[systemd-devel] Combining systemd-firstboot and systemd-sysusers

[Ivan Shapovalov]

On 2015-02-14 at 08:07 +0300, Ivan Shapovalov wrote:
> Hi all,
> 
> I'm trying to adapt systemd-{sysusers,firstboot} for creating the system
> users in an initramfs (at generation time).
> (Note: I use systemd-firstboot to set the root password.)
> 
> The situation
> -------------
> So, I'm running firstboot before sysusers (judging from the unit files,
> this seems to be desired order).
> 
>     systemd-firstboot --root=... --root-password=PASSWORD
>     systemd-sysusers --root=...
> 
> The problem
> -----------
> systemd-firstboot, when ran, writes /etc/shadow only. Then
> systemd-sysusers is ran, but it expects entries to be present
> in both /etc/passwd and /etc/shadow.
> 
> An entry which is present only in /etc/shadow but not in /etc/passwd
> produces an EEXIST error at lines 620-623 (if I had run the tools
> without --root argument, a different codepath would've been taken and I
> would've got an EBADMSG error at lines 902-905).
> 
> The solutions
> -------------
> I see three solutions.
> 
> - we can make systemd-firstboot write both /etc/passwd and /etc/shadow
>   entries
>   (but this is duplication of functionality; I don't like this way...)
> 
> - we can run systemd-sysusers before systemd-firstboot
>   (but systemd-firstboot won't write the password if the entry already
>    exists)
> 
> - make systemd-sysusers correctly handle entries which are only present
>   in /etc/shadow
>   (how? by preserving the shadow entry? by overwriting it, preserving 
>    the password? how else?)
> 
> The question
> ------------
> Which one to implement?
> 
> Thanks for consideration,

Ping? Anything on this?

-- 
Ivan Shapovalov / intelfx /
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150222/5752c372/attachment.sig>