<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hello Sébastian<br>
<br>
<div class="moz-cite-prefix">On 23/12/2017 00:33, Sébastien
Luttringer wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1513985613.22891.4.camel@seblu.net">
<div>Hello,</div>
<div><br>
</div>
<div>On the way to rely on <i>systemd-sysusers</i> to create <b>all</b>
users in a fresh Arch Linux installation, I'm stuck with two
issues[1][2].</div>
<div>The key idea was to rely on <i>systemd-users</i> to create
them all and start with empty passwd/group/shadow/gshadow
files[3].</div>
<div>So, we moved all base user definitions in a <i>sysusers.d/arch.conf</i>
file; or better into the package which require them.</div>
<div><br>
</div>
<div>The first issue[1] is to be able to define the root user
shell. Currently, <i>sysusers.d/</i><i>basic.conf</i> provides a
nologin shell, which prevent root to login and execute commands
(even via sudo). We cannot override the <i>sysusers.d/</i><i>basic.conf</i>
with a crafted version because <i>systemd-sysusers</i> doesn't
support a shell definition in its format. </div>
<div>As a consequence, I added back root to
passwd/group/shadow/gshadow[4].</div>
<div>So, what's the strategy about this? Should root user be an
exception and be defined somewhere else than others users
because it requires a valid shell?</div>
<div><br>
</div>
</blockquote>
sysusers is meant to create only system users, not human users... as
such, it doesn't allow you to set the shell, because system users
should never have a shell. Human users are usually created via some
distro tool at install time (adduser & co)<br>
<br>
that's for the philosophical explanation of why you are doing
something that is not meant to be done... now let's be a bit more
practical...<br>
<br>
root is a very special user in many ways, and one of them is that it
is both a human and a system user... As such I would tend to think
that the proper way to deal with it is to either hardcode it in
passwd/group or to create it at install time. <br>
<br>
Not really what you wanted to hear, I know, but root is really
special, and will need special-casing whatever solution you take...<br>
<br>
<blockquote type="cite"
cite="mid:1513985613.22891.4.camel@seblu.net">
<div>The second issue[2] is about the lp group defined in <i>sysusers.d/</i><i>basic.conf</i>.
Because the <i>cups</i> Arch package set rights on files based
on the lp group it needs a static gid (pacman requirement). lp
defined in <i>sysusers.d/</i><i>basic.conf</i> is without
gid[5], so what's the best way to override it?</div>
<div><br>
</div>
</blockquote>
<br>
hmm, tricky... I see a couple of answers<br>
<br>
1) open a RFE on github asking that the lp group be defined in a
base-lp.conf file, so it can be separately overriden (ideally with a
patch)<br>
2) just override the systemd-provided basic.conf with arch's
version. You are the distro maintainer, so it's ok to do that.<br>
3) if you don't want to just replace basic.conf, you can create an
archbasic.conf file that would override just the lp group (in case
of double definition the lexicographycally first entry wins, and
arch starts with an a )<br>
That will cause warnings, but that might be ok, depending on
what your exact constraints are..<br>
<br>
Cheers<br>
Jeremy<br>
<br>
<br>
<blockquote type="cite"
cite="mid:1513985613.22891.4.camel@seblu.net">
<div>Cheers,</div>
<div><br>
</div>
<div>Sébastien "Seblu" Luttringer</div>
<div><br>
</div>
<div>
<div>[1] <a href="https://bugs.archlinux.org/task/56017"
moz-do-not-send="true">https://bugs.archlinux.org/task/56017</a></div>
<div>[2] <a href="https://bugs.archlinux.org/task/56818"
moz-do-not-send="true">https://bugs.archlinux.org/task/56818</a></div>
</div>
<div>[3] <a href="https://bugs.archlinux.org/task/45196"
