From c45916e030257ce66a0d3642e6b0fedd75453c9d Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Mon, 21 Mar 2022 19:26:53 +0100
Subject: [PATCH] Exclude  user nfsnobody who is equivalent to nobody

Although we already exclude the user with username 'nobody', in some
systems (at least RHEL7) the user 'nobody' has uid 99, and the user
'nfsnobody' has uid 65534.

This patch excludes the user with name nfsnobody from the check on
RHEL7 systems.
---
 .../oval/shared.xml                                      | 9 +++++++++
 .../accounts_users_home_files_ownership/oval/shared.xml  | 9 +++++++++
 .../oval/shared.xml                                      | 9 +++++++++
 3 files changed, 27 insertions(+)

diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/oval/shared.xml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/oval/shared.xml
index 1fd016a87e12..eb4774983738 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/oval/shared.xml
@@ -10,12 +10,21 @@
   <unix:password_object id="object_accounts_users_home_files_groupownership_objects" version="1">
     <unix:username datatype="string" operation="not equal">nobody</unix:username>
     <filter action="include">state_accounts_users_home_files_groupownership_interactive_gids</filter>
+{{%- if product == 'rhel7' %}}
+    <filter action="exclude">state_accounts_users_home_files_groupownership_nfsnobody</filter>
+{{%- endif %}}
   </unix:password_object>
 
   <unix:password_state id="state_accounts_users_home_files_groupownership_interactive_gids" version="1">
     <unix:user_id datatype="int" operation="greater than or equal">{{{ gid_min }}}</unix:user_id>
   </unix:password_state>
 
+{{%- if product == 'rhel7' %}}
+  <unix:password_state id="state_accounts_users_home_files_groupownership_nfsnobody" version="1">
+    <unix:username datatype="string" operation="equals">nfsnobody</unix:username>
+  </unix:password_state>
+{{%- endif %}}
+
   <local_variable id="var_accounts_users_home_files_groupownership_dirs" datatype="string" version="1"
                   comment="Variable including all home dirs from interactive users">
     <object_component item_field="home_dir"
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/oval/shared.xml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/oval/shared.xml
index 1850cfb738f1..503cc5daf7a9 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/oval/shared.xml
@@ -10,12 +10,21 @@
   <unix:password_object id="object_accounts_users_home_files_ownership_objects" version="1">
     <unix:username datatype="string" operation="not equal">nobody</unix:username>
     <filter action="include">state_accounts_users_home_files_ownership_interactive_uids</filter>
+{{%- if product == 'rhel7' %}}
+    <filter action="exclude">state_accounts_users_home_files_ownership_nfsnobody</filter>
+{{%- endif %}}
   </unix:password_object>
 
   <unix:password_state id="state_accounts_users_home_files_ownership_interactive_uids" version="1">
     <unix:user_id datatype="int" operation="greater than or equal">{{{ uid_min }}}</unix:user_id>
   </unix:password_state>
 
+{{%- if product == 'rhel7' %}}
+  <unix:password_state id="state_accounts_users_home_files_ownership_nfsnobody" version="1">
+    <unix:username datatype="string" operation="equals">nfsnobody</unix:username>
+  </unix:password_state>
+{{%- endif %}}
+
   <local_variable id="var_accounts_users_home_files_ownership_dirs" datatype="string" version="1"
                   comment="Variable including all home dirs from interactive users">
     <object_component item_field="home_dir"
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/oval/shared.xml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/oval/shared.xml
index d3db46dc189d..1763f789ca47 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/oval/shared.xml
@@ -12,12 +12,21 @@
   <unix:password_object id="object_accounts_users_home_files_permissions_objects" version="1">
     <unix:username datatype="string" operation="not equal">nobody</unix:username>
     <filter action="include">state_accounts_users_home_files_permissions_interactive_uids</filter>
+{{%- if product == 'rhel7' %}}
+    <filter action="exclude">state_accounts_users_home_files_permissions_nfsnobody</filter>
+{{%- endif %}}
   </unix:password_object>
 
   <unix:password_state id="state_accounts_users_home_files_permissions_interactive_uids" version="1">
     <unix:user_id datatype="int" operation="greater than or equal">{{{ uid_min }}}</unix:user_id>
   </unix:password_state>
 
+{{%- if product == 'rhel7' %}}
+  <unix:password_state id="state_accounts_users_home_files_permissions_nfsnobody" version="1">
+    <unix:username datatype="string" operation="equals">nfsnobody</unix:username>
+  </unix:password_state>
+{{%- endif %}}
+
   <!-- #### prepare for test_file_permissions_home_directories #### -->
   <local_variable id="var_accounts_users_home_files_permissions_dirs" datatype="string" version="1"
                   comment="Variable including all home dirs from interactive users">