noreplace) /etc/pam.d/system-auth %config /etc/pam.d/config-util %config /etc/pam.d/postlogin /sbin/mkhomedir_helper From 2738d731aba0445a18acff1d1c412d5c89fbd7d2 Mon Sep 17 00:00:00 2001 From: akdengi Date: Mon, 9 Dec 2013 21:14:15 +0400 Subject: [PATCH 3/4] add tmfiles.d config for create /run structure --- pam.spec | 7 ++++++- pamtmp.conf | 3 +++ 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 pamtmp.conf diff --git a/pam.spec b/pam.spec index 989c4df..3b16f0a 100644 --- a/pam.spec +++ b/pam.spec @@ -19,7 +19,7 @@ Epoch: 1 Summary: A security tool which provides authentication for applications Name: pam Version: 1.1.4 -Release: 16 +Release: 17 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+, License: BSD and GPLv2+ @@ -38,6 +38,7 @@ Source9: system-auth.5 Source10: config-util.5 Source11: postlogin.pamd Source12: postlogin.5 +Source13: pamtmp.conf #add missing documentation Source501: pam_tty_audit.8 Source502: README @@ -239,6 +240,10 @@ rm -f %{buildroot}/%{_lib}/*.la #Set suid bit for /sbin/unix_chkpwd (bug #3169) chmod u+s %{buildroot}/sbin/unix_chkpwd +# Install the file for autocreation of /var/run subdirectories on boot +mkdir -p %{buildroot}%{_prefix}/lib/tmfiles.d/ +install -m644 -D %{SOURCE13} %{buildroot}%{_prefix}/lib/tmpfiles.d/pam.conf + %find_lang Linux-PAM %check diff --git a/pamtmp.conf b/pamtmp.conf new file mode 100644 index 0000000..61f4c3e --- /dev/null +++ b/pamtmp.conf @@ -0,0 +1,3 @@ +d /var/run/console 0755 root root - +d /var/run/faillock 0755 root root - +d /var/run/sepermit 0755 root root - From af93c68aa40a8f8fcb269a1aac55fb32b8a23996 Mon Sep 17 00:00:00 2001 From: akdengi Date: Mon, 9 Dec 2013 21:35:06 +0400 Subject: [PATCH 4/4] add /usr/lib/tmpfiles.d/pam.conf --- pam.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/pam.spec b/pam.spec index 3b16f0a..a61368e 100644 --- a/pam.spec +++ b/pam.spec @@ -315,6 +315,7 @@ fi %dir /%{_lib}/security /%{_lib}/security/*.so /%{_lib}/security/pam_filter +/usr/lib/tmpfiles.d/pam.conf %dir /var/run/console %ghost %verify(not md5 size mtime) /var/log/tallylog %{_mandir}/man5/*