On 07/10/2014 04:47 PM, Zbigniew Jędrzejewski-Szmek wrote:
On Thu, Jul 10, 2014 at 02:59:10PM +0000, "Jóhann B. Guðmundsson" wrote:
On 07/10/2014 12:51 PM, Zbigniew Jędrzejewski-Szmek wrote:
An administrator might want to block a certain sysusers config file from
being executed, e.g. to block the creation of a certain user.
---
src/sysusers/sysusers.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index 129493a1e7..68c552d24a 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -62,6 +62,8 @@ typedef struct Item {
static char *arg_root = NULL;
static const char conf_file_dirs[] =
+ "/etc/sysusers.d\0"
+ "/run/sysusers.d\0"
"/usr/local/lib/sysusers.d\0"
"/usr/lib/sysusers.d\0"
#ifdef HAVE_SPLIT_USR
How does this handle multiple users and if I as an administrator I
wanted to block some users from being created I simply would not
have installed the component that created him in the first place no?
Let's say that mydatabase.rpm wants to use mydatabaseuser, and creates
the user using sysusers.d, and has a config file which contains
user = mydatabaseuser.
You as an admin know this, but want to use a different user for
whatever reason.
We need to know that reason as in what exactly is the problem
administrators is trying to solve by doing that and is that problem not
already solved with containers or sandboxed application?
So you provide the config file, but sysusers will
still create the user. This is not harmful usually, but can lead
e.g. to confusion, if you or the other admin later sees that this
user exists. So you might do 'ln -s /dev/null /etc/sysusers.d/mydatabase.conf',
to avoid that.
Surely "Sandboxed applications" when designed was not strictly intended
for GNOME or limited to Gnome existing on the machine for it to be used
mean surely I should be able to download/install/run the "Sandboxed
applications postgresql" which I fetched directly from postgresql
upstream and it's community and deploy it on my server
As I said before aren't we wasting time solving problems for packaging
formats that are becoming obsolete if things continue to progress in
sandboxed/containerized future?
I have to ask at this point is there something that is preventing us to
introduce type container unit?
JBG
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel