Fix filesystem permission masks
The setuid bit is ignored on directories, so it's not necessary
to remove it. The tasks currently remove the user's ability to
use their home directory.
The patch fixes the permissions problem, ensures that the 'nobody'
user is skipped, and enables testing for the tasks in the gate.
Closes-Bug: 1731005
Closes-Bug: 1730994
Change-Id: Id7be77b2eaa707c4c27d46f97d07f34825813749
(cherry picked from commit 79b3d25070
)
This commit is contained in:
parent
8248f89068
commit
5543b54ffb
|
@ -105,9 +105,10 @@
|
|||
dest: "{{ item.dir }}"
|
||||
owner: "{{ item.name }}"
|
||||
group: "{{ item.group.name }}"
|
||||
mode: "u-X,g-ws,o-rwxt"
|
||||
mode: "g-ws,o-rwxt"
|
||||
when:
|
||||
- item.uid >= 1000
|
||||
- item.name != 'nobody'
|
||||
- security_set_home_directory_permissions_and_owners | bool
|
||||
with_items: "{{ user_list.users | selectattr('uid', 'greaterthan', 999) | list }}"
|
||||
tags:
|
||||
|
|
|
@ -93,6 +93,7 @@
|
|||
security_rhel7_remove_shosts_files: yes
|
||||
security_search_for_invalid_owner: yes
|
||||
security_search_for_invalid_group_owner: yes
|
||||
security_set_home_directory_permissions_and_owners: yes
|
||||
security_set_minimum_password_lifetime: yes
|
||||
security_unattended_upgrades_enabled: yes
|
||||
security_unattended_upgrades_notifications: yes
|
||||
|
|
Loading…
Reference in New Issue