[systemd-devel] sysusers and login.defs checks

Kay Sievers kay at vrfy.org
Wed Jul 23 07:55:59 PDT 2014


On Wed, Jul 23, 2014 at 4:28 PM, Zbigniew Jędrzejewski-Szmek
<zbyszek at in.waw.pl> wrote:

> Anyway, I think that /etc/login.defs support is made out to be something
> much more complicated than it really is. IMHO we should:
>
> - read /etc/login.defs and fall back to the compiled in value
> - use whatever result we get in coredump, journald, and sysusers
>
> It's not like the implementation would be hard, intrusive, or slow. It'd be
> probably +3 lines in one or two places.

It is not about the effort *how* to do it, it is *why*. And I still
don't think we should have dynamic configuration options for this, it
is all just a huge mess that needs to be limited to the bare minimum,
it is just too broken as a concept to be supported that way.

> If we come up with additional heuristics or rules to determine human
> accounts, we can safely add them in a backwards compatible way.

We cannot do any normal user queries from journald, so none of the
metadata like the primary group is easily for a user is available.

Sysusers is, and probably always will be, limited to the classic
passwd, group file. Maybe we can just read the files ourselves and
find out that a certain uid is a normal user? Like:
  - uid >= "1000" --> normal user
  - lookup uid in passwd
  - user not found --> normal user
  - user < 1000 && group == "users" --> normal user
  - everything else would be a system user

Kay


More information about the systemd-devel mailing list