From d2476e744609ddda0a6812a6b260670a87692507 Mon Sep 17 00:00:00 2001 From: Sehong Na Date: Sat, 31 May 2014 13:00:09 +0900 Subject: Initialize Tizen 2.3 --- COPYING | 4 + Makefile | 23 + aliases | 96 +++ bashrc | 83 +++ csh.cshrc | 72 ++ csh.login | 32 + exports | 0 filesystems | 8 + group | 156 +++++ host.conf | 2 + hosts | 2 + hosts.allow | 10 + hosts.deny | 13 + inputrc | 42 ++ motd | 0 ...01-Prevent-marking-shadow-at-passwd-group.patch | 26 + packaging/setup.changes | 84 +++ packaging/setup.spec | 123 ++++ passwd | 34 + printcap | 7 + profile | 15 + protocols | 148 ++++ securetty | 10 + services | 507 ++++++++++++++ serviceslint | 119 ++++ setup.spec | 760 +++++++++++++++++++++ shadowconvert.sh | 18 + shells | 3 + uidgid | 123 ++++ uidgidlint | 24 + 30 files changed, 2544 insertions(+) create mode 100644 COPYING create mode 100644 Makefile create mode 100644 aliases create mode 100644 bashrc create mode 100644 csh.cshrc create mode 100644 csh.login create mode 100644 exports create mode 100644 filesystems create mode 100644 group create mode 100644 host.conf create mode 100644 hosts create mode 100644 hosts.allow create mode 100644 hosts.deny create mode 100644 inputrc create mode 100644 motd create mode 100644 packaging/0001-Prevent-marking-shadow-at-passwd-group.patch create mode 100644 packaging/setup.changes create mode 100644 packaging/setup.spec create mode 100644 passwd create mode 100644 printcap create mode 100644 profile create mode 100644 protocols create mode 100644 securetty create mode 100644 services create mode 100755 serviceslint create mode 100644 setup.spec create mode 100755 shadowconvert.sh create mode 100644 shells create mode 100644 uidgid create mode 100755 uidgidlint diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..be82589 --- /dev/null +++ b/COPYING @@ -0,0 +1,4 @@ +Setup package is public domain. + +You are free to use, copy, distribute or modify included files +without restrictions. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..8b6861b --- /dev/null +++ b/Makefile @@ -0,0 +1,23 @@ +NAME=setup +VERSION := $(shell awk '/Version:/ { print $$2 }' $(NAME).spec) +TAG=$(NAME)-$(VERSION) + + +check: + @echo Sanity checking selected files.... + bash -n bashrc + bash -n profile + ./uidgidlint ./uidgid + ./serviceslint ./services + +tag-archive: check + @git tag -a -m "Tag as $(TAG)" -f $(TAG) + +create-archive: + @git-archive --format=tar --prefix=$(NAME)-$(VERSION)/ HEAD | bzip2 > $(NAME)-$(VERSION).tar.bz2 + @echo "The archive is at $(NAME)-$(VERSION).tar.bz2" + +archive: tag-archive create-archive + +clean: + rm -f *.bz2 diff --git a/aliases b/aliases new file mode 100644 index 0000000..1069e99 --- /dev/null +++ b/aliases @@ -0,0 +1,96 @@ +# +# Aliases in this file will NOT be expanded in the header from +# Mail, but WILL be visible over networks or from /bin/mail. +# +# >>>>>>>>>> The program "newaliases" must be run after +# >> NOTE >> this file is updated for any changes to +# >>>>>>>>>> show through to sendmail. +# + +# Basic system aliases -- these MUST be present. +mailer-daemon: postmaster +postmaster: root + +# General redirections for pseudo accounts. +bin: root +daemon: root +adm: root +lp: root +sync: root +shutdown: root +halt: root +mail: root +news: root +uucp: root +operator: root +games: root +gopher: root +ftp: root +nobody: root +radiusd: root +nut: root +dbus: root +vcsa: root +canna: root +wnn: root +rpm: root +nscd: root +pcap: root +apache: root +webalizer: root +dovecot: root +fax: root +quagga: root +radvd: root +pvm: root +amanda: root +privoxy: root +ident: root +named: root +xfs: root +gdm: root +mailnull: root +postgres: root +sshd: root +smmsp: root +postfix: root +netdump: root +ldap: root +squid: root +ntp: root +mysql: root +desktop: root +rpcuser: root +rpc: root +nfsnobody: root + +ingres: root +system: root +toor: root +manager: root +dumper: root +abuse: root + +newsadm: news +newsadmin: news +usenet: news +ftpadm: ftp +ftpadmin: ftp +ftp-adm: ftp +ftp-admin: ftp +www: webmaster +webmaster: root +noc: root +security: root +hostmaster: root +info: postmaster +marketing: postmaster +sales: postmaster +support: postmaster + + +# trap decode to catch security attacks +decode: root + +# Person who should get root's mail +#root: marc diff --git a/bashrc b/bashrc new file mode 100644 index 0000000..48635f3 --- /dev/null +++ b/bashrc @@ -0,0 +1,83 @@ +# /etc/bashrc + +# System wide functions and aliases +# Environment stuff goes in /etc/profile + +# It's NOT good idea to change this file unless you know what you +# are doing. Much better way is to create custom.sh shell script in +# /etc/profile.d/ to make custom changes to environment. This will +# prevent need for merging in future updates. + +# By default, we want this to get set. +# Even for non-interactive, non-login shells. +# Current threshold for system reserved uid/gids is 200 +# You could check uidgid reservation validity in +# /usr/share/doc/setup-*/uidgid file +if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then + umask 002 +else + umask 022 +fi + +# are we an interactive shell? +if [ "$PS1" ]; then + case $TERM in + xterm*) + if [ -e /etc/sysconfig/bash-prompt-xterm ]; then + PROMPT_COMMAND=/etc/sysconfig/bash-prompt-xterm + else + PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}"; echo -ne "\007"' + fi + ;; + screen) + if [ -e /etc/sysconfig/bash-prompt-screen ]; then + PROMPT_COMMAND=/etc/sysconfig/bash-prompt-screen + else + PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}"; echo -ne "\033\\"' + fi + ;; + *) + [ -e /etc/sysconfig/bash-prompt-default ] && PROMPT_COMMAND=/etc/sysconfig/bash-prompt-default + ;; + esac + # Turn on checkwinsize + shopt -s checkwinsize + [ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@\h \W]\\$ " + # You might want to have e.g. tty in prompt (e.g. more virtual machines) + # and console windows + # If you want to do so, just add e.g. + # if [ "$PS1" ]; then + # PS1="[\u@\h:\l \W]\\$ " + # fi + # to your custom modification shell script in /etc/profile.d/ directory +fi + +if ! shopt -q login_shell ; then # We're not a login shell + # Need to redefine pathmunge, it get's undefined at the end of /etc/profile + # Ok to use faster bashism here as /etc/bashrc is used only by bash + pathmunge () { + if [[ ! "$PATH" =~ "(^|:)$1(:|$)" ]];then + if [ "$2" = "after" ] ; then + PATH=$PATH:$1 + else + PATH=$1:$PATH + fi + fi + } + + # Only display echos from profile.d scripts if we are no login shell + # and interactive - otherwise just process them to set envvars + for i in /etc/profile.d/*.sh; do + if [ -r "$i" ]; then + if [ "$PS1" ]; then + . $i + else + . $i >/dev/null 2>&1 + fi + fi + done + + unset i + unset pathmunge +fi +# vim:ts=4:sw=4 diff --git a/csh.cshrc b/csh.cshrc new file mode 100644 index 0000000..af6843e --- /dev/null +++ b/csh.cshrc @@ -0,0 +1,72 @@ +# /etc/cshrc +# +# csh configuration for all shell invocations. + +# By default, we want this to get set. +# Even for non-interactive, non-login shells. +# Current threshold for system reserved uid/gids is 200 +# You could check uidgid reservation validity in +# /usr/share/doc/setup-*/uidgid file +if ($uid > 199 && "`id -gn`" == "`id -un`") then + umask 002 +else + umask 022 +endif + +if ($?prompt) then + if ($?tcsh) then + set promptchars='$#' + set prompt='[%n@%m %c]%# ' + # make completion work better by default + set autolist + else + set prompt=\[$user@`hostname -s`\]\$\ + endif +endif + +if ( $?tcsh ) then + bindkey "^[[3~" delete-char +endif + +bindkey "^R" i-search-back +set echo_style = both +set histdup = erase +set savehist = (1024 merge) + +if ($?prompt) then + if ($?TERM) then + switch($TERM) + case xterm*: + if ($?tcsh) then + set prompt='%{\033]0;%n@%m:%c\007%}[%n@%m %c]%# ' + endif + breaksw + case screen: + if ($?tcsh) then + set prompt='%{\033_%n@%m:%c\033\\%}[%n@%m %c]%# ' + endif + breaksw + default: + breaksw + endsw + endif +endif + +setenv MAIL "/var/spool/mail/$USER" + +# Check if we aren't a loginshell and do stuff if we aren't +if (! $?loginsh) then + if ( -d /etc/profile.d ) then + set nonomatch + foreach i ( /etc/profile.d/*.csh ) + if ( -r $i ) then + if ($?prompt) then + source $i + else + source $i >&/dev/null + endif + endif + end + unset i nonomatch + endif +endif diff --git a/csh.login b/csh.login new file mode 100644 index 0000000..a1d6df9 --- /dev/null +++ b/csh.login @@ -0,0 +1,32 @@ +# /etc/csh.login + +# System wide environment and startup programs, for login setup + +if ($?PATH) then + if ( "${path}" !~ */usr/X11R6/bin* ) then + setenv PATH "${PATH}:/usr/X11R6/bin" + endif +else + if ( $uid == 0 ) then + setenv PATH "/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin" + else + setenv PATH "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/X11R6/bin" + endif +endif + +setenv HOSTNAME `/bin/hostname` +set history=1000 + +if ( -d /etc/profile.d ) then + set nonomatch + foreach i ( /etc/profile.d/*.csh ) + if ( -r $i ) then + if ($?prompt) then + source $i + else + source $i >& /dev/null + endif + endif + end + unset i nonomatch +endif diff --git a/exports b/exports new file mode 100644 index 0000000..e69de29 diff --git a/filesystems b/filesystems new file mode 100644 index 0000000..e31fe90 --- /dev/null +++ b/filesystems @@ -0,0 +1,8 @@ +ext3 +ext2 +nodev proc +nodev devpts +iso9660 +vfat +hfs +hfsplus diff --git a/group b/group new file mode 100644 index 0000000..8cecdfc --- /dev/null +++ b/group @@ -0,0 +1,156 @@ +root:*:0: +daemon:*:1: +bin:*:2: +sys:*:3: +adm:*:4: +tty:*:5: +disk:*:6: +lp:*:7: +mail:*:8: +news:*:9: +uucp:*:10: +man:*:12: +proxy:*:13: +kmem:*:15: +dialout:*:20:app +fax:*:21: +voice:*:22: +cdrom:*:24: +floppy:*:25: +tape:*:26: +sudo:*:27: +audio:*:29:root,app,pulse,media +dip:*:30: +www-data:*:33: +backup:*:34: +operator:*:37: +list:*:38: +irc:*:39: +src:*:40: +gnats:*:41: +shadow:*:42: +utmp:*:43: +video:*:44:app,media +sasl:*:45: +plugdev:*:46: +staff:*:50: +games:*:60: +dbus:*:81: +users:*:100: +nogroup:*:65534: +app:x:5000: +developer:x:5100: +db_alarm:x:6001:app +db_browser:x:6002:app +db_calendar:x:6003:app +db_cc_list:x:6004:app +db_contact:x:6005:app +db_email_service:x:6006:app +db_java_runtime:x:6007:app +db_logs:x:6008:app +db_memo:x:6009:app +db_menu:x:6010:app +db_msg_service:x:6011:app +db_mtp:x:6012:app +db_spkmgr:x:6013:app +db_t9buffer:x:6014:app +db_worldclock:x:6015:app +db_sns:x:6016:app +db_filemanager:x:6017:app +db_daily_briefing:x:6018:app +db_always:x:6019:app +db_media_browser:x:6020:app +db_music:x:6021:app +db_drm:x:6022:app +db_lbs_landmark:x:6023:app +db_comm:x:6024:app +db_quickpanel:x:6025:app +db_wrt:x:6026:app +camera:x:6501:app,media +message:x:6502:app +myfiles:x:6503:app +admin:x:6504: +pulse:x:6507: +pulse-access:x:6505:root,app,media +pulse-rt:x:6506:root,app,media +app_logging:x:6509:app,media,developer +sys_logging:x:6527:app,media +hwcodec:x:6510:app,media +recording:x:6508:app,pulse,media +java:x:6511:app +radio:x:6512:app +installer:x:6513:app +nfc-manager:x:6517:app +use_cert:x:6524:app +usb_device:x:6525:app +keytone:x:6526:app +video_tel:x:6528:app +vconf_setting:x:6514:app +vconf_hib:x:6515:app +vconf_seven:x:6516:app +vconf_sndprof:x:6518:app +vconf_wifi:x:6519:app +vconf_bt:x:6520:app +vconf_callstate:x:6521:app +vconf_idlelock:x:6522:app +vconf_sync:x:6523:app +ss_drmkey:x:6601:app +ss_ssaccount:x:6602:app +ss_activesync:x:6603:app +ss_privatekey:x:6604:app +system_time:x:6701:app +system_bklight:x:6702:app +system_torch:x:6703:app +lbs:x:6801:app,system +alarm:x:6802:app +dnet_use:x:6803:app +dnet_setting:x:6804:app +tel_call:x:6805:app +tel_call_info:x:6806:app +tel_msg:x:6807:app +tel_msg_info:x:6808:app +tel_net:x:6809:app +tel_net_info:x:6810:app +tel_gprs:x:6811:app +tel_gprs_info:x:6812:app +tel_sim:x:6813:app +tel_sim_info:x:6814:app +tel_sap:x:6815:app +tel_ss:x:6816:app +tel_ss_info:x:6817:app +tel_sat:x:6826:app +task_mgr:x:6818:app +power_mgr:x:6819:app +permanent:x:6820:app +oom_adj:x:6821:app +soundpath:x:6822:app +asm:x:6823:app +message_sync:x:6824:app +message_lbs:x:6825:app +bt_use:x:6827:app,pulse,system +crash:x:6828:app,system,media,developer,pulse +system:x:1000: +bluetooth:x:1002: +graphics:x:1003: +input:x:1004:developer +log:x:1007: +compass:x:1008: +mount:x:1009: +wifi:x:1010: +adb:x:1011: +install:x:1012: +media:x:1013: +dhcp:x:1014: +sdcard_rw:x:1015: +vpn:x:1016: +keystore:x:1017: +shell:x:2000: +cache:x:2001: +diag:x:2002: +net_bt_admin:x:3001: +net_bt:x:3002: +inet:x:3003: +net_raw:x:3004: +net_admin:x:3005: +misc:x:9998: +systemd-journal:x:190: diff --git a/host.conf b/host.conf new file mode 100644 index 0000000..6cdfa5b --- /dev/null +++ b/host.conf @@ -0,0 +1,2 @@ +multi on +order hosts,bind diff --git a/hosts b/hosts new file mode 100644 index 0000000..6a3cfad --- /dev/null +++ b/hosts @@ -0,0 +1,2 @@ +127.0.0.1 localhost +127.0.0.1 aquila diff --git a/hosts.allow b/hosts.allow new file mode 100644 index 0000000..6d99ba3 --- /dev/null +++ b/hosts.allow @@ -0,0 +1,10 @@ +# +# hosts.allow This file contains access rules which are used to +# allow or deny connections to network services that +# either use the tcp_wrappers library or that have been +# started through a tcp_wrappers-enabled xinetd. +# +# See 'man 5 hosts_options' and 'man 5 hosts_access' +# for information on rule syntax. +# See 'man tcpd' for information on tcp_wrappers +# diff --git a/hosts.deny b/hosts.deny new file mode 100644 index 0000000..c9bde8e --- /dev/null +++ b/hosts.deny @@ -0,0 +1,13 @@ +# +# hosts.deny This file contains access rules which are used to +# deny connections to network services that either use +# the tcp_wrappers library or that have been +# started through a tcp_wrappers-enabled xinetd. +# +# The rules in this file can also be set up in +# /etc/hosts.allow with a 'deny' option instead. +# +# See 'man 5 hosts_options' and 'man 5 hosts_access' +# for information on rule syntax. +# See 'man tcpd' for information on tcp_wrappers +# diff --git a/inputrc b/inputrc new file mode 100644 index 0000000..883686c --- /dev/null +++ b/inputrc @@ -0,0 +1,42 @@ +# do not bell on tab-completion +#set bell-style none + +set meta-flag on +set input-meta on +set convert-meta off +set output-meta on + +# Completed names which are symbolic links to +# directories have a slash appended. +set mark-symlinked-directories on + +$if mode=emacs + +# for linux console and RH/Debian xterm +"\e[1~": beginning-of-line +"\e[4~": end-of-line +# commented out keymappings for pgup/pgdown to reach begin/end of history +#"\e[5~": beginning-of-history +#"\e[6~": end-of-history +"\e[5~": history-search-backward +"\e[6~": history-search-forward +"\e[3~": delete-char +"\e[2~": quoted-insert +"\e[5C": forward-word +"\e[5D": backward-word +"\e[1;5C": forward-word +"\e[1;5D": backward-word + +# for rxvt +"\e[8~": end-of-line +"\eOc": forward-word +"\eOd": backward-word + +# for non RH/Debian xterm, can't hurt for RH/DEbian xterm +"\eOH": beginning-of-line +"\eOF": end-of-line + +# for freebsd console +"\e[H": beginning-of-line +"\e[F": end-of-line +$endif diff --git a/motd b/motd new file mode 100644 index 0000000..e69de29 diff --git a/packaging/0001-Prevent-marking-shadow-at-passwd-group.patch b/packaging/0001-Prevent-marking-shadow-at-passwd-group.patch new file mode 100644 index 0000000..8416f03 --- /dev/null +++ b/packaging/0001-Prevent-marking-shadow-at-passwd-group.patch @@ -0,0 +1,26 @@ +From 069db1ebb786d75813112d08e9979940a799f7ca Mon Sep 17 00:00:00 2001 +From: "walyong.cho" +Date: Thu, 17 Jan 2013 12:09:37 +0900 +Subject: [PATCH] Prevent marking shadow at passwd, group. + +Change-Id: Ife51362b8e38fe5bedfef545a90bfc112177d29e +--- + shadowconvert.sh | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/shadowconvert.sh b/shadowconvert.sh +index 4be13b6..006046d 100755 +--- a/shadowconvert.sh ++++ b/shadowconvert.sh +@@ -11,8 +11,5 @@ sed -e "s/:.*/:*:`expr $(date +%s) / 86400`:0:99999:7:::/" passwd >shadow + #make prototype for /etc/gshadow + sed -e 's/:[0-9]\+:/::/g' group >gshadow + +-#mark passwd and group files entries shadowed +-sed -i -e 's/^\([^:]\+\):[^:]*:/\1:x:/' passwd group +- + echo Converted successfully. + exit 0 +-- +1.7.9.5 + diff --git a/packaging/setup.changes b/packaging/setup.changes new file mode 100644 index 0000000..f8d20c2 --- /dev/null +++ b/packaging/setup.changes @@ -0,0 +1,84 @@ +* Wed Jun 01 2011 Marko Saukko - 2.8.15 +- Add ttyO2 to setup-2.8.9-securetty.patch (used in N900 for example) + +* Sat May 21 2011 Anas Nashif - 2.8.15 +- Remove dependency on perl and tcsh + +* Wed Aug 18 2010 Jan-Simon Moeller - 2.8.15 +- Don't include cflags in this way into the build environment. Never ever! +- Preparing split of this into a file included in /etc/profile.d/ only on target + and keep it in sync with prjconf. prjconf is master! +- Better pull from prjconf and embed ! + +* Wed Aug 18 2010 Austin Zhang - 2.8.15 +- Don't omit frame pointer in building. + +* Mon Jul 19 2010 Marko Saukko - 2.8.15 +- Added ttyS2 to securetty. + +* Thu Jul 08 2010 Austin Zhang - 2.8.15 +- Added additional flags for relocation and RO PLT + +* Fri Mar 05 2010 Austin Zhang - 2.8.15 +- Remove loop optimization compiler options, which will lead to + some unexpected compiling failure. + +* Wed Feb 10 2010 Austin Zhang - 2.8.15 +- Rename version to 2.8.15 (source had been updated, but changelog not) + and remove obsoleted stuffs +- Correct cmov_fast to fast_cmov +- Add new compiler optimization flags + +* Sun Feb 7 2010 Arjan van de Ven - 2.8.9 +- some older configure scripts don't understand "atom" and as a result + don't think the CPU supports CMOV. Help these configure scripts by + setting the appropriate environment variable. + +* Tue Nov 24 2009 Arjan van de Ven - 2.8.9 +- use -mtune=atom for the CFLAGS env var + +* Mon Oct 05 2009 Anas Nashif - 2.8.9 +- Assign polkit user to polkit package + +* Tue Sep 15 2009 Anas Nashif - 2.8.9 +- Rebase to 2.8.9 + +* Thu Apr 30 2009 Arjan van de Ven 2.6.14 +- reinstate the CFLAGS environment variable + +* Tue Apr 28 2009 Anas Nashif 2.6.14 +- Do not set CFLAGS in profile + +* Wed Apr 01 2009 Arjan van de Ven 2.6.14 +- set the CFLAGS environment variable + +* Sat Feb 28 2009 Peter Zhu 2.6.14 +- add ttyS0 into securetty + +* Mon Feb 09 2009 Vivian Zhang 2.6.14 +- Set i18n stuff in /etc/profile + +* Wed Jan 14 2009 Inaky Perez-Gonzalez 2.6.14 +- Fix misformatted entry for audio group (add empty password field) + +* Tue Jan 13 2009 Inaky Perez-Gonzalez 2.6.14 +- Add an audio group as an stop gap sollution until policy kit is fixed + +* Fri Jan 09 2009 Inaky Perez-Gonzalez 2.6.14 +- Add missing patch to add groups needed by udev + +* Thu Jan 08 2009 Anas Nashif 2.6.14 +- Disable missing patch for now + +* Fri Dec 19 2008 Arjan van de Ven 2.6.14 +- Enable coredumps by default + +* Tue Dec 16 2008 Anas Nashif 2.6.14 +- Fixed rpmlint errors in Summary tag + +* Thu Dec 11 2008 Anas Nashif 2.6.14 +- Remove dependency on tcsh + +* Fri Dec 5 2008 Auke Kok +- add vcsa and floppy user/group ids + diff --git a/packaging/setup.spec b/packaging/setup.spec new file mode 100644 index 0000000..0a3703a --- /dev/null +++ b/packaging/setup.spec @@ -0,0 +1,123 @@ +Summary: A set of system configuration and setup files +Name: setup +Version: 0.1 +Release: 4 +License: Public Domain +Group: System/Base +URL: https://fedorahosted.org/setup/ +Source0: https://fedorahosted.org/releases/s/e/%{name}/%{name}-0.1.tar.bz2 +Patch101: 0001-Prevent-marking-shadow-at-passwd-group.patch +BuildArch: noarch +BuildRequires: bash +Requires: filesystem + +%description +The setup package contains a set of important system configuration and +setup files, such as passwd, group, and profile. + +%prep +%setup -q +%patch101 -p1 +./shadowconvert.sh + +%build + +%check +# Run any sanity checks. +#make check + +%install +rm -rf %{buildroot} +mkdir -p %{buildroot}/etc/profile.d +cp -ar * %{buildroot}/etc +rm -f %{buildroot}/etc/uidgid +rm -f %{buildroot}/etc/COPYING +mkdir -p %{buildroot}/var/log +touch %{buildroot}/var/log/lastlog +touch %{buildroot}/etc/environment +chmod 0644 %{buildroot}/etc/environment +chmod 0400 %{buildroot}/etc/{shadow,gshadow} +chmod 0644 %{buildroot}/var/log/lastlog +touch %{buildroot}/etc/fstab +touch %{buildroot}/etc/mtab + +# remove unpackaged files from the buildroot +rm -f %{buildroot}/etc/Makefile +rm -f %{buildroot}/etc/serviceslint +rm -f %{buildroot}/etc/uidgidlint +rm -f %{buildroot}/etc/shadowconvert.sh +rm -f %{buildroot}/etc/setup.spec +rm -rf %{buildroot}/etc/packaging + +mkdir -p %{buildroot}/opt/etc +#mv %{buildroot}/etc/{passwd,group,shadow,gshadow} %{buildroot}/opt/etc +%if "%{_repository}" == "wearable" +mv %{buildroot}/etc/{passwd,group} %{buildroot}/opt/etc +%endif +pushd %{buildroot}/etc +rm -f passwd shadow group gshadow +%if "%{_repository}" == "wearable" +ln -s ../opt/etc/passwd +#ln -s ../opt/etc/shadow +ln -s ../opt/etc/group +#ln -s ../opt/etc/gshadow +%endif +popd +mkdir -p $RPM_BUILD_ROOT%{_datadir}/license +cat COPYING > $RPM_BUILD_ROOT%{_datadir}/license/setup + +%clean +rm -rf %{buildroot} + +#throw away useless and dangerous update stuff until rpm will be able to +#handle it ( http://rpm.org/ticket/6 ) +#%post -p +#for i, name in ipairs({"passwd", "shadow", "group", "gshadow"}) do +# os.remove("/etc/"..name..".rpmnew") +#end + +%files +%defattr(-,root,root,-) +%{_datadir}/license/setup +%if "%{_repository}" == "wearable" +/etc/passwd +/etc/group +%endif +#/etc/shadow +#/etc/gshadow +%if "%{_repository}" == "wearable" +%config(noreplace) /opt/etc/passwd +%config(noreplace) /opt/etc/group +%endif +#%config(noreplace,missingok) /opt/etc/shadow +#%config(noreplace,missingok) /opt/etc/gshadow + +%if "%{_repository}" == "wearable" +%verify(not md5 size mtime) %config(noreplace) /opt/etc/passwd +%verify(not md5 size mtime) %config(noreplace) /opt/etc/group +%endif +#%verify(not md5 size mtime) %attr(0000,root,root) %config(noreplace,missingok) /opt/etc/shadow +#%verify(not md5 size mtime) %attr(0000,root,root) %config(noreplace,missingok) /opt/etc/gshadow +%verify(not md5 size mtime) %config(noreplace) /etc/services +%verify(not md5 size mtime) %config(noreplace) /etc/exports +%config(noreplace) /etc/aliases +%config(noreplace) /etc/environment +%config(noreplace) /etc/filesystems +%config(noreplace) /etc/host.conf +%verify(not md5 size mtime) %config(noreplace) /etc/hosts +%verify(not md5 size mtime) %config(noreplace) /etc/hosts.allow +%verify(not md5 size mtime) %config(noreplace) /etc/hosts.deny +%verify(not md5 size mtime) %config(noreplace) /etc/motd +%config(noreplace) /etc/printcap +%verify(not md5 size mtime) %config(noreplace) /etc/inputrc +%config(noreplace) /etc/bashrc +%config(noreplace) /etc/profile +%verify(not md5 size mtime) %config(noreplace) /etc/protocols +%attr(0600,root,root) %config(noreplace,missingok) /etc/securetty +%config(noreplace) /etc/csh.login +%config(noreplace) /etc/csh.cshrc +%dir /etc/profile.d +%config(noreplace) %verify(not md5 size mtime) /etc/shells +%ghost %attr(0644,root,root) %verify(not md5 size mtime) /var/log/lastlog +%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/fstab +%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/mtab diff --git a/passwd b/passwd new file mode 100644 index 0000000..0b8b262 --- /dev/null +++ b/passwd @@ -0,0 +1,34 @@ +root::0:0:root:/root:/bin/sh +bin:*:1:1:bin:/bin: +daemon:*:2:2:daemon:/sbin: +ftp:*:14:50:FTP User:/home/ftp: +dbus:*:81:81:D-Bus:/var/run/dbus:/bin/false +system:x:1000:1000:system:/home/system:/bin/sh +bluetooth:x:1002:1002:bluetooth:/home/bluetooth:/bin/false +graphics:x:1003:1003:graphics:/home/graphics:/bin/false +input:x:1004:1004:input:/home/input:/bin/false +log:x:1007:1007:log:/home/log:/bin/false +compass:x:1008:1008:compass:/home/compass:/bin/false +mount:x:1009:1009:mount:/home/mount:/bin/false +wifi:x:1010:1010:wifi:/home/wifi:/bin/false +adb:x:1011:1011:adb:/home/adb:/bin/false +install:x:1012:1012:install:/home/install:/bin/false +media:x:1013:1013:media:/home/media:/bin/false +dhcp:x:1014:1014:dhcp:/home/dhcp:/bin/false +sdcard_rw:x:1015:1015:sdcard_rw:/home/sdcard_rw:/bin/false +vpn:x:1016:1016:vpn:/home/vpn:/bin/false +keystore:x:1017:1017:keystore:/home/keystore:/bin/false +shell:x:2000:2000:shell:/home/shell:/bin/false +cache:x:2001:2001:cache:/home/cache:/bin/false +diag:x:2002:2002:diag:/home/diag:/bin/false +net_bt_admin:x:3001:3001:net_bt_admin:/home/net_bt_admin:/bin/false +net_bt:x:3002:3002:net_bt:/home/net_bt:/bin/false +inet:x:3003:3003:inet:/home/inet:/bin/false +net_raw:x:3004:3004:net_raw:/home/net_raw:/bin/false +net_admin:x:3005:3005:net_admin:/home/net_admin:/bin/false +app:x:5000:5000:In-house application:/home/app:/bin/sh +developer::5100:5100:developer with SDK:/home/developer:/bin/false +pulse:x:6507:6507:PulseAudio daemon:/var/run/pulse:/bin/false +misc:x:9998:9998:misc:/home/misc:/bin/false +sshd:x:112:65534::/var/run/sshd:/usr/sbin/nologin + diff --git a/printcap b/printcap new file mode 100644 index 0000000..9f88f82 --- /dev/null +++ b/printcap @@ -0,0 +1,7 @@ +# /etc/printcap +# +# Please don't edit this file directly unless you know what you are doing! +# This file will be automatically generated by cupsd(8) from the +# /etc/cups/printers.conf file. All changes to this file +# will be lost. + diff --git a/profile b/profile new file mode 100644 index 0000000..d81777b --- /dev/null +++ b/profile @@ -0,0 +1,15 @@ +# /etc/profile + +# System wide environment and startup programs +# Functions and aliases go in /etc/bashrc + +HOSTNAME=`/bin/hostname` +HISTSIZE=1000 + +export PATH HOSTNAME HISTSIZE + +for i in /etc/profile.d/*.sh ; do + if [ -r "$i" ]; then + . $i + fi +done diff --git a/protocols b/protocols new file mode 100644 index 0000000..295fb8a --- /dev/null +++ b/protocols @@ -0,0 +1,148 @@ +# /etc/protocols: +# $Id: protocols,v 1.1.1.1 2007/05/21 11:30:37 khoonk Exp $ +# +# Internet (IP) protocols +# +# from: @(#)protocols 5.1 (Berkeley) 4/17/89 +# +# Updated for NetBSD based on RFC 1340, Assigned Numbers (July 1992). +# +# See also http://www.isi.edu/in-notes/iana/assignments/protocol-numbers + +ip 0 IP # internet protocol, pseudo protocol number +#hopopt 0 HOPOPT # hop-by-hop options for ipv6 +icmp 1 ICMP # internet control message protocol +igmp 2 IGMP # internet group management protocol +ggp 3 GGP # gateway-gateway protocol +ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP'') +st 5 ST # ST datagram mode +tcp 6 TCP # transmission control protocol +cbt 7 CBT # CBT, Tony Ballardie +egp 8 EGP # exterior gateway protocol +igp 9 IGP # any private interior gateway (Cisco: for IGRP) +bbn-rcc 10 BBN-RCC-MON # BBN RCC Monitoring +nvp 11 NVP-II # Network Voice Protocol +pup 12 PUP # PARC universal packet protocol +argus 13 ARGUS # ARGUS +emcon 14 EMCON # EMCON +xnet 15 XNET # Cross Net Debugger +chaos 16 CHAOS # Chaos +udp 17 UDP # user datagram protocol +mux 18 MUX # Multiplexing protocol +dcn 19 DCN-MEAS # DCN Measurement Subsystems +hmp 20 HMP # host monitoring protocol +prm 21 PRM # packet radio measurement protocol +xns-idp 22 XNS-IDP # Xerox NS IDP +trunk-1 23 TRUNK-1 # Trunk-1 +trunk-2 24 TRUNK-2 # Trunk-2 +leaf-1 25 LEAF-1 # Leaf-1 +leaf-2 26 LEAF-2 # Leaf-2 +rdp 27 RDP # "reliable datagram" protocol +irtp 28 IRTP # Internet Reliable Transaction Protocol +iso-tp4 29 ISO-TP4 # ISO Transport Protocol Class 4 +netblt 30 NETBLT # Bulk Data Transfer Protocol +mfe-nsp 31 MFE-NSP # MFE Network Services Protocol +merit-inp 32 MERIT-INP # MERIT Internodal Protocol +sep 33 SEP # Sequential Exchange Protocol +3pc 34 3PC # Third Party Connect Protocol +idpr 35 IDPR # Inter-Domain Policy Routing Protocol +xtp 36 XTP # Xpress Tranfer Protocol +ddp 37 DDP # Datagram Delivery Protocol +idpr-cmtp 38 IDPR-CMTP # IDPR Control Message Transport Proto +tp++ 39 TP++ # TP++ Transport Protocol +il 40 IL # IL Transport Protocol +ipv6 41 IPv6 # IPv6 +sdrp 42 SDRP # Source Demand Routing Protocol +ipv6-route 43 IPv6-Route # Routing Header for IPv6 +ipv6-frag 44 IPv6-Frag # Fragment Header for IPv6 +idrp 45 IDRP # Inter-Domain Routing Protocol +rsvp 46 RSVP # Resource ReSerVation Protocol +gre 47 GRE # Generic Routing Encapsulation +mhrp 48 MHRP # Mobile Host Routing Protocol +bna 49 BNA # BNA +ipv6-crypt 50 IPv6-Crypt # Encryption Header for IPv6 +ipv6-auth 51 IPv6-Auth # Authentication Header for IPv6 +i-nlsp 52 I-NLSP # Integrated Net Layer Security TUBA +swipe 53 SWIPE # IP with Encryption +narp 54 NARP # NBMA Address Resolution Protocol +mobile 55 MOBILE # IP Mobility +tlsp 56 TLSP # Transport Layer Security Protocol +skip 57 SKIP # SKIP +ipv6-icmp 58 IPv6-ICMP # ICMP for IPv6 +ipv6-nonxt 59 IPv6-NoNxt # No Next Header for IPv6 +ipv6-opts 60 IPv6-Opts # Destination Options for IPv6 +# 61 # any host internal protocol +cftp 62 CFTP # CFTP +# 63 # any local network +sat-expak 64 SAT-EXPAK # SATNET and Backroom EXPAK +kryptolan 65 KRYPTOLAN # Kryptolan +rvd 66 RVD # MIT Remote Virtual Disk Protocol +ippc 67 IPPC # Internet Pluribus Packet Core +# 68 # any distributed file system +sat-mon 69 SAT-MON # SATNET Monitoring +visa 70 VISA # VISA Protocol +ipcv 71 IPCV # Internet Packet Core Utility +cpnx 72 CPNX # Computer Protocol Network Executive +cphb 73 CPHB # Computer Protocol Heart Beat +wsn 74 WSN # Wang Span Network +pvp 75 PVP # Packet Video Protocol +br-sat-mon 76 BR-SAT-MON # Backroom SATNET Monitoring +sun-nd 77 SUN-ND # SUN ND PROTOCOL-Temporary +wb-mon 78 WB-MON # WIDEBAND Monitoring +wb-expak 79 WB-EXPAK # WIDEBAND EXPAK +iso-ip 80 ISO-IP # ISO Internet Protocol +vmtp 81 VMTP # Versatile Message Transport +secure-vmtp 82 SECURE-VMTP # SECURE-VMTP +vines 83 VINES # VINES +ttp 84 TTP # TTP +nsfnet-igp 85 NSFNET-IGP # NSFNET-IGP +dgp 86 DGP # Dissimilar Gateway Protocol +tcf 87 TCF # TCF +eigrp 88 EIGRP # Enhanced Interior Routing Protocol (Cisco) +ospf 89 OSPFIGP # Open Shortest Path First IGP +sprite-rpc 90 Sprite-RPC # Sprite RPC Protocol +larp 91 LARP # Locus Address Resolution Protocol +mtp 92 MTP # Multicast Transport Protocol +ax.25 93 AX.25 # AX.25 Frames +ipip 94 IPIP # Yet Another IP encapsulation +micp 95 MICP # Mobile Internetworking Control Pro. +scc-sp 96 SCC-SP # Semaphore Communications Sec. Pro. +etherip 97 ETHERIP # Ethernet-within-IP Encapsulation +encap 98 ENCAP # Yet Another IP encapsulation +# 99 # any private encryption scheme +gmtp 100 GMTP # GMTP +ifmp 101 IFMP # Ipsilon Flow Management Protocol +pnni 102 PNNI # PNNI over IP +pim 103 PIM # Protocol Independent Multicast +aris 104 ARIS # ARIS +scps 105 SCPS # SCPS +qnx 106 QNX # QNX +a/n 107 A/N # Active Networks +ipcomp 108 IPComp # IP Payload Compression Protocol +snp 109 SNP # Sitara Networks Protocol +compaq-peer 110 Compaq-Peer # Compaq Peer Protocol +ipx-in-ip 111 IPX-in-IP # IPX in IP +vrrp 112 VRRP # Virtual Router Redundancy Protocol +pgm 113 PGM # PGM Reliable Transport Protocol +# 114 # any 0-hop protocol +l2tp 115 L2TP # Layer Two Tunneling Protocol +ddx 116 DDX # D-II Data Exchange +iatp 117 IATP # Interactive Agent Transfer Protocol +st 118 ST # Schedule Transfer +srp 119 SRP # SpectraLink Radio Protocol +uti 120 UTI # UTI +smp 121 SMP # Simple Message Protocol +sm 122 SM # SM +ptp 123 PTP # Performance Transparency Protocol +isis 124 ISIS # ISIS over IPv4 +fire 125 FIRE +crtp 126 CRTP # Combat Radio Transport Protocol +crdup 127 CRUDP # Combat Radio User Datagram +sscopmce 