Re: [systemd-devel] [PATCH] sysusers: allow overrides in /etc and /run

[Colin Guthrie]

'Twas brillig, and Zbigniew Jędrzejewski-Szmek at 10/07/14 17:58 did
gyre and gimble:
 On Thu, Jul 10, 2014 at 04:18:15PM +0100, Colin Guthrie wrote:
 I don't use RPM, but having your system's user policy consist of
 running useradd in a pre-installation script seems... sub-optimal. 

 It is :)

 But sadly that's the way it's been done for a while, but now that there
 is a mechanism to decouple this from pre scripts, we'll be good.
 BTW., does anyone know what happened to the filetriggers idea [1]?
 Is it available in upstream rpm generally and/or in Fedora?
 It would be really nice to use this to avoid %post macros in every rpm
 using sysusers and tmpfiles.

We've been using filetriggers in Mageia for a while. They certainly save
a lot of %pre/%post cruft and while I've not yet moved tmpfiles over to
them (originally calling --create without a config basename would create
the /run/nologin file which meant a generic filetriggers was tricky, but
you split that up a while back now and thus this is now possible), but
certainly going to do so for sysusers!

Col


-- 

Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] sysusers: allow overrides in /etc and /run

[Zbigniew Jędrzejewski-Szmek]

On Thu, Jul 10, 2014 at 10:39:29PM +0200, Lennart Poettering wrote:
 Makes sense, commit!
Done.

 (Also needs man page update I figure...)
That was more work than the code change ;)

Zbyszek
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH] sysusers: allow overrides in /etc and /run

[Zbigniew Jędrzejewski-Szmek]

An administrator might want to block a certain sysusers config file from
being executed, e.g. to block the creation of a certain user.
---
 src/sysusers/sysusers.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index 129493a1e7..68c552d24a 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -62,6 +62,8 @@ typedef struct Item {
 static char *arg_root = NULL;
 
 static const char conf_file_dirs[] =
+/etc/sysusers.d\0
+/run/sysusers.d\0
 /usr/local/lib/sysusers.d\0
 /usr/lib/sysusers.d\0
 #ifdef HAVE_SPLIT_USR
-- 
2.0.0

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] sysusers: allow overrides in /etc and /run

[Colin Guthrie]

'Twas brillig, and Zbigniew Jędrzejewski-Szmek at 10/07/14 13:51 did
gyre and gimble:
 An administrator might want to block a certain sysusers config file from
 being executed, e.g. to block the creation of a certain user.
 ---
  src/sysusers/sysusers.c | 2 ++
  1 file changed, 2 insertions(+)
 
 diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
 index 129493a1e7..68c552d24a 100644
 --- a/src/sysusers/sysusers.c
 +++ b/src/sysusers/sysusers.c
 @@ -62,6 +62,8 @@ typedef struct Item {
  static char *arg_root = NULL;
  
  static const char conf_file_dirs[] =
 +/etc/sysusers.d\0
 +/run/sysusers.d\0
  /usr/local/lib/sysusers.d\0
  /usr/lib/sysusers.d\0
  #ifdef HAVE_SPLIT_USR

I guess this is probably OK, but isn't it a bit counter intuitive? I
mean one of the reasons for sysuser is due to /etc/ being bootstrapped.
In this case I'd have thought that looking in /etc/ is a bit weird.

What if you create a tmpfiles snippet to create a
/etc/sysusers.d/foo.conf file, does that mean we have to run tmpfiles
before sysusers?

But then I do accept that when sysusers is used for non-bootstrapping
(i.e. just instead of the %pre useradd in RPM scripts and the like) it
might be something an administrator would want to override. That said,
AFAIK, there is no way to override this current with rpm scripts, so I
wonder if this is really something to bother supporting ongoing.

Col





-- 

Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] sysusers: allow overrides in /etc and /run

[Colin Guthrie]

'Twas brillig, and Tobias Geerinckx-Rice at 10/07/14 15:53 did gyre and
gimble:
 On 10 July 2014 13:41, Colin Guthrie gm...@colin.guthr.ie wrote:

 'Twas brillig, and Zbigniew Jędrzejewski-Szmek at 10/07/14 13:51 did
 gyre and gimble:
 An administrator might want to block a certain sysusers config file from
 being executed, e.g. to block the creation of a certain user.
 I guess this is probably OK, but isn't it a bit counter intuitive? I
 mean one of the reasons for sysuser is due to /etc/ being bootstrapped.
 In this case I'd have thought that looking in /etc/ is a bit weird.
 
