[systemd-devel] [ANNOUNCE] systemd 216

Lennart Poettering lennart at poettering.net
Wed Aug 20 06:54:19 PDT 2014

On Wed, 20.08.14 09:40, Dave Reisner (d at falconindy.com) wrote:

> > > The sysusers.d file shipped with this has:
> > > 
> > >   u systemd-journal-remote        -               "systemd Journal Remote"
> > > 
> > > But the tmpfiles.d fragment has:
> > > 
> > >   z /var/log/journal/remote 2755 root systemd-journal-remote - -
> > >   z /run/log/journal/remote 2755 root systemd-journal-remote - -
> > > 
> > > There's no "systemd-journal-remote" group created...
> > 
> > In sysusers, each system user will always implicitly get a group of the
> > same name too.
> > 
> Ok, I see that now. Digging into the logic of how this works, sysusers
> will probably never run after an online update. Is the expectation that
> distros just run systemd-sysusers in their post_upgrade scripts?

Yes. Though it is slightly more complicated than that. Some users need
to be created by packages before the first file of the package is
installed, so that files can be owned by the users in question. For
users like that you actually need to invoke the tool *before* unpacking
the package. Now, of course, given that the user info is supposed to be
stored in one of those files that are supposed to be installed we'd have
a chicken-and-egg problem here: we'd like to create the users before the
files that include the user definition are installed.

We break that cycle by also offering a way how user systemd-sysusers can
be invoked with reading its data from stdin. The idea is then that the
packages in question duplicate the user definition inline in the pre
package, if they need users that exist before the package is installed.

Yeah, it's not pretty, but we couldn't come up with anything better.


Lennart Poettering, Red Hat

More information about the systemd-devel mailing list