128 SSCOPMCE +iplt 129 IPLT +sps 130 SPS # Secure Packet Shield +pipe 131 PIPE # Private IP Encapsulation within IP +sctp 132 SCTP # Stream Control Transmission Protocol +fc 133 FC # Fibre Channel +# 134-254 # Unassigned +# 255 # Reserved diff --git a/securetty b/securetty new file mode 100644 index 0000000..36c6555 --- /dev/null +++ b/securetty @@ -0,0 +1,10 @@ +console +ttyS0 +ttyS1 +pts/0 +pts/1 +pts/2 +pts/3 +ttygs0 +ttySAC2 +ttyO3 diff --git a/services b/services new file mode 100644 index 0000000..25d229a --- /dev/null +++ b/services @@ -0,0 +1,507 @@ +# /etc/services: +# $Id: services,v 1.1.1.1 2007/05/21 11:30:37 khoonk Exp $ +# +# Network services, Internet style +# +# Note that it is presently the policy of IANA to assign a single well-known +# port number for both TCP and UDP; hence, most entries here have two entries +# even if the protocol doesn't support UDP operations. +# Updated from RFC 1700, ``Assigned Numbers'' (October 1994). Not all ports +# are included, only the more common ones. +# +# The latest IANA port assignments can be gotten from +# http://www.isi.edu/in-notes/iana/assignments/port-numbers +# The Well Known Ports are those from 0 through 1023. +# The Registered Ports are those from 1024 through 49151 +# The Dynamic and/or Private Ports are those from 49152 through 65535 +# +# Each line describes one service, and is of the form: +# +# service-name port/protocol [aliases ...] [# comment] + +tcpmux 1/tcp # TCP port service multiplexer +tcpmux 1/udp # TCP port service multiplexer +rje 5/tcp # Remote Job Entry +rje 5/udp # Remote Job Entry +echo 7/tcp +echo 7/udp +discard 9/tcp sink null +discard 9/udp sink null +systat 11/tcp users +systat 11/udp users +daytime 13/tcp +daytime 13/udp +qotd 17/tcp quote +qotd 17/udp quote +msp 18/tcp # message send protocol +msp 18/udp # message send protocol +chargen 19/tcp ttytst source +chargen 19/udp ttytst source +ftp-data 20/tcp +ftp-data 20/udp +ftp 21/tcp +ftp 21/udp +ssh 22/tcp # SSH Remote Login Protocol +ssh 22/udp # SSH Remote Login Protocol +telnet 23/tcp +telnet 23/udp +# 24 - private mail system +smtp 25/tcp mail +smtp 25/udp mail +time 37/tcp timserver +time 37/udp timserver +rlp 39/tcp resource # resource location +rlp 39/udp resource # resource location +nameserver 42/tcp name # IEN 116 +nameserver 42/udp name # IEN 116 +nicname 43/tcp whois +nicname 43/udp whois +tacacs 49/tcp # Login Host Protocol (TACACS) +tacacs 49/udp # Login Host Protocol (TACACS) +re-mail-ck 50/tcp # Remote Mail Checking Protocol +re-mail-ck 50/udp # Remote Mail Checking Protocol +domain 53/tcp nameserver # name-domain server +domain 53/udp nameserver +whois++ 63/tcp +whois++ 63/udp +bootps 67/tcp # BOOTP server +bootps 67/udp +bootpc 68/tcp # BOOTP client +bootpc 68/udp +tftp 69/tcp +tftp 69/udp +gopher 70/tcp # Internet Gopher +gopher 70/udp +netrjs-1 71/tcp # Remote Job Service +netrjs-1 71/udp # Remote Job Service +netrjs-2 72/tcp # Remote Job Service +netrjs-2 72/udp # Remote Job Service +netrjs-3 73/tcp # Remote Job Service +netrjs-3 73/udp # Remote Job Service +netrjs-4 74/tcp # Remote Job Service +netrjs-4 74/udp # Remote Job Service +finger 79/tcp +finger 79/udp +http 80/tcp www www-http # WorldWideWeb HTTP +http 80/udp www www-http # HyperText Transfer Protocol +kerberos 88/tcp kerberos5 krb5 # Kerberos v5 +kerberos 88/udp kerberos5 krb5 # Kerberos v5 +supdup 95/tcp +supdup 95/udp +hostname 101/tcp hostnames # usually from sri-nic +hostname 101/udp hostnames # usually from sri-nic +iso-tsap 102/tcp tsap # part of ISODE. +csnet-ns 105/tcp cso # also used by CSO name server +csnet-ns 105/udp cso +# unfortunately the poppassd (Eudora) uses a port which has already +# been assigned to a different service. We list the poppassd as an +# alias here. This should work for programs asking for this service. +# (due to a bug in inetd the 3com-tsmux line is disabled) +#3com-tsmux 106/tcp poppassd +#3com-tsmux 106/udp poppassd +rtelnet 107/tcp # Remote Telnet +rtelnet 107/udp +pop2 109/tcp pop-2 postoffice # POP version 2 +pop2 109/udp pop-2 +pop3 110/tcp pop-3 # POP version 3 +pop3 110/udp pop-3 +sunrpc 111/tcp portmapper # RPC 4.0 portmapper TCP +sunrpc 111/udp portmapper # RPC 4.0 portmapper UDP +auth 113/tcp authentication tap ident +auth 113/udp authentication tap ident +sftp 115/tcp +sftp 115/udp +uucp-path 117/tcp +uucp-path 117/udp +nntp 119/tcp readnews untp # USENET News Transfer Protocol +nntp 119/udp readnews untp # USENET News Transfer Protocol +ntp 123/tcp +ntp 123/udp # Network Time Protocol +netbios-ns 137/tcp # NETBIOS Name Service +netbios-ns 137/udp +netbios-dgm 138/tcp # NETBIOS Datagram Service +netbios-dgm 138/udp +netbios-ssn 139/tcp # NETBIOS session service +netbios-ssn 139/udp +imap 143/tcp imap2 # Interim Mail Access Proto v2 +imap 143/udp imap2 +snmp 161/tcp # Simple Net Mgmt Proto +snmp 161/udp # Simple Net Mgmt Proto +snmptrap 162/udp snmp-trap # Traps for SNMP +cmip-man 163/tcp # ISO mgmt over IP (CMOT) +cmip-man 163/udp +cmip-agent 164/tcp +smip-agent 164/udp +mailq 174/tcp # MAILQ +mailq 174/udp # MAILQ +xdmcp 177/tcp # X Display Mgr. Control Proto +xdmcp 177/udp +nextstep 178/tcp NeXTStep NextStep # NeXTStep window +nextstep 178/udp NeXTStep NextStep # server +bgp 179/tcp # Border Gateway Proto. +bgp 179/udp +prospero 191/tcp # Cliff Neuman's Prospero +prospero 191/udp +irc 194/tcp # Internet Relay Chat +irc 194/udp +smux 199/tcp # SNMP Unix Multiplexer +smux 199/udp +at-rtmp 201/tcp # AppleTalk routing +at-rtmp 201/udp +at-nbp 202/tcp # AppleTalk name binding +at-nbp 202/udp +at-echo 204/tcp # AppleTalk echo +at-echo 204/udp +at-zis 206/tcp # AppleTalk zone information +at-zis 206/udp +qmtp 209/tcp # Quick Mail Transfer Protocol +qmtp 209/udp # Quick Mail Transfer Protocol +z39.50 210/tcp z3950 wais # NISO Z39.50 database +z39.50 210/udp z3950 wais +ipx 213/tcp # IPX +ipx 213/udp +imap3 220/tcp # Interactive Mail Access +imap3 220/udp # Protocol v3 +link 245/tcp ttylink +link 245/ucp ttylink +rsvp_tunnel 363/tcp +rsvp_tunnel 363/udp +rpc2portmap 369/tcp +rpc2portmap 369/udp # Coda portmapper +codaauth2 370/tcp +codaauth2 370/udp # Coda authentication server +ulistproc 372/tcp ulistserv # UNIX Listserv +ulistproc 372/udp ulistserv +ldap 389/tcp +ldap 389/udp +svrloc 427/tcp # Server Location Protocl +svrloc 427/udp # Server Location Protocl +mobileip-agent 434/tcp +mobileip-agent 434/udp +mobilip-mn 435/tcp +mobilip-mn 435/udp +https 443/tcp # MCom +https 443/udp # MCom +snpp 444/tcp # Simple Network Paging Protocol +snpp 444/udp # Simple Network Paging Protocol +microsoft-ds 445/tcp +microsoft-ds 445/udp +kpasswd 464/tcp kpwd # Kerberos "passwd" +kpasswd 464/udp kpwd # Kerberos "passwd" +photuris 468/tcp +photuris 468/udp +saft 487/tcp # Simple Asynchronous File Transfer +saft 487/udp # Simple Asynchronous File Transfer +gss-http 488/tcp +gss-http 488/udp +pim-rp-disc 496/tcp +pim-rp-disc 496/udp +isakmp 500/tcp +isakmp 500/udp +gdomap 538/tcp # GNUstep distributed objects +gdomap 538/udp # GNUstep distributed objects +iiop 535/tcp +iiop 535/udp +dhcpv6-client 546/tcp +dhcpv6-client 546/udp +dhcpv6-server 547/tcp +dhcpv6-server 547/udp +rtsp 554/tcp # Real Time Stream Control Protocol +rtsp 554/udp # Real Time Stream Control Protocol +nntps 563/tcp # NNTP over SSL +nntps 563/udp # NNTP over SSL +whoami 565/tcp +whoami 565/udp +submission 587/tcp msa # mail message submission +submission 587/udp msa # mail message submission +npmp-local 610/tcp dqs313_qmaster # npmp-local / DQS +npmp-local 610/udp dqs313_qmaster # npmp-local / DQS +npmp-gui 611/tcp dqs313_execd # npmp-gui / DQS +npmp-gui 611/udp dqs313_execd # npmp-gui / DQS +hmmp-ind 612/tcp dqs313_intercell # HMMP Indication / DQS +hmmp-ind 612/udp dqs313_intercell # HMMP Indication / DQS +ldaps 636/tcp # LDAP over SSL +ldaps 636/udp # LDAP over SSL +acap 674/tcp +acap 674/udp +ha-cluster 694/tcp # Heartbeat HA-cluster +ha-cluster 694/udp # Heartbeat HA-cluster +kerberos-adm 749/tcp # Kerberos `kadmin' (v5) +kerberos-iv 750/udp kerberos4 kerberos-sec kdc +kerberos-iv 750/tcp kerberos4 kerberos-sec kdc +webster 765/tcp # Network dictionary +webster 765/udp +phonebook 767/tcp # Network phonebook +phonebook 767/udp +rsync 873/tcp # rsync +rsync 873/udp # rsync +telnets 992/tcp +telnets 992/udp +imaps 993/tcp # IMAP over SSL +imaps 993/udp # IMAP over SSL +ircs 994/tcp +ircs 994/udp +pop3s 995/tcp # POP-3 over SSL +pop3s 995/udp # POP-3 over SSL + +# +# UNIX specific services +# +exec 512/tcp +biff 512/udp comsat +login 513/tcp +who 513/udp whod +shell 514/tcp cmd # no passwords used +syslog 55514/udp +printer 515/tcp spooler # line printer spooler +printer 515/udp spooler # line printer spooler +talk 517/udp +ntalk 518/udp +utime 519/tcp unixtime +utime 519/udp unixtime +efs 520/tcp +router 520/udp route routed # RIP +ripng 521/tcp +ripng 521/udp +timed 525/tcp timeserver +timed 525/udp timeserver +tempo 526/tcp newdate +courier 530/tcp rpc +conference 531/tcp chat +netnews 532/tcp readnews +netwall 533/udp # -for emergency broadcasts +uucp 540/tcp uucpd # uucp daemon +klogin 543/tcp # Kerberized `rlogin' (v5) +kshell 544/tcp krcmd # Kerberized `rsh' (v5) +afpovertcp 548/tcp # AFP over TCP +afpovertcp 548/udp # AFP over TCP +remotefs 556/tcp rfs_server rfs # Brunhoff remote filesystem + +# +# From ``PORT NUMBERS'': +# +#>REGISTERED PORT NUMBERS +#> +#>The Registered Ports are listed by the IANA and on most systems can be +#>used by ordinary user processes or programs executed by ordinary +#>users. +#> +#>Ports are used in the TCP [RFC793] to name the ends of logical +#>connections which carry long term conversations. For the purpose of +#>providing services to unknown callers, a service contact port is +#>defined. This list specifies the port used by the server process as +#>its contact port. +#> +#>The IANA registers uses of these ports as a convienence to the +#>community. +# +socks 1080/tcp # socks proxy server +socks 1080/udp # socks proxy server +skkserv 1178/tcp # SKK Japanese input method +h323hostcallsc 1300/tcp # H323 Host Call Secure +h323hostcallsc 1300/udp # H323 Host Call Secure +ms-sql-s 1433/tcp # Microsoft-SQL-Server +ms-sql-s 1433/udp # Microsoft-SQL-Server +ms-sql-m 1434/tcp # Microsoft-SQL-Monitor +ms-sql-m 1434/udp # Microsoft-SQL-Monitor +ica 1494/tcp # Citrix ICA Client +ica 1494/udp # Citrix ICA Client +wins 1512/tcp # Microsoft's Windows Internet Name Service +wins 1512/udp # Microsoft's Windows Internet