[kirkstone 04/13] polkit: Add --shell /bin/nologin to polkitd user


Armin Kuster
 

From: Akash Hadke <akash.hadke@...>

polkitd user has default access to /bin/sh, add --shell /bin/nologin
to remove default access to /bin/sh and avoid login through it.

Signed-off-by: Akash Hadke <akash.hadke@...>
Signed-off-by: Khem Raj <raj.khem@...>
(cherry picked from commit 7ca63e5454bd7cbdb5ac58f6b5913e3387b64201)
Signed-off-by: Armin Kuster <akuster808@...>
---
meta-oe/recipes-extended/polkit/polkit_0.119.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-oe/recipes-extended/polkit/polkit_0.119.bb b/meta-oe/recipes-extended/polkit/polkit_0.119.bb
index 66bbf735f0..9444cb9f2d 100644
--- a/meta-oe/recipes-extended/polkit/polkit_0.119.bb
+++ b/meta-oe/recipes-extended/polkit/polkit_0.119.bb
@@ -58,7 +58,7 @@ FILES:${PN}:append = " \
FILES:${PN}-examples = "${bindir}/*example*"

USERADD_PACKAGES = "${PN}"
-USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/${BPN}-1 polkitd"
+USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/${BPN}-1 --shell /bin/nologin polkitd"

SYSTEMD_SERVICE:${PN} = "${BPN}.service"
SYSTEMD_AUTO_ENABLE = "disable"
--
2.25.1

Join openembedded-devel@lists.openembedded.org to automatically receive all group messages.