62 lines
2.1 KiB
Diff
62 lines
2.1 KiB
Diff
From 725f6245c1a45973731eb853e9e1b0d388295f92 Mon Sep 17 00:00:00 2001
|
|
From: Kam Nasim <kam.nasim@windriver.com>
|
|
Date: Fri, 12 Aug 2016 17:40:31 -0400
|
|
Subject: [PATCH] US84147: Security: NON-OPENSTACK Processes: External services
|
|
must run as non-root
|
|
|
|
Add new snmpd and fm users/groups so that those services may be run as
|
|
non-root.
|
|
---
|
|
group | 2 ++
|
|
passwd | 2 ++
|
|
uidgid | 3 +++
|
|
3 files changed, 7 insertions(+)
|
|
|
|
diff --git a/group b/group
|
|
index 87a03c1..8794dde 100644
|
|
--- a/group
|
|
+++ b/group
|
|
@@ -23,6 +23,8 @@ neutron:x:164:neutron
|
|
cinder:x:165:cinder
|
|
ceilometer:x:166:ceilometer
|
|
sysinv:x:168:sysinv
|
|
+snmpd:x:169:snmpd
|
|
heat:x:187:heat
|
|
nfv:x:172:nfv
|
|
+fm:x:195:fm
|
|
libvirt:x:991:nova
|
|
diff --git a/passwd b/passwd
|
|
index 46a3d52..2fb16ee 100644
|
|
--- a/passwd
|
|
+++ b/passwd
|
|
@@ -14,3 +14,5 @@ heat:x:992:187::/home/heat:/bin/sh
|
|
ceilometer:x:991:166::/home/ceilometer:/bin/sh
|
|
nfv:x:172:172:nfvi:/var/lib/nfv:/sbin/nologin
|
|
postgres:x:120:120:PostgreSQL Server:/var/lib/pgsql:/bin/sh
|
|
+snmpd:x:169:169:net-snmp:/usr/share/snmp:/sbin/nologin
|
|
+fm:x:195:195:fm-mgr:/var/lib/fm:/sbin/nologin
|
|
diff --git a/uidgid b/uidgid
|
|
index c6bbd4b..f779665 100644
|
|
--- a/uidgid
|
|
+++ b/uidgid
|
|
@@ -134,6 +134,8 @@ quantum 164 164 /var/lib/quantum /sbin/nologin openstack-quantum
|
|
cinder 165 165 /var/lib/cinder /sbin/nologin openstack-cinder
|
|
ceilometer 166 166 /var/lib/ceilometer /sbin/nologin openstack-ceilometer
|
|
ceph 167 167 /var/lib/ceph /sbin/nologin ceph-common
|
|
+sysinv 168 168 /var/lib/sysinv /sbin/nologin sysinv
|
|
+snmpd 169 169 /usr/share/snmp /sbin/nologin net-snmp
|
|
avahi-autoipd 170 170 /var/lib/avahi-autoipd /sbin/nologin avahi
|
|
pulse 171 171 /var/run/pulse /sbin/nologin pulseaudio
|
|
rtkit 172 172 /proc /sbin/nologin rtkit
|
|
@@ -163,6 +165,7 @@ systemd-network 192 192 / /sbin/nologin systemd
|
|
systemd-resolve 193 193 / /sbin/nologin systemd
|
|
gnats ? ? ? ? gnats, gnats-db
|
|
listar ? ? ? ? listar
|
|
+fm 195 195 /var/lib/fm /sbin/nologin fm-mgr
|
|
nfsnobody 65534 65534 /var/lib/nfs /sbin/nologin nfs-utils
|
|
|
|
# Note: nfsnobody is 4294967294 on 64-bit platforms (-2)
|
|
--
|
|
1.8.3.1
|
|
|