Name Service +ingreslock 1524/tcp +ingreslock 1524/udp +prospero-np 1525/tcp # Prospero non-privileged +prospero-np 1525/udp +support 1529/tcp prmsd gnatsd # cygnus bug tracker +datametrics 1645/tcp old-radius # datametrics / old radius entry +datametrics 1645/udp old-radius # datametrics / old radius entry +sa-msg-port 1646/tcp old-radacct # sa-msg-port / old radacct entry +sa-msg-port 1646/udp old-radacct # sa-msg-port / old radacct entry +kermit 1649/tcp +kermit 1649/udp +l2tp 1701/tcp +l2tp 1701/udp +h323gatedisc 1718/tcp +h323gatedisc 1718/udp +h323gatestat 1719/tcp +h323gatestat 1719/udp +h323hostcall 1720/tcp +h323hostcall 1720/udp +tftp-mcast 1758/tcp +tftp-mcast 1758/udp +hello 1788/tcp +hello 1788/udp +radius 1812/tcp # Radius +radius 1812/udp # Radius +radius-acct 1813/tcp radacct # Radius Accounting +radius-acct 1813/udp radacct # Radius Accounting +mtp 1911/tcp # +mtp 1911/udp # +hsrp 1985/tcp # Cisco Hot Standby Router Protocol +hsrp 1985/udp # Cisco Hot Standby Router Protocol +licensedaemon 1986/tcp +licensedaemon 1986/udp +gdp-port 1997/tcp # Cisco Gateway Discovery Protocol +gdp-port 1997/udp # Cisco Gateway Discovery Protocol +nfs 2049/tcp nfsd +nfs 2049/udp nfsd +zephyr-srv 2102/tcp # Zephyr server +zephyr-srv 2102/udp # Zephyr server +zephyr-clt 2103/tcp # Zephyr serv-hm connection +zephyr-clt 2103/udp # Zephyr serv-hm connection +zephyr-hm 2104/tcp # Zephyr hostmanager +zephyr-hm 2104/udp # Zephyr hostmanager +cvspserver 2401/tcp # CVS client/server operations +cvspserver 2401/udp # CVS client/server operations +venus 2430/tcp # codacon port +venus 2430/udp # Venus callback/wbc interface +venus-se 2431/tcp # tcp side effects +venus-se 2431/udp # udp sftp side effect +codasrv 2432/tcp # not used +codasrv 2432/udp # server port +codasrv-se 2433/tcp # tcp side effects +codasrv-se 2433/udp # udp sftp side effectQ +corbaloc 2809/tcp # CORBA naming service locator +icpv2 3130/tcp # Internet Cache Protocol V2 (Squid) +icpv2 3130/udp # Internet Cache Protocol V2 (Squid) +mysql 3306/tcp # MySQL +mysql 3306/udp # MySQL +trnsprntproxy 3346/tcp # Trnsprnt Proxy +trnsprntproxy 3346/udp # Trnsprnt Proxy +prsvp 3455/tcp # RSVP Port +prsvp 3455/udp # RSVP Port +rwhois 4321/tcp # Remote Who Is +rwhois 4321/udp # Remote Who Is +krb524 4444/tcp # Kerberos 5 to 4 ticket xlator +krb524 4444/udp # Kerberos 5 to 4 ticket xlator +rfe 5002/tcp # Radio Free Ethernet +rfe 5002/udp # Actually uses UDP only +cfengine 5308/tcp # CFengine +cfengine 5308/udp # CFengine +cvsup 5999/tcp CVSup # CVSup file transfer/John Polstra/FreeBSD +cvsup 5999/udp CVSup # CVSup file transfer/John Polstra/FreeBSD +x11 6000/tcp X # the X Window System +afs3-fileserver 7000/tcp # file server itself +afs3-fileserver 7000/udp # file server itself +afs3-callback 7001/tcp # callbacks to cache managers +afs3-callback 7001/udp # callbacks to cache managers +afs3-prserver 7002/tcp # users & groups database +afs3-prserver 7002/udp # users & groups database +afs3-vlserver 7003/tcp # volume location database +afs3-vlserver 7003/udp # volume location database +afs3-kaserver 7004/tcp # AFS/Kerberos authentication service +afs3-kaserver 7004/udp # AFS/Kerberos authentication service +afs3-volser 7005/tcp # volume managment server +afs3-volser 7005/udp # volume managment server +afs3-errors 7006/tcp # error interpretation service +afs3-errors 7006/udp # error interpretation service +afs3-bos 7007/tcp # basic overseer process +afs3-bos 7007/udp # basic overseer process +afs3-update 7008/tcp # server-to-server updater +afs3-update 7008/udp # server-to-server updater +afs3-rmtsys 7009/tcp # remote cache manager service +afs3-rmtsys 7009/udp # remote cache manager service +sd 9876/tcp # Session Director +sd 9876/udp # Session Director +amanda 10080/tcp # amanda backup services +amanda 10080/udp # amanda backup services +h323callsigalt 11720/tcp # H323 Call Signal Alternate +h323callsigalt 11720/udp # H323 Call Signal Alternate +quake 26000/tcp +quake 26000/udp +wnn6-ds 26208/tcp +wnn6-ds 26208/udp +traceroute 33434/tcp +traceroute 33434/udp + +# +# Datagram Delivery Protocol services +# +rtmp 1/ddp # Routing Table Maintenance Protocol +nbp 2/ddp # Name Binding Protocol +echo 4/ddp # AppleTalk Echo Protocol +zip 6/ddp # Zone Information Protocol +# +# Kerberos (Project Athena/MIT) services +# Note that these are for Kerberos v4, and are unofficial. Sites running +# v4 should uncomment these and comment out the v5 entries above. +# +kerberos_master 751/udp # Kerberos authentication +kerberos_master 751/tcp # Kerberos authentication +passwd_server 752/udp # Kerberos passwd server +krbupdate 760/tcp kreg # Kerberos registration +kpop 1109/tcp # Pop with Kerberos +knetd 2053/tcp # Kerberos de-multiplexor +# +# Kerberos 5 services, also not registered with IANA +# +krb5_prop 754/tcp # Kerberos slave propagation +eklogin 2105/tcp # Kerberos encrypted rlogin +# +# Unofficial but necessary (for NetBSD) services +# +supfilesrv 871/tcp # SUP server +supfiledbg 1127/tcp # SUP debugging +# +# Unofficial but useful/necessary other services +# +netstat 15/tcp # (was once asssigned, no more) +fsp 21/udp fspd # +linuxconf 98/tcp # Linuxconf HTML access +poppassd 106/tcp # Eudora +poppassd 106/udp # Eudora +smtps 465/tcp # SMTP over SSL (TLS) +gii 616/tcp # gated interactive interface +omirr 808/tcp omirrd # online mirror +omirr 808/udp omirrd # online mirror +swat 901/tcp # Samba Web Administration Tool +rmtcfg 1236/tcp # Gracilis Packeten remote config server +xtel 1313/tcp # french minitel +support 1529/tcp # GNATS +cfinger 2003/tcp # GNU Finger +ninstall 2150/tcp # ninstall service +ninstall 2150/udp # ninstall service +afbackup 2988/tcp # Afbackup system +afbackup 2988/udp # Afbackup system +squid 3128/tcp # squid web proxy +postgres 5432/tcp # POSTGRES +postgres 5432/udp # POSTGRES +fax 4557/tcp # FAX transmission service (old) +hylafax 4559/tcp # HylaFAX client-server protocol (new) +sgi-dgl 5232/tcp # SGI Distributed Graphics +sgi-dgl 5232/udp +noclog 5354/tcp # noclogd with TCP (nocol) +noclog 5354/udp # noclogd with UDP (nocol) +hostmon 5355/tcp # hostmon uses TCP (nocol) +hostmon 5355/udp # hostmon uses TCP (nocol) +ircd 6667/tcp # Internet Relay Chat +ircd 6667/udp # Internet Relay Chat +xfs 7100/tcp # X font server +tircproxy 7666/tcp # Tircproxy +http-alt 8008/tcp +http-alt 8008/udp +webcache 8080/tcp # WWW caching service +webcache 8080/udp # WWW caching service +tproxy 8081/tcp # Transparent Proxy +tproxy 8081/udp # Transparent Proxy +jetdirect 9100/tcp laserjet hplj # +mandelspawn 9359/udp mandelbrot # network mandelbrot +kamanda 10081/tcp # amanda backup services (Kerberos) +kamanda 10081/udp # amanda backup services (Kerberos) +amandaidx 10082/tcp # amanda backup services +amidxtape 10083/tcp # amanda backup services +isdnlog 20011/tcp # isdn logging system +isdnlog 20011/udp # isdn logging system +vboxd 20012/tcp # voice box system +vboxd 20012/udp # voice box system +binkp 24554/tcp # Binkley +binkp 24554/udp # Binkley +asp 27374/tcp # Address Search Protocol +asp 27374/udp # Address Search Protocol +tfido 60177/tcp # Ifmail +tfido 60177/udp # Ifmail +fido 60179/tcp # Ifmail +fido 60179/udp # Ifmail + +# Local services + diff --git a/serviceslint b/serviceslint new file mode 100755 index 0000000..b602455 --- /dev/null +++ b/serviceslint @@ -0,0 +1,119 @@ +#!/usr/bin/perl +# +# Perform sanity checks on the services file, supplied as argument. +# Based on an earlier shell script of the same name, but much faster, +# and it also detects actual errors in the current services file :) +# +# This program includes a manual, run "perldoc serviceslint" to see it. +# + +use strict; +use warnings; + +die "Usage: $0 /etc/services\n" unless $#ARGV == 0; + +# Build a hash of known protocols +my %protocol; +open FH, "protocols" or die "cannot open protocols: $!\n"; +while () { + chomp; + s/#.*$//; + my ($name, $port) = m/([\S]+)\s+(\d+)/ or next; + $protocol{$name} = $port; +} +close FH; + +# Parse the supplied services file +my $retval = 0; +my $line = 0; +my %service; +open FH, $ARGV[0] or die "cannot open $ARGV[0]: $!\n"; +while () { + $line++; # Keep a line count + chomp; # Remove CR/LF chars + if (m/^\s+/) { + print "Malformed line $line\n"; # No leading whitespace + $retval = 1; + next; + } + s/\s*#.*$//; # Strip out comments + next if m/^$/; # Skip empty lines + my ($name, $port, $proto, $aliases) = # Primary pattern match + m/^([\S]+)\s+(\d+)\/(\w+)\s*(.*)/ + or die "Malformed line: $line\n"; + if (not exists $protocol{$proto}) { + print "Bad protocol at line $line: $proto\n"; + $retval = 1; + } + if (exists $service{$proto}{$port}) { + print "Duplicate port at line $line: $port/$proto\n"; + $retval = 1; + } + $service{$proto}{$port} = $name; + foreach ($name, split /\s+/, $aliases) { + if (exists $service{$proto}{$_}) { + print "Duplicate name at line $line: $_/$proto\n"; + $retval = 1; + } + $service{$proto}{$_} = $port; + }; + +} +close FH; +exit $retval; + +__END__ + +=head1 NAME + +serviceslint - perform verification on the /etc/services file + +=head1 SYNOPSIS + +B I + +=head1 DESCRIPTION + +The B command performs syntax and content checks on the +given filename, normally a copy of the I file. + +Syntax checking consists of a regular expression applied to +non-empty, non-comment lines. If the syntax check fails, then +the program prints a message and aborts with non-zero status code. + +Content checking detects various kinds of duplicate entries. +Currently, warnings are printed for duplicate entries, but execution +continues, and the program I (eg. success). + +=over + +=item B I + +The specified line has invalid syntax. Note that leading whitespace +is not permitted. Non-empty lines must begin with a comment, or with +a service name followed by a port number / protocol pair. + +=item B I + +Occurs when a port number / protocol pair is found more than once +in the services file. The warning is flagged on the second (and any +subsequent) occurrences. These entries will not be found via the +B function. + +=item B I + +Occurs when a service name, or alias, occurs more than once in the +services file. The warning is flagged on the second (and subsequent) +occurrence. These entries will not be returned by the B +function. + +=back + +=head1 SEE ALSO + +The services(5) man page describes the file format. + +=head1 AUTHOR + +Ralph Siemsen & Phil Knirsch + diff --git a/setup.spec b/setup.spec new file mode 100644 