RHBA-2009:0484 - Bug Fix Advisory

Topic

An updated setup package that fixes several bugs and adds various
enhancements is now available.

Description

The setup package contains a set of important system configuration and
setup files, such as passwd, group, and profile.

This updated setup package fixes the following two inconsistencies between
the bash and the csh and tcsh profile scripts:

• in order to match the bash shell's default behavior and provide

consistency across shells, csh files in the /etc/profile.d/ directory are
not read when csh is loaded as a non-login shell.

• when using the csh or tcsh shell, the user's umask is now set exactly the

same as it is for the bash shell. If a process owned by a user creates a
file, the UID number of the user is 100 or greater, and the username and
group name match, then the umask of the process will be set to "002".
Otherwise, the umask will be set to "022".

In addition, this updated package provides the following enhancements:

• this updated setup package reserves the new "tss" User ID and Group ID,

and the userid (UID) and groupid (GID) numbers (59:59), which should
prevent accidental usage of that UID/GID pair by other packages and
administrators. TrouSerS is an implementation of the Trusted Computing
Group's Software Stack (TSS) specification.

• this updated setup package reserves the new "puppet" user ID and group

ID, and the userid (UID) and groupid (GID) numbers (52:52), which should
prevent accidental usage of that UID/GID pair by other packages and
administrators. Puppet is an automated system administration engine that
performs tasks such as adding users, installing packages, and updating
server configurations based on a centralized specification language.

• this updated setup package reserves the new "pkiuser" user ID and group

ID, and the userid (UID) and groupid (GID) numbers (17:17), which should
prevent accidental usage of that UID/GID pair by other packages and
administrators. The "pkiuser" user and group IDs are used in subsystems
associated with the Red Hat Certificate System.

• this updated setup package reserves the new "vdsm" user ID and "kvm"

group ID, and the userid (UID) and groupid (GID) numbers (36:36), which
should prevent accidental usage of that UID/GID pair by other packages and
administrators. VDSM service manages a single SolidICE node (VDS). It
serves as a proxy for Virtual Machine creation, management, statistics, and
log collection.

• this updated setup package reserves the new "oprofile" user ID and group

ID, and the userid (UID) and groupid (GID) numbers (16:16), which should
prevent accidental usage of that UID/GID pair by other packages and
administrators. The "oprofile" user and group IDs are used by the OProfile
program, a low-overhead, system-wide profiler capable of running
transparently in the background.

Users are advised to upgrade to this updated setup package, which resolves
these issues and adds these enhancements.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 199817 - Make csh default umask values and profile.d scripts processing more consistent with bash
• BZ - 457593 - Request official assignment of uid/gid pair for trousers
• BZ - 471918 - Need assigned User/Group for puppet
• BZ - 498332 - Need UID and GID for oprofile

CVEs

(none)

References

(none)