Re: useradd question

Monday, 20 May 2019

On 5/20/19 2:59 PM, Steve Grubb wrote:

...
 So...I went digging through the source code of useradd.c. In main is
this 
 comment:

         /*
          * Do the hard stuff:
          * - open the files,
          * - create the user entries,
          * - create the home directory,
          * - create user mail spool,
          * - flush nscd caches for passwd and group services,
          * - then close and update the files.
          */

 If you dig around, you'll see in the above process it calls usr_update(). 
 This is where the audit event is. The very next function call is close_files. 
 This is where it actually writes to the files where it would be visible to 
 auditd. So, it looks like auditing in shadow-utils is busted.

 I also see where its calling pam_tally2 which is deprecated for years. It 
 should be calling faillock. I'll chat with upstream maintainers.

 -Steve 

Thank you Steve, much appreciated! If they are able to provide a patch,
would you mind asking them to send me a link and I'll test it ASAP?

LCB

-- 
Lenny Bruzenak
MagitekLTD

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: useradd question