[systemd-devel] systemd-sysusers and gshadow

Mon Jul 7 10:16:20 PDT 2014

On Mon, Jul 07, 2014 at 05:40:42PM +0200, Lennart Poettering wrote:
> On Mon, 07.07.14 11:08, Leonid Isaev (lisaev at umail.iu.edu) wrote:
> 
> > Hi,
> > 
> > 	Thanks for the explanation...
> > 
> > On Mon, Jul 07, 2014 at 12:26:03PM +0200, Lennart Poettering wrote:
> > > I wasn#t aware of grpck, and quite frankly  don't think it makes much
> > > sense, what the tool is doing.
> > 
> > Why? Checking syntax can never hurt...
> 
> Well, I am not opposed to that. I am just saying that otherwise the
> current logic so nicely considers an account with a missing counterpart
> in /etc/shadow disabled with no way to log in, which is exactly what we
> want here. However, grpck tool breaks that...

Ah, right. So you mean grpck _and_ pwck.

Is this a new systemd-only thinking, or is it something to be taken to the
shadow upstream (because {grp,pw}ck is provided by shadow)?

> 
> > > > Does it mean that on each update, a package manager should touch
> > > > /etc/.updated?
> > > 
> > > Hmm? No. A package manager should touch /usr after having done its work.
> > 
> > Just to see if I understand: this would mean that ConditionNeedsUpdate = .true.
> > for /etc, no? So, we _do_ want systemd-sysusers.service, ldconfig.service, et
> > al. to run on next boot after an update?
> 
> Well, the idea is that they are NOPs if they already ran from postinst...

OK. Fixing post_install scripts of every package is probably not going to
happen, so running the above services on-boot seems indeed better.

Cheers,
-- 
Leonid Isaev
GPG fingerprints: DA92 034D B4A8 EC51 7EA6  20DF 9291 EE8A 043C B8C4
                  C0DF 20D0 C075 C3F1 E1BE  775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140707/c902c3ff/attachment.sig>