[systemd-devel] systemd-sysusers and gshadow
Lennart Poettering
lennart at poettering.net
Mon Jul 7 03:26:03 PDT 2014
On Sun, 06.07.14 19:17, Leonid Isaev (lisaev at umail.iu.edu) wrote:
> Hi,
>
> Shouldn't systemd-sysusers update /etc/gshadow when adding 'basic'
> groups? From sysusers.c I don't see that gshadow (and shadow) is updated, and
> this seems to cause problems on package updates. Consider the following
> scenario:
> 1. A package is updated, so timestamp of /usr gets ahead of /etc/.updated.
> 2. On next boot, new groups are added to /etc/group. In the case of archlinux
> these are dialout, tape and cdrom -- which I had to manually groupdel.
> 3. gshadow is out-of-sync with group, so routine cron-based grpck
> fails.
Well, the reason we don't bother with /etc/shadow and /etc/gshadow, is
that we didnt want to set any password for the accounts sysusers
creates. And no matching entry in these files means that an account
doesn't have any password set, and cannot be used for login.
I wasn#t aware of grpck, and quite frankly don't think it makes much
sense, what the tool is doing.
But anyway, fixing sysusers to also add the users to shadow and gshadow
should be trivial (well, for gshadow there's no API in glibc to write
these files...)
> Does it mean that on each update, a package manager should touch
> /etc/.updated?
Hmm? No. A package manager should touch /usr after having done its work.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list