[systemd-devel] Using sysusers to setup a new system

[Sébastien Luttringer]

Hello,

On the way to rely on systemd-sysusers to create all users in a fresh Arch
Linux installation, I'm stuck with two issues[1][2].
The key idea was to rely on systemd-users to create them all and start with
empty passwd/group/shadow/gshadow files[3].
So, we moved all base user definitions in a sysusers.d/arch.conf file; or
better into the package which require them.

The first issue[1] is to be able to define the root user shell.
Currently, sysusers.d/basic.conf  provides a nologin shell, which prevent root
to login and execute commands (even via sudo). We cannot override the
sysusers.d/basic.conf with a crafted version because systemd-sysusers doesn't
support a shell definition in its format. 
As a consequence, I added back root to passwd/group/shadow/gshadow[4].
So, what's the strategy about this? Should root user be an exception and be
defined somewhere else than others users because it requires a valid shell?

The second issue[2] is about the lp group defined in sysusers.d/basic.conf.
Because the cups Arch package set rights on files based on the lp group it
needs a static gid (pacman requirement). lp defined in sysusers.d/basic.conf is
without gid[5], so what's the best way to override it?

Cheers,

Sébastien "Seblu" Luttringer

[1] https://bugs.archlinux.org/task/56017
[2] https://bugs.archlinux.org/task/56818
[3] https://bugs.archlinux.org/task/45196
[4] I love it when a plan comes together ©
[5] https://bugs.archlinux.org/task/55793

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20171223/faa1291c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 821 bytes
Desc: This is a digitally signed message part
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20171223/faa1291c/attachment.sig>