 Starting one's laptop in 2014 and seeing a new tape user added is
 also a bit weird :-) Although I'm running -git at the moment, not a
 distribution package, so maybe that's not what's supposed to happen.
 
 My first reaction was to create my own /etc/sysuser.d/basic.conf
 without it. Of course, that didn't work. Oh well. It wouldn't have
 been an ideal solution anyway, probably breaking future upgrades if
 the upstream basic.conf were to change.

Well, this is a reasonable assumption overall I guess, especially
considering the usual logic of overriding supported elsewhere in
similar tools.

It would only break things in future if basic.conf changed to have more
essential users. I would suggest that we should put some of these
standard, but legacy, users into a legacy.conf instead which should
lessen the risk of future updates should you override it on your system
(and assuming this patch is accepted!)

 But then I do accept that when sysusers is used for non-bootstrapping
 (i.e. just instead of the %pre useradd in RPM scripts and the like) it
 might be something an administrator would want to override. That said,
 AFAIK, there is no way to override this current with rpm scripts, so I
 wonder if this is really something to bother supporting ongoing.
 
 non-contributor tangent alert
 
 I don't use RPM, but having your system's user policy consist of
 running useradd in a pre-installation script seems... sub-optimal. 

It is :)

But sadly that's the way it's been done for a while, but now that there
is a mechanism to decouple this from pre scripts, we'll be good.

(there is a small issue of ownership of certain files according to rpm -
e.g. if the package wants to ship files that are user or group owned by
users the package itself creates - but I suspect most of these cases
will refer to files in /etc or /var both of which should be
bootstrapable and thus have files fixed up by tmpfiles so it's likely
not a huge issue practically speaking).

 Replacing this kind of distribution-level system user management --
 if any -- with something remotely scalable still smells like a good
 idea. 

Yup, totally agree. I really like the sysusers.d stuff generally and
look forward to cleaning up a lot of packages to get rid of these old
%pre bits

 So does separating package-managed users/groups from
 administrator-managed ones: my /etc/groups currently contains
 openvpn, clamav and kvm, despite my having purged those packages
 ages ago. Why? I'm not convinced that users or admins, no matter how
 grey their beards, should be expected to manage such details *by
 default*.

Well, the issue there is one of file ownership. Typically these users
are created on installation but never purged on uninstall simply because
files may have been stored using those users. e.g.
/var/spool/clamav/virusmails/ might all be owned by clamav. If the user
was purged when clamav was removed, all that data might sit there owned
by the uid/gid (no longer attached to a named account).

If then some other package is installed, and it creates a user account
it *might* pick up the uid/gid vacated by clamav and thus suddenly
become the owner of that data. This could obviously then be a vector for
a data leak.

That's the reasoning. There may be a better solution (such as scanning
all files to find those owned by the uid/gid and deleting them on
package removal), but this is the simplest - i.e. leave it to the admin!


 Having packages contain or depend on a sysusers.d/username.conf
 containing the relevant fields seems like a nice solution, with /etc
 then allowing full customisation. Or am I missing something obvious?

Don't get me wrong, I really like sysusers.d/ It's just the slight
chicken and egg thing that seems slightly odd! I'm not totally against
this patch, but I do worry that it enables some weird corner cases when
bootstrapping /etc/ from empty - but those are probably not big enough
concerns to justify not accepting the patch!

Col

-- 

Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] sysusers: allow overrides in /etc and /run

[Reindl Harald]

Am 10.07.2014 16:59, schrieb Jóhann B. Guðmundsson:
 On 07/10/2014 12:51 PM, Zbigniew Jędrzejewski-Szmek wrote:
 An administrator might want to block a certain sysusers config file from
 being executed, e.g. to block the creation of a certain user.
 ---
   src/sysusers/sysusers.c | 2 ++
   1 file changed, 2 insertions(+)

 diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
 index 129493a1e7..68c552d24a 100644
 --- a/src/sysusers/sysusers.c
 +++ b/src/sysusers/sysusers.c
 @@ -62,6 +62,8 @@ typedef struct Item {
   static char *arg_root = NULL;
 static const char conf_file_dirs[] =
 +/etc/sysusers.d\0
 +/run/sysusers.d\0
   /usr/local/lib/sysusers.d\0
   /usr/lib/sysusers.d\0
   #ifdef HAVE_SPLIT_USR
 