moz-do-not-send="true">https://bugs.archlinux.org/task/45196</a></div>
<div>[4] I love it when a plan comes together ©</div>
<div>[5] <a href="https://bugs.archlinux.org/task/55793"
moz-do-not-send="true">https://bugs.archlinux.org/task/55793</a></div>
<div><br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
systemd-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:systemd-devel@lists.freedesktop.org">systemd-devel@lists.freedesktop.org</a>
<a class="moz-txt-link-freetext" href="https://lists.freedesktop.org/mailman/listinfo/systemd-devel">https://lists.freedesktop.org/mailman/listinfo/systemd-devel</a>
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<div>
<link href="https://fonts.googleapis.com/css?family=Raleway"
rel="stylesheet" type="text/css">
<font face="Raleway, regular">
<table style="padding:20px;margin-bottom:-10px" border="0">
<tbody>
<tr>
<td style="font-size:13px; color:#ff8054; text-align:
center; padding-right:30px"> <a
href="http://www.smile.eu/"> <img
style="max-width:100%; height:auto"
src="http://ftp.smile.fr/client/Communication/signature/img/Logo-new.png"
alt="SMILE"> </a><br>
<br>
<p style="line-heigth:8px">20 rue des Jardins<br>
92600 Asnières-sur-Seine</p>
</td>
<td style="border-left: 1px solid #3b7ffe;
padding-left:20px; font-size:13px; color:#ff8054;">
<div style="color:#ff8054; font-size:14px;"> <b>Jérémy
ROSEN</b> </div>
<div style="color:#3b7ffe; font-size:13px;">
Architecte technique<br>
Responsable de l'expertise Smile-ECS </div>
<br>
<div style="color:#3b7ffe; font-size:13px;"> <span
style="white-space: nowrap"><img
style="margin-right:5px"
src="http://ftp.smile.fr/client/Communication/signature/img/mail.png"
alt="email" width="12" height="10"> <a
href="mailto:jeremy.rosen@smile.fr"
style="color:#3b7ffe; font-size:13px;
text-decoration:none;">jeremy.rosen@smile.fr</a>
</span> <br>
<span style="white-space: nowrap"><img
style="margin-right:5px"
src="http://ftp.smile.fr/client/Communication/signature/img/phone.png"
alt="phone" width="10" height="10"></span>
+33141402967 <br>
<span style="white-space: nowrap"><img
style="margin-right:5px"
src="http://ftp.smile.fr/client/Communication/signature/img/web.png"
alt="url" width="12" height="12">
<a href="http://www.smile.eu"
style="color:#3b7ffe; font-size:13px;
text-decoration:none;">http://www.smile.eu</a> </span>
</div>
<br>
<div> <span><a style="margin-right:5px"
href="https://twitter.com/GroupeSmile"><img
src="http://ftp.smile.fr/client/Communication/signature/img/rs-twitter.png"
alt="Twitter" style="max-width:100%;
height:auto"></a></span> <span><a
style="margin-right:5px"
href="https://www.facebook.com/smileopensource"><img
src="http://ftp.smile.fr/client/Communication/signature/img/rs-facebook.png"
alt="Facebook" style="max-width:100%;
height:auto"></a></span> <span><a
style="margin-right:5px"
href="https://www.linkedin.com/company/smile"><img
src="http://ftp.smile.fr/client/Communication/signature/img/rs-linkedin.png"
alt="LinkedIn" style="max-width:100%;
height:auto"></a></span> <span><a
style="margin-right:5px"
href="https://github.com/Smile-SA"><img
src="http://ftp.smile.fr/client/Communication/signature/img/rs-github.png"
alt="Github" style="max-width:100%;
height:auto"></a></span> </div>
</td>
</tr>
</tbody>
</table>
<br>
<div> <a
href="http://smile.eu/?utm_source=signature&utm_medium=email&utm_campaign=signature"><img
src="http://signature.smile.eu/assets/img/bandeau_mail_smile2017.gif.gif"
alt="Découvrez l’univers Smile, rendez-vous sur
smile.eu" border="0"></a></div>
<br>
<div style="color:#a3acb5; font-size:10px;"> <img
src="http://ftp.smile.fr/client/Communication/signature/img/eco.png"
alt="eco" width="13" height="11"> Pour la planète,
n'imprimez ce mail que si c'est nécessaire </div>
</font>
</div>
</div>
</body>
</html>