index 0000000..31c4bce --- /dev/null +++ b/setup.spec @@ -0,0 +1,760 @@ +Summary: A set of system configuration and setup files +Name: setup +Version: 2.8.15 +Release: 1%{?dist} +License: Public Domain +Group: System Environment/Base +URL: https://fedorahosted.org/setup/ +Source0: https://fedorahosted.org/releases/s/e/%{name}/%{name}-%{version}.tar.bz2 +Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildArch: noarch +BuildRequires: bash tcsh perl +Conflicts: initscripts < 4.26, bash <= 2.0.4-21 + +%description +The setup package contains a set of important system configuration and +setup files, such as passwd, group, and profile. + +%prep +%setup -q +./shadowconvert.sh + +%build + +%check +# Run any sanity checks. +make check + +%install +rm -rf %{buildroot} +mkdir -p %{buildroot}/etc/profile.d +cp -ar * %{buildroot}/etc +rm -f %{buildroot}/etc/uidgid +rm -f %{buildroot}/etc/COPYING +mkdir -p %{buildroot}/var/log +touch %{buildroot}/var/log/lastlog +touch %{buildroot}/etc/environment +chmod 0644 %{buildroot}/etc/environment +chmod 0400 %{buildroot}/etc/{shadow,gshadow} +chmod 0644 %{buildroot}/var/log/lastlog +touch %{buildroot}/etc/fstab +touch %{buildroot}/etc/mtab + +# remove unpackaged files from the buildroot +rm -f %{buildroot}/etc/Makefile +rm -f %{buildroot}/etc/serviceslint +rm -f %{buildroot}/etc/uidgidlint +rm -f %{buildroot}/etc/shadowconvert.sh +rm -f %{buildroot}/etc/setup.spec + +%clean +rm -rf %{buildroot} + +#throw away useless and dangerous update stuff until rpm will be able to +#handle it ( http://rpm.org/ticket/6 ) +%post -p +for i, name in ipairs({"passwd", "shadow", "group", "gshadow"}) do + os.remove("/etc/"..name..".rpmnew") +end + +%files +%defattr(-,root,root,-) +%doc uidgid COPYING +%verify(not md5 size mtime) %config(noreplace) /etc/passwd +%verify(not md5 size mtime) %config(noreplace) /etc/group +%verify(not md5 size mtime) %attr(0000,root,root) %config(noreplace,missingok) /etc/shadow +%verify(not md5 size mtime) %attr(0000,root,root) %config(noreplace,missingok) /etc/gshadow +%verify(not md5 size mtime) %config(noreplace) /etc/services +%verify(not md5 size mtime) %config(noreplace) /etc/exports +%config(noreplace) /etc/aliases +%config(noreplace) /etc/environment +%config(noreplace) /etc/filesystems +%config(noreplace) /etc/host.conf +%verify(not md5 size mtime) %config(noreplace) /etc/hosts +%verify(not md5 size mtime) %config(noreplace) /etc/hosts.allow +%verify(not md5 size mtime) %config(noreplace) /etc/hosts.deny +%verify(not md5 size mtime) %config(noreplace) /etc/motd +%config(noreplace) /etc/printcap +%verify(not md5 size mtime) %config(noreplace) /etc/inputrc +%config(noreplace) /etc/bashrc +%config(noreplace) /etc/profile +%verify(not md5 size mtime) %config(noreplace) /etc/protocols +%attr(0600,root,root) %config(noreplace,missingok) /etc/securetty +%config(noreplace) /etc/csh.login +%config(noreplace) /etc/csh.cshrc +%dir /etc/profile.d +%config(noreplace) %verify(not md5 size mtime) /etc/shells +%ghost %attr(0644,root,root) %verify(not md5 size mtime) /var/log/lastlog +%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/fstab +%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/mtab + +%changelog +* Thu Jan 21 2010 Ondrej Vasik 2.8.15-1 +- reserve uidgid pair 155:155 for stap-server(#555813) +- reserve uidgid pair 113:113 for usbmuxd(#556525) + +* Tue Jan 12 2010 Ondrej Vasik 2.8.14-1 +- reserve uidgid pair 133:133 for bacula(#554705) + +* Tue Jan 05 2010 Ondrej Vasik 2.8.13-1 +- update services to latest IANA +- avoid one /usr/bin/id stat call in /etc/profile(#549056) + +* Thu Dec 17 2009 Ondrej Vasik 2.8.12-1 +- speed up pathmunge inside bashrc (#544652) +- do not use deprecated egrep in profile + +* Thu Dec 03 2009 Ondrej Vasik 2.8.11-1 +- don't have HISTCONTROL ignorespace by default (#520632), + but do not override it when it is already set +- add csync alias for port 2005 / tcp, udp + +* Wed Nov 11 2009 Ondrej Vasik 2.8.10-1 +- reserve uidgid pair 112:112 for vhostmd (#534110) +- update /etc/services to latest IANA + +* Tue Sep 08 2009 Ondrej Vasik 2.8.9-1 +- reserve uidgid pair 108:108 for ovirt from libvirt (#513261) +- reserve uidgid pair 111:111 for saned from sane-backends + (#520634) + +* Mon Aug 17 2009 Ondrej Vasik 2.8.8-1 +- change permissions on /etc/shadow and /etc/gshadow to 0000 and + use capabilities for them(#517577) + +* Sun Jul 26 2009 Fedora Release Engineering - 2.8.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue Jul 21 2009 Ondrej Vasik 2.8.7-1 +- increase threshold for uidgid reservations to 200 +- reserve uidgid pair 107:107 for qemu (libvirt,#511957) +- reflect threshold in profile and bashrc, do inform about + uidgid file existence there +- remove old remnants about portmap from hosts.deny(#509919) + +* Mon Jun 29 2009 Ondrej Vasik 2.8.6-1 +- update protocols and services to latest IANA +- add example for tty in prompt(#503304) + +* Wed May 20 2009 Ondrej Vasik 2.8.5-1 +- use history-search-backward/forward for pageup/pagedown + mapping in inputrc (#500989) +- add HISTCONTROL="ignoreboth" to /etc/profile to not include + duplicities and lines starting with space into the history + (#500819) + +* Tue May 12 2009 Ondrej Vasik 2.8.4-1 +- add oprofile (16:16) to uidgid +- use os.remove instead of os.execute in lua post + - no dependency on /bin/sh (thanks Panu Matilainen) + +* Wed Apr 22 2009 Ondrej Vasik 2.8.3-2 +- rewrite postun scriptlet to to prevent /bin/sh + dependency + +* Fri Apr 10 2009 Ondrej Vasik 2.8.3-1 +- do not disable coredumps in profile/csh.cshrc scripts, + coredumps already disabled in rawhide's RLIMIT_CORE(#495035) + +* Wed Mar 25 2009 Ondrej Vasik 2.8.2-2 +- reserve uid 65 for nslcd (will share group 55 ldap, #491899) + +* Tue Mar 24 2009 Ondrej Vasik 2.8.2-1 +- ship COPYING file, update protocols and services + to latest IANA + +* Mon Mar 23 2009 Ondrej Vasik 2.8.1-2 +- fix sources syntax, add sources URL (#226412) + +* Thu Feb 26 2009 Ondrej Vasik 2.8.1-1 +- do ship/generate /etc/{shadow,gshadow} files(#483251) +- do ship default /etc/hosts with setup (#483244) +- activate multi on (required for IPv6 only localhost + recognition out-of-the-box) (#486461) +- added postun section for cleaning of dangerous .rpmnew + files after updates +- make profile and bashrc more portable (ksh, #487419) + +* Wed Feb 25 2009 Fedora Release Engineering - 2.7.7-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Feb 02 2009 Ondrej Vasik 2.7.7-4 +- drop scriptlet completely(audio/video group + temporarily created by packages which use it for + updates(#477769)) + +* Fri Jan 30 2009 Ondrej Vasik 2.7.7-3 +- add support for ctrl+arrow shortcut in rxvt(#474110) + +* Thu Jan 29 2009 Ondrej Vasik 2.7.7-2 +- reserve 87 gid for polkituser (just uid was reserved), + reserve 18 gid for dialout(to prevent conflicts with + polkituser gid) + +* Thu Jan 22 2009 Ondrej Vasik 2.7.7-1 +- synchronize /etc/services with latest IANA, do not use + tabs in that file to have consistent output +- fix indentation in /etc/profile and /etc/bashrc + (#481074) +- assign uid 36 for vdsm, gid 36 for kvm + (#346151,#481021) + +* Tue Jan 20 2009 Ondrej Vasik 2.7.6-1 +- make uidgid file better parsable (synchronize tabs) +- reserve gid 11 for group cdrom (udev,MAKEDEV) +- reserve gid 33 for group tape (udev,MAKEDEV) +- reserve gid 87 for group dialout (udev,MAKEDEV) + +* Tue Jan 06 2009 Ondrej Vasik 2.7.5-4 +- use lua language in post to prevent additional + dependencies + +* Thu Dec 18 2008 Ondrej Vasik 2.7.5-3 +- add pkiuser (17:17) to uidgid +- temporarily create video/audio group in post section + (#476886) + +* Wed Dec 10 2008 Ondrej Vasik 2.7.5-2 +- do not export PATH twice(#449286 NOTABUG revert) +- do not export INPUTRC(to respect just created ~/.inputrc) + (#443717) + +* Thu Nov 27 2008 Ondrej Vasik 2.7.5-1 +- Modified upstream URL, synchronized with upstream git + +* Wed Nov 19 2008 Ondrej Vasik 2.7.4-3 +- update protocols to latest IANA list (2008-04-18) +- update services to latest IANA list (2008-11-17) +- mark /etc/protocols and /etc/inputrc %%config(noreplace) +- added URL, fixed few rpmlint warnings +- do own audio and video group (#458843), create it in default + /etc/group + +* Tue Nov 18 2008 Ondrej Vasik 2.7.4-2 +- again process profile.d scripts in noninteractive shells, + but do not display stderr/stdout messages(#457243) +- fix wrong prompt for csh/tcsh (#443854) +- don't show error message about missing hostname in profile + (#301481) +- reserve rquotad port 875 in /etc/services (#455859) +- export PATH after processing profile.d scripts (#449286) +- assign gid's for audio (:63) and video (:39) group(#458843), + assign uidgid pair (52:52) for puppet (#471918) +- fix /etc/services duplicities to pass serviceslint + +* Thu Oct 09 2008 Phil Knirsch 2.7.4-1 +- Include new serviceslint for speedup (#465642) +- Cleaned up services due to newly discovered bugs in it with new serviceslint + +* Wed Sep 03 2008 Phil Knirsch 2.7.3-1 +- Added SBinSanity patch as an approved feature (#458176) + +* Wed Aug 06 2008 Phil Knirsch 2.7.2-1 +- Added uidgid pair for condor +- Added uidgid pair for trousers + +* Fri Jul 25 2008 Phil Knirsch 2.7.1-1 +- Bump to 2.7.1 to avoid version problems with F-9 +- Removed group news as well (#437462) + +* Tue Jun 17 2008 Phil Knirsch 2.6.16-1 +- Dropped user news from default /etc/passwd (#437462) + +* Thu Jun 05 2008 Phil Knirsch 2.6.15-1 +- Added prelude-manager and snortd to uidgid list + +* Mon Apr 07 2008 Phil Knirsch 2.6.14-1 +- Updated /etc/services to latest IANA version (#315571) + +* Fri Apr 04 2008 Phil Knirsch +- Fixed a problem with the new prompt for tcsh and screen terminal (#438550) + +* Thu Mar 20 2008 Phil Knirsch 2.6.13-1 +- Drop the wrong precmd for csh for xterm and screen terminals + +* Tue Feb 26 2008 Phil Knirsch 2.6.12-1 +- Corrected wrong /etc/profile.d behaviour for non-interactive bash and tcsh + +* Fri Feb 22 2008 Phil Knirsch 2.6.11-1 +- Fixed problem with /etc/profile.d/* and non-interactive tcsh (#299221) +- Fixed xterm -title problem (#387581) +- Fixed problem with /etc/profile.d/*.csh not being executed for none loginshells anymore + (#381631, #429838) +- Corrected missing shell for news user in uidgid and passwd + +* Thu Aug 16 2007 Phil Knirsch 2.6.10-1 +- License review and update + +* Tue Jul 24 2007 Phil Knirsch 2.6.9-1 +- Assigned uid 87 for PolicyKit package (#244950) +- Fixed precmd fix if TERM isn't set (#242732) + +* Wed Jun 06 2007 Phil Knirsch 2.6.7-1 +- Fixed precmd setting to behave like bash for (t)csh (#242732) + +* Thu May 24 2007 Phil Knirsch 2.6.6-1 +- Added another set of proposed changes to /etc/csh.cshrc (#199817) +- Added missing documentation in /etc/hosts.