On 23/12/2017 00:33, SÃ©bastien Luttringer wrote:
> On the way to rely on /systemd-sysusers/ to create *all* users in a
> fresh Arch Linux installation, I'm stuck with two issues.
> The key idea was toÂ rely on /systemd-users/ to create them all and
> start with empty passwd/group/shadow/gshadow files.
> So, we moved all base user definitions in a /sysusers.d/arch.conf/
> file; or better into the package which require them.
> The first issue is to be able to define the root user shell.
> Currently, /sysusers.d///basic.conf/ provides a nologin shell, which
> prevent root to login and execute commands (even via sudo). We cannot
> override the /sysusers.d///basic.conf/ with a crafted version because
> /systemd-sysusers/ doesn't support a shell definition in its format.
> As a consequence, I added back root to passwd/group/shadow/gshadow.
> So, what's the strategy about this? Should root user be an exception
> and be defined somewhere else than others users because it requires a
> valid shell?
sysusers is meant to create only system users, not human users... as
such, it doesn't allow you to set the shell, because system users should
never have a shell. Human users are usually created via some distro tool
at install time (adduser & co)
that's for the philosophical explanation of why you are doing something
that is not meant to be done... now let's be a bit more practical...
root is a very special user in many ways, and one of them is that it is
both a human and a system user... As such I would tend to think that the
proper way to deal with it is to either hardcode it in passwd/group or
to create it at install time.
Not really what you wanted to hear, I know, but root is really special,
and will need special-casing whatever solution you take...
> The second issue is about the lp group defined in
> /sysusers.d///basic.conf/. Because the /cups/ Arch package set rights
> on files based on the lp group it needs a static gid (pacman
> requirement). lp defined in /sysusers.d///basic.conf/ is without
> gid, so what's the best way to override it?
hmm, tricky... I see a couple of answers
1) open a RFE on github asking that the lp group be defined in a
base-lp.conf file, so it can be separately overriden (ideally with a patch)
2) just override the systemd-provided basic.conf with arch's version.
You are the distro maintainer, so it's ok to do that.
3) if you don't want to just replace basic.conf, you can create an
archbasic.conf file that would override just the lp group (in case of
double definition the lexicographycally first entry wins, and arch
starts with an a )
Â Â Â That will cause warnings, but that might be ok, depending on what
your exact constraints are..
> SÃ©bastien "Seblu" Luttringer
>  https://bugs.archlinux.org/task/56017
>  https://bugs.archlinux.org/task/56818
>  https://bugs.archlinux.org/task/45196
>  I love it when a plan comes together Â©
>  https://bugs.archlinux.org/task/55793
> systemd-devel mailing list
20 rue des Jardins
Responsable de l'expertise Smile-ECS
email ***@smile.fr <mailto:***@smile.fr>
Twitter <https://twitter.com/GroupeSmile> Facebook
DÃ©couvrez lâunivers Smile, rendez-vous sur smile.eu
eco Pour la planÃšte, n'imprimez ce mail que si c'est nÃ©cessaire