[systemd-devel] Combining systemd-firstboot and systemd-sysusers

Ivan Shapovalov intelfx100 at gmail.com
Fri Feb 13 21:07:40 PST 2015

Hi all,

I'm trying to adapt systemd-{sysusers,firstboot} for creating the system
users in an initramfs (at generation time).
(Note: I use systemd-firstboot to set the root password.)

The situation
So, I'm running firstboot before sysusers (judging from the unit files,
this seems to be desired order).

    systemd-firstboot --root=... --root-password=PASSWORD
    systemd-sysusers --root=...

The problem
systemd-firstboot, when ran, writes /etc/shadow only. Then
systemd-sysusers is ran, but it expects entries to be present
in both /etc/passwd and /etc/shadow.

An entry which is present only in /etc/shadow but not in /etc/passwd
produces an EEXIST error at lines 620-623 (if I had run the tools
without --root argument, a different codepath would've been taken and I
would've got an EBADMSG error at lines 902-905).

The solutions
I see three solutions.

- we can make systemd-firstboot write both /etc/passwd and /etc/shadow
  (but this is duplication of functionality; I don't like this way...)

- we can run systemd-sysusers before systemd-firstboot
  (but systemd-firstboot won't write the password if the entry already

- make systemd-sysusers correctly handle entries which are only present
  in /etc/shadow
  (how? by preserving the shadow entry? by overwriting it, preserving 
   the password? how else?)

The question
Which one to implement?

Thanks for consideration,
Ivan Shapovalov / intelfx /
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150214/028d3c35/attachment.sig>

More information about the systemd-devel mailing list