[systemd-devel] sysusers and login.defs checks

Colin Guthrie gmane at colin.guthr.ie
Wed Jul 23 03:29:20 PDT 2014 

'Twas brillig, and Colin Walters at 22/07/14 21:47 did gyre and gimble:
> On Mon, Jul 21, 2014, at 09:43 AM, Lennart Poettering wrote:
>>
>> I am pretty strongly against this. Making this administrator
>> configurable apepars very wrong, this really should be a decision for
>> the distribution vendor, and that's it.
> 
> You list one concern below, are there others?
> 
>>  We shouldn't design a system
>> that comes to completely different results if you boot it up with and
>> without /etc populated...
> 
> If that's the only issue, surely we could just have it in the
> /usr/share/factory dir?

While I'm (personally) wanting to support login.defs here, there is
still a chicken+egg that is not really resolvable here (AFAICT)

If there was a /usr/share/factory/etc/login.defs with e.g. 500 boundary
point, then this file would presumably be copied in by tmpfiles to
populate /etc/login.defs

BUT, as tmpfiles often needs users to exist (to do chowning etc), it has
to run after sysusers.

As sysusers would be one of the consumers of a /etc/login.defs parser,
it wouldn't "see" the /etc/login.defs until too late, thus possibly
creating system users with the compiled in default rather than the
"configured" default.

One cracked egg and an angry chicken :)


This was pretty much the same concern I had when Zbigniew patched
sysusers to also look in /etc/sysusers.d/. The same chicken and egg
scenario exists there, but Lennart was OK with it in that context.

To be honest, I'm not really sure why this chicken+egg is different from
the sysusers one, so I'd expect either both to be rejected or both
accepted but I'm not crazy fussed in this case as it should be easy
enough to hack in /etc/login.defs parsing downstream where our primary
use case is supporting "normal" installs where /etc/ is persistent and
often upgraded from older releases.


Col


PS I appreciate that I've "flipped sides" in my chicken+egg debate
compared to the concern I raised with Zbigniew's sysusers patch! I
always reserve the right to contradict myself :p

-- 

Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/

More information about the systemd-devel mailing list