[systemd-devel] sysusers and login.defs checks

Colin Walters walters at verbum.org
Tue Jul 22 13:47:09 PDT 2014


On Mon, Jul 21, 2014, at 09:43 AM, Lennart Poettering wrote:
>
> I am pretty strongly against this. Making this administrator
> configurable apepars very wrong, this really should be a decision for
> the distribution vendor, and that's it.

You list one concern below, are there others?

>  We shouldn't design a system
> that comes to completely different results if you boot it up with and
> without /etc populated...

If that's the only issue, surely we could just have it in the
/usr/share/factory dir?

As far as the rationale for having it administrator configurable - I
think the idea is more that upgraded systems have a login.defs file with
a min of 500, so humans in the midrange are still identified as such.

This is called out on
http://fedoraproject.org/wiki/Features/1000SystemAccounts

Making the boundary configurable also allows some users to stay with the
old boundary of 500, if they wish:

    Because /etc/login.defs is %config(noreplace), upgrades will retain
    the boundary value 500, and nothing should break.
    New installations in setups where the UIDs are centrally allocated
    (e.g. using LDAP) from 500 could be likewise configured to use the
    boundary value 500 by creating /etc/login.defs in a kickstart %pre
    script. 


More information about the systemd-devel mailing list