 How does this handle multiple users and if I as an administrator I wanted to 
 block some users from being created I simply would not have installed the 
 component that created him in the first place no?

you sound like it is always clear what package, probably installed as
dependency creates a user before - not speaking about that most packages
due uninstall don't remove the users created in rpm scripts



signature.asc
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] sysusers: allow overrides in /etc and /run

[Zbigniew Jędrzejewski-Szmek]

On Thu, Jul 10, 2014 at 02:59:10PM +, Jóhann B. Guðmundsson wrote:
 
 On 07/10/2014 12:51 PM, Zbigniew Jędrzejewski-Szmek wrote:
 An administrator might want to block a certain sysusers config file from
 being executed, e.g. to block the creation of a certain user.
 ---
   src/sysusers/sysusers.c | 2 ++
   1 file changed, 2 insertions(+)
 
 diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
 index 129493a1e7..68c552d24a 100644
 --- a/src/sysusers/sysusers.c
 +++ b/src/sysusers/sysusers.c
 @@ -62,6 +62,8 @@ typedef struct Item {
   static char *arg_root = NULL;
   static const char conf_file_dirs[] =
 +/etc/sysusers.d\0
 +/run/sysusers.d\0
   /usr/local/lib/sysusers.d\0
   /usr/lib/sysusers.d\0
   #ifdef HAVE_SPLIT_USR
 
 How does this handle multiple users and if I as an administrator I
 wanted to block some users from being created I simply would not
 have installed the component that created him in the first place no?
Let's say that mydatabase.rpm wants to use mydatabaseuser, and creates
the user using sysusers.d, and has a config file which contains
  user = mydatabaseuser.
You as an admin know this, but want to use a different user for
whatever reason. So you provide the config file, but sysusers will
still create the user. This is not harmful usually, but can lead
e.g. to confusion, if you or the other admin later sees that this
user exists. So you might do 'ln -s /dev/null /etc/sysusers.d/mydatabase.conf',
to avoid that.

Zbyszek
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] sysusers: allow overrides in /etc and /run

[Jóhann B. Guðmundsson]

On 07/10/2014 03:10 PM, Reindl Harald wrote:

Am 10.07.2014 16:59, schrieb Jóhann B. Guðmundsson:

On 07/10/2014 12:51 PM, Zbigniew Je;drzejewski-Szmek wrote:

An administrator might want to block a certain sysusers config file from
being executed, e.g. to block the creation of a certain user.
---
   src/sysusers/sysusers.c | 2 ++
   1 file changed, 2 insertions(+)

diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index 129493a1e7..68c552d24a 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -62,6 +62,8 @@ typedef struct Item {
   static char *arg_root = NULL;
 static const char conf_file_dirs[] =
+/etc/sysusers.d\0
+/run/sysusers.d\0
   /usr/local/lib/sysusers.d\0
   /usr/lib/sysusers.d\0
   #ifdef HAVE_SPLIT_USR


How does this handle multiple users and if I as an administrator I wanted to
block some users from being created I simply would not have installed the
component that created him in the first place no?

you sound like it is always clear what package, probably installed as
dependency creates a user before - not speaking about that most packages
due uninstall don't remove the users created in rpm scripts


If you are an administrator you will quickly notice or do the necessary 
research into what created the user that you dont want installed on your 
system and take the necessary precaution from that happening again.


And arguable upstream should not be binding itself to solve downstream 
distribution packaging problems be it rpm, be it deb or something else 
since the installation scene is on the verge of changing...


JBG
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] sysusers: allow overrides in /etc and /run

[Zbigniew Jędrzejewski-Szmek]

On Thu, Jul 10, 2014 at 02:41:14PM +0100, Colin Guthrie wrote:
 I guess this is probably OK, but isn't it a bit counter intuitive? I
 mean one of the reasons for sysuser is due to /etc/ being bootstrapped.
 In this case I'd have thought that looking in /etc/ is a bit weird.
This probably wouldn't be useful for the case when /etc is bootstrapped,
like you say below.

