Hello Sébastian
sysusers is meant to create only system users, not human users... as
such, it doesn't allow you to set the shell, because system users should
never have a shell. Human users are usually created via some distro tool
at install time (adduser & co)

that's for the philosophical explanation of why you are doing something
that is not meant to be done... now let's be a bit more practical...

root is a very special user in many ways, and one of them is that it is
both a human and a system user... As such I would tend to think that the
proper way to deal with it is to either hardcode it in passwd/group or
to create it at install time.

Not really what you wanted to hear, I know, but root is really special,
and will need special-casing whatever solution you take...
hmm, tricky... I see a couple of answers

1) open a RFE on github asking that the lp group be defined in a
base-lp.conf file, so it can be separately overriden (ideally with a patch)
2) just override the systemd-provided basic.conf with arch's version.
You are the distro maintainer, so it's ok to do that.
3) if you don't want to just replace basic.conf, you can create an
archbasic.conf file that would override just the lp group (in case of
double definition the lexicographycally first entry wins, and arch
starts with an a )
    That will cause warnings, but that might be ok, depending on what
your exact constraints are..

Cheers
Jeremy
--
SMILE <http://www.smile.eu/>

20 rue des Jardins
92600 AsniÚres-sur-Seine


*Jérémy ROSEN*
Architecte technique
Responsable de l'expertise Smile-ECS

email ***@smile.fr <mailto:***@smile.fr>
phone +33141402967
url http://www.smile.eu

Twitter <https://twitter.com/GroupeSmile> Facebook
<https://www.facebook.com/smileopensource> LinkedIn
<https://www.linkedin.com/company/smile> Github
<https://github.com/Smile-SA>


Découvrez l’univers Smile, rendez-vous sur smile.eu
<http://smile.eu/?utm_source=signature&utm_medium=email&utm_campaign=signature>

eco Pour la planÚte, n'imprimez ce mail que si c'est nécessaire

Hmm, so sysusers.d as the name suggests is intended for system users,
i.e. the users daemon run as which usually have /usr/bin/nologin as
shell. The "root" user is a bit weird in that regard as it kinda is
both a user humans log into, and a user that daemons run as. Right now
we don't really support the part about "human users logging in" in
sysusers.d and I am not sure if we should, but maybe it would be OK to
have a new "p" stanza or so, that allows setting the root
password. But then again, it's a bit strange having the root pw stored
at some place literally...

Note that "systemd-firstboot" is supposed to be a tool for
provisioning an OS image with basic settings before first boot,
including with a root pw. Maybe just using that would be preferable?
Hmm, you should be able to simply drop-in a second file with a more
strict definition. sysusers.d should probably merge entries like this,
and not complain unless things are directly contradicting. If it does
complain about it we should probably fix that. In that case, please
file a bug.

Lennart