[systemd-devel] sysusers and login.defs checks

Zbigniew Jędrzejewski-Szmek zbyszek at in.waw.pl
Sun Jul 20 19:16:43 PDT 2014


On Sun, Jul 20, 2014 at 11:30:20PM +0100, Colin Guthrie wrote:
> 'Twas brillig, and Reindl Harald at 20/07/14 22:52 did gyre and gimble:
> > 
> > Am 20.07.2014 23:38, schrieb Colin Guthrie:
> >> 'Twas brillig, and Colin Guthrie at 20/07/14 22:31 did gyre and gimble:
> >>> Those defaults could be set from a compile time check of
> >>> login.defs too.
> >>
> >> FWIW, at least here, /etc/login.defs is not readable by regular users so
> >> any build system that builds as non-root won't even get those defaults
> >> anyway, so that's probably another argument for runtime checks too...
> > 
> > why is it not readable?
> 
> No idea. Probably some pseudo "security" related reason dating back many
> years.
> 
> Perms here are:
> -rw-r----- 1 root shadow
> 
> I can't really think of any reason as to why this would genuinely help,
> but then I can't think why a regular user.
> 
> Not a big deal in this case really tho' - I think the original argument
> still stands.
I agree. Not reading /etc/login.defs makes the tool troublesome for
existing installations.

I've experienced a related problem, where coredumps would not be
visible for my user on a Fedora machine which has been upgraded over
many versions.  It turns out that the user had uid 500 or something
like that, and systemd-coredump treated the account as as a system
account.

Zbyszek


More information about the systemd-devel mailing list