[systemd-devel] systemd in initramfs: /etc/passwd, /etc/group, emergency.service and sulogin

Lennart Poettering lennart at poettering.net
Mon Oct 27 07:57:11 PDT 2014


On Sat, 25.10.14 00:52, Ivan Shapovalov (intelfx100 at gmail.com) wrote:

> Hi,
> 
> A few questions regarding usage of systemd+udev in initramfs. Before all,
> this is what I want to achieve (to prevent XY-problems): working
> emergency.service in initramfs.
> 
> The questions are a bit Arch-specific and possibly lame, but well...
> 
> - is /etc/passwd still[1] needed in initramfs due to libdbus1?

Hmm, good question. 

I think for the simpler cases /etc/passwd could be empty now. However,
as soon as networkd is thrown into the mix we really want the
"systemd-network" user around, so that networkd can drop privs, which
it really should do a network-facing daemon that it is.

> - how to pass '--resolve-names=never' to udevd in initramfs, will it work this
>   way and will it allow to exclude /etc/group[2] from initramfs?

You should be able to pass it in the systemd-udevd.service unit file
you ship in the unit file. I think doing this should be OK, but I
figure you have to try. That all said, due to the "systemd-network"
user I am not convinced that a /etc/passwd-less initrd is really
useful for more than the simplest cases.

> - is it possible to use 'sulogin -e' instead of 'sulogin'[3]
>   security-wise?

Sure, just override the upstream unit files in question. That said, I
am a bit afraid of making this change upstream...

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list