 What if you create a tmpfiles snippet to create a
 /etc/sysusers.d/foo.conf file, does that mean we have to run tmpfiles
 before sysusers?
I think that's a bit of an artificial problem. Like with everything
else, the outcome depends on the ordering.  What would happen if
tmpfiles.d were to create a .service file in /etc/systemd/system?
Anyway, in this specific case, I believe sysusers should run before
tmpfiles, so it is possible to use tmpfiles to create files owned
by users created by sysusers.
 
 But then I do accept that when sysusers is used for non-bootstrapping
 (i.e. just instead of the %pre useradd in RPM scripts and the like) it
 might be something an administrator would want to override. That said,
 AFAIK, there is no way to override this current with rpm scripts, so I
 wonder if this is really something to bother supporting ongoing.
Currently, even if you delete a user like this, there's no mechanism
to prevent recreation on the next update of this or another unrelated
package. So in some sense it is even worse, because with normal rpm
scripts you are safe until this specific package is upgraded.

But anyway, I find it very nice that the configuration loading mechanism
is consistent between tools, and this inability to override sysusers
is annoying.

Zbyszek
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] sysusers: allow overrides in /etc and /run

[Zbigniew Jędrzejewski-Szmek]

On Thu, Jul 10, 2014 at 04:18:15PM +0100, Colin Guthrie wrote:
  I don't use RPM, but having your system's user policy consist of
  running useradd in a pre-installation script seems... sub-optimal. 
 
 It is :)
 
 But sadly that's the way it's been done for a while, but now that there
 is a mechanism to decouple this from pre scripts, we'll be good.
BTW., does anyone know what happened to the filetriggers idea [1]?
Is it available in upstream rpm generally and/or in Fedora?
It would be really nice to use this to avoid %post macros in every rpm
using sysusers and tmpfiles.

Zbyszek

[1] https://wiki.mageia.org/en/RPM_filetriggers
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] sysusers: allow overrides in /etc and /run

[Jóhann B. Guðmundsson]

On 07/10/2014 04:47 PM, Zbigniew Jędrzejewski-Szmek wrote:

On Thu, Jul 10, 2014 at 02:59:10PM +, Jóhann B. Guðmundsson wrote:

On 07/10/2014 12:51 PM, Zbigniew Jędrzejewski-Szmek wrote:

An administrator might want to block a certain sysusers config file from
being executed, e.g. to block the creation of a certain user.
---
  src/sysusers/sysusers.c | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index 129493a1e7..68c552d24a 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -62,6 +62,8 @@ typedef struct Item {
  static char *arg_root = NULL;
  static const char conf_file_dirs[] =
+/etc/sysusers.d\0
+/run/sysusers.d\0
  /usr/local/lib/sysusers.d\0
  /usr/lib/sysusers.d\0
  #ifdef HAVE_SPLIT_USR

How does this handle multiple users and if I as an administrator I
wanted to block some users from being created I simply would not
have installed the component that created him in the first place no?

Let's say that mydatabase.rpm wants to use mydatabaseuser, and creates
the user using sysusers.d, and has a config file which contains
   user = mydatabaseuser.
You as an admin know this, but want to use a different user for
whatever reason.


We need to know that reason as in what exactly is the problem 
administrators is trying to solve by doing that and is that problem not 
already solved with containers or sandboxed application?



  So you provide the config file, but sysusers will
still create the user. This is not harmful usually, but can lead
e.g. to confusion, if you or the other admin later sees that this
user exists. So you might do 'ln -s /dev/null /etc/sysusers.d/mydatabase.conf',
to avoid that.


Surely Sandboxed applications when designed was not strictly intended 
for GNOME or limited to Gnome existing on the machine for it to be used 
mean surely I should be able to download/install/run the Sandboxed 
applications postgresql which I fetched directly from postgresql 
upstream and it's community and deploy it on my server


As I said before aren't we wasting time solving problems for packaging 
formats that are becoming obsolete if things continue to progress in 
sandboxed/containerized future?


I have to ask at this point is there something that is preventing us to 
introduce type container unit?


JBG
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] sysusers: allow overrides in /etc and /run

[Zbigniew Jędrzejewski-Szmek]

On Thu, Jul 10, 2014 at 06:43:26PM +, Jóhann B. Guðmundsson wrote:
 
 On 07/10/2014 04:47 PM, Zbigniew Jędrzejewski-Szmek wrote:
 On Thu, Jul 10, 2014 at 02:59:10PM +, Jóhann B. Guðmundsson wrote:
 On 07/10/2014 12:51 PM, Zbigniew Jędrzejewski-Szmek wrote:
 An administrator might want to block a certain sysusers config file from
 being executed, e.g. to block the creation of a certain user.
 ---
   src/sysusers/sysusers.c | 2 ++
   1 file changed, 2 insertions(+)
 
 diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
 index 129493a1e7..68c552d24a 100644
 --- a/src/sysusers/sysusers.c
 +++ b/src/sysusers/sysusers.c
 @@ -62,6 +62,8 @@ typedef struct Item {
   static char *arg_root = NULL;
   static const char conf_file_dirs[] =
 +/etc/sysusers.d\0
 +/run/sysusers.d\0
   /usr/local/lib/sysusers.d\0
   /usr/lib/sysusers.d\0
   #ifdef HAVE_SPLIT_USR
 How does this handle multiple users and if I as an administrator I
 wanted to block some users from being created I simply would not
 have installed the component that created him in the first place no?
 Let's say that mydatabase.rpm wants to use mydatabaseuser, and creates
 the user using sysusers.d, and has a config file which contains
user = mydatabaseuser.
 You as an admin know this, but want to use a different user for
 whatever reason.
 
 We need to know that reason as in what exactly is the problem
 administrators is trying to solve by doing that and is that problem
 not already solved with containers or sandboxed application?
The same justifications apply as with any other override in /etc...
Everything from testing, debugging to local setups and workarounds
for bugs in packaging or upstream.

Zbyszek
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] sysusers: allow overrides in /etc and /run

[Jóhann B. Guðmundsson]

On 07/10/2014 07:10 PM, Zbigniew Jędrzejewski-Szmek wrote:

On Thu, Jul 10, 2014 at 06:43:26PM +, Jóhann B. Guðmundsson wrote:

On 07/10/2014 04:47 PM, Zbigniew Jędrzejewski-Szmek wrote:

On Thu, Jul 10, 2014 at 02:59:10PM +, Jóhann B. Guðmundsson wrote:

On 07/10/2014 12:51 PM, Zbigniew Jędrzejewski-Szmek wrote:

An administrator might want to block a certain sysusers config file from
being executed, e.g. to block the creation of a certain user.
---
  src/sysusers/sysusers.c | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index 129493a1e7..68c552d24a 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -62,6 +62,8 @@ typedef struct Item {
  static char *arg_root = NULL;
  static const char conf_file_dirs[] =
+/etc/sysusers.d\0
+/run/sysusers.d\0
  /usr/local/lib/sysusers.d\0
  /usr/lib/sysusers.d\0
  #ifdef HAVE_SPLIT_USR

How does this handle multiple users and if I as an administrator I
wanted to block some users from being created I simply would not
have installed the component that created him in the first place no?

Let's say that mydatabase.rpm wants to use mydatabaseuser, and creates
the user using sysusers.d, and has a config file which contains
   user = mydatabaseuser.
You as an admin know this, but want to use a different user for
whatever reason.

We need to know that reason as in what exactly is the problem
administrators is trying to solve by doing that and is that problem
not already solved with containers or sandboxed application?

The same justifications apply as with any other override in /etc...
Everything from testing, debugging to local setups and workarounds
for bugs in packaging or upstream.


Right which begs the question what's the solution to do administrative 
overwrites for containers thus the suggestion for type container units.


JBG

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] sysusers: allow overrides in /etc and /run

[Lennart Poettering]

On Thu, 10.07.14 14:51, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:

 An administrator might want to block a certain sysusers config file from
 being executed, e.g. to block the creation of a certain user.
 ---
  src/sysusers/sysusers.c | 2 ++
  1 file changed, 2 insertions(+)
 
 diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
 index 129493a1e7..68c552d24a 100644
 --- a/src/sysusers/sysusers.c
 +++ b/src/sysusers/sysusers.c
 @@ -62,6 +62,8 @@ typedef struct Item {
  static char *arg_root = NULL;
  
  static const char conf_file_dirs[] =
 +/etc/sysusers.d\0
 +/run/sysusers.d\0
  /usr/local/lib/sysusers.d\0
  /usr/lib/sysusers.d\0
  #ifdef HAVE_SPLIT_USR

Makes sense, commit!

(Also needs man page update I figure...)

Lennart

-- 
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel