- Issued:
- 2005-05-19
- Updated:
- 2005-05-19
RHBA-2005:440 - Bug Fix Advisory
Synopsis
Updated redhat-config-users package
Type/Severity
Bug Fix Advisory
Topic
An updated redhat-config-users package that fixes various bugs is now
available.
Description
The redhat-config-users package, which depends on the libuser library,
contains a graphical utility for administering users and groups on a system.
This updated redhat-config-users package addresses the following bugs:
- Fixed the use of hardcoded values for password aging instead of
values configured in /etc/libuser.conf.
- When deleting users, the operator could be misled into recursively
deleting system directories including the system root. Now, it refuses to
delete home directories if they are system directories or not owned by
the user about to be deleted.
- When deleting users, the mail spool and temporary files are not deleted,
which could lead to side effects when adding another user with the same
name but a different UID number. These files can now deleted if specified
by the operator.
- Deleting logged in users silently could lead to the deletion of the
current user's entire account. The system now warns if there are
processes running under the UID of the user about to be deleted.
All users of the redhat-config-users package should upgrade to this updated
package, which resolves these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
Affected Products
- Red Hat Enterprise Linux Server 3 x86_64
- Red Hat Enterprise Linux Server 3 ia64
- Red Hat Enterprise Linux Server 3 i386
- Red Hat Enterprise Linux Workstation 3 x86_64
- Red Hat Enterprise Linux Workstation 3 ia64
- Red Hat Enterprise Linux Workstation 3 i386
- Red Hat Enterprise Linux Desktop 3 x86_64
- Red Hat Enterprise Linux Desktop 3 i386
- Red Hat Enterprise Linux for IBM z Systems 3 s390x
- Red Hat Enterprise Linux for IBM z Systems 3 s390
- Red Hat Enterprise Linux for Power, big endian 3 ppc
Fixes
- BZ - 102637 - Deleting user does not delete user's mail spool
- BZ - 126756 - deleting users home directory leaves user files in /tmp
- BZ - 130379 - redhat-config-users does not use the password age defaults in /etc/login.defs
- BZ - 132902 - Deleting user you are logged in as creates huge problems.
- BZ - 138093 - Should not delete directories outside of /home
CVEs
(none)
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.