[allow|deny] (#157053) + +* Wed May 23 2007 Phil Knirsch 2.6.5-1 +- Fixed tcsh behaviour for non login shells (#191233) +- Fixed umask setting for tcsh to behave identical to bash logins (#199817) +- Added ipv6-crypt and ipv6-auth for backwards compatibility (#210546) + +* Wed Apr 18 2007 Phil Knirsch 2.6.4-1 +- Modified the 111/[tcp/udp] entries to work with rpcbind (#236639) + +* Mon Mar 12 2007 Phil Knirsch 2.6.3-1 +- Changed winbind_auth to wbpriv by request of the samba maintainer + +* Tue Dec 12 2006 Phil Knirsch 2.6.2-1.fc7 +- Updated uidgid for split of pcap into arpwatcher and tcpdump. + +* Tue Nov 28 2006 Phil Knirsch 2.6.1-1.fc7 +- Update version and rebuilt + +* Tue Nov 28 2006 Phil Knirsch 2.5.57-1 +- Revert change for umask in /etc/bashrc (#217523) + +* Thu Nov 16 2006 Phil Knirsch 2.5.56-1 +- Added an entry for samba and winbind_auth + +* Wed Oct 11 2006 Phil Knirsch 2.5.55-1 +- Extended the protocols to include the missing hopopt (#209191) + +* Tue Oct 10 2006 Phil Knirsch 2.5.54-1 +- Update /etc/protocols to latest officiall IANA version (#209191) + +* Thu Jul 27 2006 Phil Knirsch 2.5.53-1 +- Added utempter gid for new libutempter package (#200240) + +* Mon Jun 19 2006 Phil Knirsch 2.5.52-1 +- Lock password for root account by default (#182206) + +* Wed May 03 2006 Karsten Hopp +- remove gkrellmd from the reserved uid/gid list (#186974) + +* Tue Mar 21 2006 Florian La Roche 2.5.50-1 +- use stricter umask of 022 for all logins + +* Thu Feb 23 2006 Phil Knirsch 2.5.49-1 +- Really switch to new /etc/services file +- Added /etc/fstab and /etc/mtab to ownership of setup (#177061) + +* Tue Jan 31 2006 Phil Knirsch 2.5.48-1 +- Switched to the new large /etc/services file which fixes #112298, #133683, + #166443, #168872, #171228. +- Fixed pathmunge problem with bashrc (#123621) +- Removed /usr/X11R6/bin from default PATH (#173856) + +* Tue Jan 24 2006 Phil Knirsch +- Fixed bug with PROMPT_COMMAND being broken for wierd dirs (#142125) +- Added hfsplus to know filesystems (#172820) + +* Mon Oct 17 2005 Bill Nottingham +- make motd noreplace (#170539) + +* Tue Sep 6 2005 Bill Nottingham 2.5.47-1 +- make lastlog 0644 (#167200) + +* Mon Jun 20 2005 Bill Nottingham 2.5.46-1 +- add buildrequires on bash, tcsh (#161016) +- move core dump size setting from csh.login to csh.cshrc (#156914) + +* Fri Jun 17 2005 Bill Nottingham 2.5.45-1 +- ksh doesn't implement EUID/UID. Work around that. (#160731) + +* Thu May 19 2005 Bill Nottingham 2.5.44-1 +- fix csh.cshrc when -e is used (#158265) + +* Mon Apr 25 2005 Bill Nottingham 2.5.43-1 +- remove mailman aliases (#155841) + +* Mon Apr 18 2005 Bill Nottingham 2.5.42-1 +- fix lastlog conflict (#155256) + +* Fri Apr 15 2005 Bill Nottingham 2.5.41-1 +- get rid of 'id' error messages if there is no /usr (#142707) + +* Mon Jan 31 2005 Bill Nottingham 2.5.40-1 +- have similar prompt changes for su to root in tcsh as in bash (#143826) + +* Tue Nov 23 2004 Bill Nottingham 2.5.39-1 +- ghost lastlog (#139539) + +* Thu Nov 18 2004 Bill Nottingham 2.5.38-1 +- fix bash/tcsh coredump size inconsistency (#139821) + +* Wed Oct 27 2004 Bill Nottingham 2.5.37-1 +- fix inconsistency in profile.d handling (#136859, ) + +* Fri Oct 8 2004 Bill Nottingham 2.5.36-1 +- fix duplicate alias + +* Tue Sep 28 2004 Bill Nottingham 2.5.35-1 +- add /etc/environment + +* Mon Sep 27 2004 Rik van Riel 2.5.34-2 +- mark /etc/services config(noreplace) (#133683) + +* Thu Sep 23 2004 Bill Nottingham 2.5.34-1 +- add dict (#107807) +- add cyrus services (#118832) +- move delete-char binding for csh (#113682) +- do the same path munging for csh as for bash (#57708) +- add postfix aliases (#117661) +- fix bashrc login shell check (#104491) +- add odmr to services (#101098) +- add distcc to services (#91535) +- add xterm forware/backward word bindings (#80860) + +* Mon May 24 2004 Bill Nottingham +- make pathmunge available for profile.d scripts (#123621) + +* Wed May 19 2004 Joe Orton 2.5.33-2 +- add IANA Register Port for svn to /etc/services (#122863) + +* Wed May 5 2004 Nalin Dahyabhai 2.5.33-1 +- fix syntax error in csh.cshrc + +* Tue May 4 2004 Bill Nottingham 2.5.32-1 +- set MAIL in csh.cshrc (#115376) +- fix inputrc check in csh.login (#115073) + +* Mon Jan 26 2004 Bill Nottingham 2.5.31-1 +- move /etc/aliases here + +* Mon Dec 8 2003 Bill Nottingham 2.5.30-1 +- remove stty `tput kbs` section (#91357) + +* Tue Sep 2 2003 Bill Nottingham 2.5.27-1 +- securetty should be noreplace (#103585) + +* Fri Mar 14 2003 Bill Nottingham 2.5.26-1 +- clean up some typos in /etc/services (#86129) + +* Mon Feb 17 2003 Florian La Roche +- add "console" to /etc/securetty for mainframe + +* Mon Jan 20 2003 Nalin Dahyabhai 2.5.24-1 +- allocate uid/gid for mgetty + +* Thu Jan 9 2003 Dan Walsh 2.5.23-1 +- added PXE to /etc/services + +* Wed Jan 1 2003 Bill Nottingham 2.5.22-1 +- remove bogus entries from inputrc (#80652) + +* Fri Nov 29 2002 Tim Powers 2.5.21-1 +- remove unpackaged files from the buildroot + +* Thu Aug 29 2002 Bill Nottingham 2.5.20-1 +- shopt -s checkwinsize everywhere + +* Wed Aug 28 2002 Preston Brown 2.5.19-1 +- fix bug #61129 (~ substitution) + +* Wed Aug 15 2002 Jens Petersen 2.5.18-1 +- bring back the screen case in /etc/bashrc, since /etc/screenrc no + longer sets defhstatus (#60596, #60597) + +* Sun Aug 11 2002 Florian La Roche 2.5.17-1 +- add "set mark-symlinked-directories on" to /etc/inputrc + +* Mon Jul 22 2002 Phil Knirsch 2.5.16-2 +- Added shopt -s checkwinsize to /etc/bashrc for xterm resizing + +* Fri Jul 19 2002 Jens Petersen 2.5.16-1 +- dont special case screen in /etc/bashrc, since it overrides the user's + screenrc title setting (#60596) + +* Thu Jul 18 2002 Florian La Roche 2.5.14-1 +- move home dir of "news" to /etc/news + +* Tue May 28 2002 Nalin Dahyabhai 2.5.13-1 +- allocate uid/gid for privilege-separated sshd + +* Thu May 23 2002 Tim Powers 2.5.12-2 +- automated rebuild + +* Wed Apr 3 2002 Bill Nottingham 2.5.12-1 +- fix misformatted comment in /etc/services, allocate uid/gid for + frontpage + +* Thu Mar 28 2002 Bill Nottingham 2.5.11-1 +- add newline in /etc/shells (#62271) + +* Thu Mar 28 2002 Nalin Dahyabhai 2.5.10-1 +- allocate uid for the vcsa user + +* Tue Mar 12 2002 Bill Nottingham 2.5.9-1 +- re-add ext3 to /etc/filesystems + +* Mon Mar 11 2002 Bill Nottingham 2.5.8-1 +- add nologin to /etc/shells (#53963) +- fix some quoting issues (#59627) +- fix screen status line (#60596) +- fix path regexps (#59624) +- move profile.d stuff to csh.cshrc (#59946) + +* Fri Mar 8 2002 Nalin Dahyabhai +- add bprd, bpdbm, bpjava-msvc, vnetd, bpcd, and vopied to /etc/services + +* Tue Sep 25 2001 Nalin Dahyabhai +- change rmtcfg to an alias for bvcontrol, which is a registered name + +* Mon Sep 17 2001 Nalin Dahyabhai 2.5.7-1 +- add entries to services (ipp, wnn4, and so on) +- try to remove duplicates in services (remove nameserver as alias for domain, + and readnews as alias for netnews) + +* Mon Aug 20 2001 Bill Nottingham +- change FTP user's home dir to /var/ftp (#52091) +- %%ghost /etc/shadow, /etc/gshadow + +* Fri Aug 17 2001 Bill Nottingham +- add /etc/shells to filelist (#51813) + +* Mon Aug 13 2001 Bill Nottingham +- put lock in /etc/group (#51654) + +* Wed Aug 8 2001 Bill Nottingham +- lock only needs to be a gid +- don't set dspmbyte=euc here; do it in lang.csh, and only if necessary (#50318) + +* Mon Aug 6 2001 Jeff Johnson +- add lock.lock uid/gid 54 to own /var/lock directory. + +* Thu Jul 19 2001 Bill Nottingham +- add forward/backward-word mappings (#48783) +- add pgpkeyserver port to /etc/services (#49407) + +* Thu Jul 19 2001 Preston Brown +- core files disabled by default. Developers can enable them. + +* Fri Jul 13 2001 Bill Nottingham 2.5.1-1 +- revert news user back to no shell (#48701) + +* Tue Jul 10 2001 Bill Nottingham 2.5.0-1 +- move profile.d parsing from csh.cshrc to csh.login (#47417) + +* Sat Jul 7 2001 Nalin Dahyabhai 2.4.15-1 +- reorder /etc/services to match comments again +- protocol 118 is stp, not st +- update URLs in /etc/protocols and /etc/services + +* Thu Jul 5 2001 Preston Brown 2.4.14-1 +- put */sbin in path if user ID is 0. + +* Mon Jun 25 2001 Bill Nottingham +- add an entry to /etc/services for ssh X11 forwarding (#44944) + +* Wed Jun 13 2001 Bill Nottingham +- take ttyS0 out of securetty on main tree + +* Tue Jun 12 2001 Philip Copeland +- added ttyS0 to securetty for serial console usage + +* Tue Jun 12 2001 Bill Nottingham +- add rndc to /etc/services (#40265) +- test for read bit, not execute bit, for profile.d (#35714) + +* Sun Jun 03 2001 Florian La Roche +- add "canna" entry to /etc/services + +* Mon May 21 2001 Bernhard Rosenkraenzer 2.4.10-1 +- Fix bugs #24159 and #30634 again; whoever moved bashrc from bash + to setup used an old version. :(( + +* Wed May 2 2001 Preston Brown 2.4.9-1 +- bashrc moved here from bash package +- set umask in bashrc, so it applies for ALL shells. + +* Fri Apr 27 2001 Preston Brown 2.4.8-1 +- /sbin/nologin for accounts that aren't "real." + +* Sat Apr 7 2001 Preston Brown +- revert control-arrow forward/backward word (broken) + +* Tue Mar 27 2001 Preston Brown +- fix japanese input with tcsh (#33211) + +* Tue Mar 6 2001 Bill Nottingham +- fix some weirdness with rxvt (#30799) + +* Wed Feb 28 2001 Bill Nottingham +- add SKK input method (#29759) + +* Fri Feb 23 2001 Preston Brown + +* Wed Feb 21 2001 Bill Nottingham +- fix inputrc, Yet Again. (#28617) + +* Thu Feb 15 2001 Bill Nottingham +- add in uidgid file, put it in %%doc + +* Wed Feb 7 2001 Adrian Havill +- bindkey for delete in the case of tcsh + +* Wed Feb 7 2001 Bill Nottingham +- add some more stuff to /etc/services (#25396, patch from + ) + +* Tue Feb 6 2001 Nalin Dahyabhai +- add gii/tcp = 616 for gated + +* Tue Jan 30 2001 Bill Nottingham +- wrap some inputrc settings with tests for mode, term (#24117) + +* Mon Jan 29 2001 Bill Nottingham +- overhaul /etc/protocols (#18530) +- add port 587 to /etc/services (#25001) +- add corbaloc (#19581) +- don't set /usr/X11R6/bin in $PATH if it's already set (#19968) + +* Fri Dec 1 2000 Nalin Dahyabhai +- Clean up /etc/services, separating registered numbers from unregistered + ("squatted") numbers, and adding