[systemd-devel] sysusers and login.defs checks

[Reindl Harald]

Am 22.07.2014 22:47, schrieb Colin Walters:
> On Mon, Jul 21, 2014, at 09:43 AM, Lennart Poettering wrote:
>>
>> I am pretty strongly against this. Making this administrator
>> configurable apepars very wrong, this really should be a decision for
>> the distribution vendor, and that's it.
> 
> You list one concern below, are there others?
> 
>>  We shouldn't design a system
>> that comes to completely different results if you boot it up with and
>> without /etc populated...
> 
> If that's the only issue, surely we could just have it in the
> /usr/share/factory dir?
> 
> As far as the rationale for having it administrator configurable - I
> think the idea is more that upgraded systems have a login.defs file with
> a min of 500, so humans in the midrange are still identified as such.
> 
> This is called out on
> http://fedoraproject.org/wiki/Features/1000SystemAccounts
> 
> Making the boundary configurable also allows some users to stay with the
> old boundary of 500, if they wish:
> 
>     Because /etc/login.defs is %config(noreplace), upgrades will retain
>     the boundary value 500, and nothing should break.
>     New installations in setups where the UIDs are centrally allocated
>     (e.g. using LDAP) from 500 could be likewise configured to use the
>     boundary value 500 by creating /etc/login.defs in a kickstart %pre
>     script

there are *a lot* of systems out there installed long before systemd
was introduced and you can't safely dig around on dozens of machines
and re-assign the owners of files

there are data far away from /home

don't fix things which ain't broken
all that machines will *never* need dynamic user-id's abvoe 500

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140722/d2b2e244/attachment.sig>