[systemd-devel] sysusers and login.defs checks
Kay Sievers
kay at vrfy.org
Wed Jul 23 07:55:59 PDT 2014
On Wed, Jul 23, 2014 at 4:28 PM, Zbigniew Jędrzejewski-Szmek
<zbyszek at in.waw.pl> wrote:
> Anyway, I think that /etc/login.defs support is made out to be something
> much more complicated than it really is. IMHO we should:
>
> - read /etc/login.defs and fall back to the compiled in value
> - use whatever result we get in coredump, journald, and sysusers
>
> It's not like the implementation would be hard, intrusive, or slow. It'd be
> probably +3 lines in one or two places.
It is not about the effort *how* to do it, it is *why*. And I still
don't think we should have dynamic configuration options for this, it
is all just a huge mess that needs to be limited to the bare minimum,
it is just too broken as a concept to be supported that way.
> If we come up with additional heuristics or rules to determine human
> accounts, we can safely add them in a backwards compatible way.
We cannot do any normal user queries from journald, so none of the
metadata like the primary group is easily for a user is available.
Sysusers is, and probably always will be, limited to the classic
passwd, group file. Maybe we can just read the files ourselves and
find out that a certain uid is a normal user? Like:
- uid >= "1000" --> normal user
- lookup uid in passwd
- user not found --> normal user
- user < 1000 && group == "users" --> normal user
- everything else would be a system user
Kay
More information about the systemd-devel
mailing list