some. + +* Mon Nov 20 2000 Bernhard Rosenkraenzer +- Add smtps (465/tcp) and submission (587/tcp) to /etc/services for TLS + support (postfix >= 20001030-2) + +* Sun Aug 6 2000 Bill Nottingham +- /var/log/lastlog is %%config(noreplace) (#15412) +- some of the various %%verify changes (#14819) + +* Thu Aug 3 2000 Nalin Dahyabhai +- linuxconf should be 98, not 99 + +* Tue Jul 25 2000 Bill Nottingham +- fix some of the csh stuff (#14622) + +* Sun Jul 23 2000 Nalin Dahyabhai +- stop setting "multi on" in /etc/host.conf + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Tue Jun 27 2000 Bill Nottingham +- add hfs filesystem + +* Wed Jun 21 2000 Preston Brown +- printcap is a noreplace file now + +* Sun Jun 18 2000 Bill Nottingham +- fix typo + +* Tue Jun 13 2000 Nalin Dahyabhai +- add linuxconf/tcp = 99 to /etc/services + +* Sat Jun 10 2000 Bill Nottingham +- add some stuff to /etc/services +- tweak ulimit call again + +* Tue Jun 6 2000 Bernhard Rosenkraenzer +- homedir of ftp is now /var/ftp + +* Sun May 14 2000 Nalin Dahyabhai +- move profile.d logic in csh.login to csh.cshrc + +* Tue Apr 18 2000 Nalin Dahyabhai +- redirect ulimit -S -c to /dev/null to avoid clutter + +* Thu Apr 13 2000 Bernhard Rosenkraenzer +- s/ulimit -c/ulimit -S -c/ - bash 2.x adaption + +* Mon Apr 03 2000 Nalin Dahyabhai +- Add more of the kerberos-related services from IANA's registry and krb5 + +* Wed Mar 29 2000 Bernhard Rosenkraenzer +- Add 2.4'ish vc/* devices to securetty + +* Thu Feb 17 2000 Preston Brown +- add /etc/filesystems with sane defaults + +* Wed Feb 16 2000 Bill Nottingham +- don't set prompt in /etc/profile (it's done in /etc/bashrc) + +* Fri Feb 5 2000 Bill Nottingham +- yet more inputrc tweaks from Hans de Goede (hans@highrise.nl) + +* Sun Jan 30 2000 Bill Nottingham +- yet more inputrc tweaks from Hans de Goede (hans@highrise.nl) + +* Sun Jan 23 2000 Bill Nottingham +- fix mailq line. (#7140) + +* Fri Jan 21 2000 Bill Nottingham +- add ldap to /etc/services + +* Tue Jan 18 2000 Bill Nottingham +- kill HISTFILESIZE, it's broken + +* Tue Jan 18 2000 Preston Brown +- some inputrc tweaks + +* Wed Jan 12 2000 Bill Nottingham +- make some more stuff noreplace + +* Fri Nov 19 1999 Bill Nottingham +- fix mailq line. (#7140) + +* Fri Oct 29 1999 Bill Nottingham +- split csh.login into csh.login and csh.cshrc (#various) +- fix pop service names (#6206) +- fix ipv6 protocols entries (#6219) + +* Thu Sep 2 1999 Jeff Johnson +- rename /etc/csh.cshrc to /etc/csh.login (#2931). +- (note: modified /etc/csh.cshrc should end up in /etc/csh.cshrc.rpmsave) + +* Fri Aug 20 1999 Jeff Johnson +- add defattr. +- fix limit command in /etc/csh.cshrc (#4582). + +* Thu Jul 8 1999 Bill Nottingham +- move /etc/inputrc here. + +* Mon Apr 19 1999 Bill Nottingham +- always use /etc/inputrc + +* Wed Mar 31 1999 Preston Brown +- added alias pointing to imap from imap2 + +* Tue Mar 23 1999 Preston Brown +- updated protocols/services from debian to comply with more modern +- IETF/RFC standards + +* Sun Mar 21 1999 Cristian Gafton +- auto rebuild in the new build environment (release 4) + +* Thu Feb 18 1999 Jeff Johnson +- unset variables used in /etc/csh.cshrc (#1212) + +* Mon Jan 18 1999 Jeff Johnson +- compile for Raw Hide. + +* Tue Oct 13 1998 Cristian Gafton +- fix the csh.cshrc re: ${PATH} undefined + +* Mon Apr 27 1998 Prospector System +- translations modified for de, fr, tr + +* Fri Dec 05 1997 Erik Troan +- /etc/profile uses $i, which needs to be unset + +* Mon Nov 03 1997 Donnie Barnes +- made /etc/passwd and /etc/group %%config(noreplace) + +* Mon Oct 20 1997 Erik Troan +- removed /etc/inetd.conf, /etc/rpc +- flagged /etc/securetty as missingok +- fixed buildroot stuff in spec file + +* Thu Jul 31 1997 Erik Troan +- made a noarch package + +* Wed Apr 16 1997 Erik Troan +- Don't verify md5sum, size, or timestamp of /var/log/lastlog, /etc/passwd, + or /etc/group. diff --git a/shadowconvert.sh b/shadowconvert.sh new file mode 100755 index 0000000..4be13b6 --- /dev/null +++ b/shadowconvert.sh @@ -0,0 +1,18 @@ +#!/bin/bash +if [ x`pwd` = "x/etc" ] +then + echo Cannot operate directly on \"/etc\". >&2 + exit 1 +fi + +#make prototype for /etc/shadow +sed -e "s/:.*/:*:`expr $(date +%s) / 86400`:0:99999:7:::/" passwd >shadow + +#make prototype for /etc/gshadow +sed -e 's/:[0-9]\+:/::/g' group >gshadow + +#mark passwd and group files entries shadowed +sed -i -e 's/^\([^:]\+\):[^:]*:/\1:x:/' passwd group + +echo Converted successfully. +exit 0 diff --git a/shells b/shells new file mode 100644 index 0000000..e9214ad --- /dev/null +++ b/shells @@ -0,0 +1,3 @@ +/bin/sh +/bin/bash +/sbin/nologin diff --git a/uidgid b/uidgid new file mode 100644 index 0000000..9985d25 --- /dev/null +++ b/uidgid @@ -0,0 +1,123 @@ +NAME UID GID HOME SHELL PACKAGES +root 0 0 /root /bin/bash setup +bin 1 1 /bin /sbin/nologin setup +daemon 2 2 /sbin /sbin/nologin setup +sys - 3 - - setup +adm 3 4 /var/adm /bin/bash setup +tty - 5 - - setup +disk - 6 - - setup +lp 4 7 /var/spool/lpd /sbin/nologin setup +mem - 8 - - setup +kmem - 9 - - setup +wheel - 10 - - setup +cdrom - 11 - - udev,MAKEDEV +sync 5 (0) /sbin /bin/sync setup +shutdown 6 (0) /sbin /sbin/shutdown setup +halt 7 (0) /sbin /sbin/halt setup +mail 8 12 /var/spool/mail /sbin/nologin setup +news 9 13 /var/spool/news /sbin/nologin setup +uucp 10 14 /var/spool/uucp /sbin/nologin setup +operator 11 (0) /root /sbin/nologin setup +games 12 (100) /usr/games /sbin/nologin setup +gopher 13 30 /usr/lib/gopher-data /sbin/nologin setup +ftp 14 50 /var/ftp /sbin/nologin setup +man - 15 - - setup +oprofile 16 16 /home/oprofile /sbin/nologin oprofile +pkiuser 17 17 /usr/share/pki /sbin/nologin pki-ca,rhpki-ca +dialout - 18 - - udev,MAKEDEV +floppy - 19 - - dev,MAKEDEV +games - 20 - - setup +slocate - 21 - - slocate +utmp - 22 - - initscripts,libutempter +squid 23 23 /var/spool/squid /dev/null squid +pvm 24 24 /usr/share/pvm3 /bin/bash pvm +named 25 25 /var/named /bin/false bind +postgres 26 26 /var/lib/pgsql /bin/bash postgresql-server +mysql 27 27 /var/lib/mysql /bin/bash mysql +nscd 28 28 / /bin/false nscd +rpcuser 29 29 /var/lib/nfs /bin/false nfs-utils +console - 31 - - dev +rpc 32 32 / /bin/false portmap +amanda 33 (6) /var/lib/amanda /bin/false amanda +tape - 33 - - udev,MAKEDEV +netdump 34 34 /var/crash /bin/bash netdump-client, netdump-server +utempter - 35 - - libutempter +vdsm 36 - / /bin/bash kvm, vdsm +kvm - 36 - - kvm, vdsm, libvirt +rpm 37 37 /var/lib/rpm /bin/bash rpm +ntp 38 38 /etc/ntp /sbin/nologin ntp +video - 39 - - setup +dip - 40 - - setup +mailman 41 41 /var/mailman /bin/false mailman +gdm 42 42 /var/gdm /bin/bash gdm +xfs 43 43 /etc/X11/fs /bin/false XFree86-xfs +pppusers - 44 - - linuxconf +popusers - 45 - - linuxconf +slipusers - 46 - - linuxconf +mailnull 47 47 /var/spool/mqueue /dev/null sendmail +apache 48 48 /var/www /bin/false apache +wnn 49 49 /home/wnn /bin/bash FreeWnn +smmsp 51 51 /var/spool/mqueue /dev/null sendmail +puppet 52 52 /var/lib/puppet /sbin/nologin puppet +tomcat 53 53 /var/lib/tomcat /sbin/nologin tomcat +lock - 54 - - lockdev +ldap 55 55 /var/lib/ldap /bin/false openldap-servers +frontpage 56 56 /var/www /bin/false mod_frontpage +nut 57 57 /var/lib/ups /bin/false nut +beagleindex 58 58 /var/cache/beagle /bin/false beagle +tss 59 59 - /sbin/nologin trousers +piranha 60 60 /etc/sysconfig/ha /dev/null piranha +prelude-manager 61 61 - /sbin/nologin prelude-manager +snortd 62 62 - /sbin/nologin snortd +audio - 63 - - setup +condor 64 64 /var/lib/condor /sbin/nologin condord +nslcd 65 (55) / /sbin/nologin nslcd +wine - 66 - - wine +pegasus 66 65 /var/lib/Pegasus /sbin/nologin tog-pegasus +webalizer 67 67 /var/www/html/usage /sbin/nologin webalizer +haldaemon 68 68 / /sbin/nologin hal +vcsa 69 69 - /sbin/nologin dev,MAKEDEV +avahi 70 70 / /sbin/nologin avahi +realtime - 71 - - - +tcpdump 72 72 / /sbin/nologin tcpdump +privoxy 73 73 /etc/privoxy /bin/bash privoxy +sshd 74 74 /var/empty/sshd /sbin/nologin openssh-server +radvd 75 75 / /bin/false radvd +cyrus 76 (12) /var/imap /bin/bash cyrus-imapd +shadow - 76 - - cyrus-imapd +arpwatch 77 77 /var/lib/arpwatch /sbin/nologin arpwatch +fax 78 78 /var/spool/fax /sbin/nologin mgetty +nocpulse 79 79 /etc/sysconfig/nocpulse /bin/bash nocpulse +desktop 80 80 - /sbin/nologin desktop-file-utils +dbus 81 81 / /sbin/nologin dbus +jonas 82 82 /var/lib/jonas /sbin/nologin jonas +clamav 83 83 /tmp /sbin/nologin clamav +screen - 84 - - screen +quaggavt - 85 - - quagga +sabayon 86 86 - /sbin/nologin sabayon +polkituser 87 87 / /sbin/nologin polkit +wbpriv - 88 - - samba-common +postfix 89 89 /var/spool/postfix /bin/true postfix +postdrop - 90 - - postfix +majordomo 91 91 /usr/lib/majordomo /bin/bash majordomo +quagga 92 92 / /sbin/nologin quagga +exim 93 93 /var/spool/exim /sbin/nologin exim +distcache 94 94 / /sbin/nologin distcache +radiusd 95 95 / /bin/false freeradius +hsqldb 96 96 /var/lib/hsqldb /sbin/nologin hsqldb +dovecot 97 97 /usr/libexec/dovecot /sbin/nologin dovecot +ident 98 98 / /sbin/nologin ident +nobody 99 99 / /sbin/nologin setup +users - 100 - - setup +qemu 107 107 / /sbin/nologin libvirt +ovirt 108 108 / /sbin/nologin libvirt +saned 111 111 / /sbin/nologin sane-backends +vhostmd 112 112 /usr/share/vhostmd /sbin/nologin vhostmd +usbmuxd 113 113 / /sbin/nologin usbmuxd +bacula 133 133 /var/spool/bacula /sbin/nologin bacula +stap-server 155 155 /var/lib/stap-server /sbin/nologin systemtap +gnats ? ? ? ? gnats, gnats-db +listar ? ? ? ? listar +nfsnobody 65534 65534 /var/lib/nfs /sbin/nologin nfs-utils + +# Note: nfsnobdy is 4294967294 on 64-bit platforms (-2) diff --git a/uidgidlint b/uidgidlint new file mode 100755 index 0000000..adbb158 --- /dev/null +++ b/uidgidlint @@ -0,0 +1,24 @@ +#!/bin/sh +# We need a file to look at. +if [ -z "$*" ] ; then + echo Usage: `basename $0` uidgid + exit 1 +fi +# The format of the file is (currently) +for infile in "$@" ; do + uidlist=`tail -n +2 "$infile" | awk '{print $2}' | grep -v '?' | grep -v -e - | sort -nu` + gidlist=`tail -n +2 "$infile" | awk '{print $3}' | grep -v '?' | grep -v -e - | sort -nu` + for uid in $uidlist ; do + if test `tail -n +2 "$infile" | awk '{print $2}' | grep '^'"$uid"'$' | wc -l` -ne 1 ; then + echo Duplicate UID: $uid + exit 1 + fi + done + for gid in $gidlist ; do + if test `tail -n +2 "$infile" | awk '{print $3}' | grep '^'"$uid"'$' | wc -l` -ne 1 ; then + echo Duplicate GID: $gid + exit 1 + fi + done +done +exit 0 -- cgit v1.2.3