On Wed, Jul 23, 2014 at 5:17 PM, Zbigniew Jędrzejewski-Szmek <zbys...@in.waw.pl> wrote: > On Wed, Jul 23, 2014 at 04:55:59PM +0200, Kay Sievers wrote: >> On Wed, Jul 23, 2014 at 4:28 PM, Zbigniew Jędrzejewski-Szmek >> <zbys...@in.waw.pl> wrote: >> >> > Anyway, I think that /etc/login.defs support is made out to be something >> > much more complicated than it really is. IMHO we should: >> > >> > - read /etc/login.defs and fall back to the compiled in value >> > - use whatever result we get in coredump, journald, and sysusers >> > >> > It's not like the implementation would be hard, intrusive, or slow. It'd be >> > probably +3 lines in one or two places. >> >> It is not about the effort *how* to do it, it is *why*. And I still >> don't think we should have dynamic configuration options for this, it >> is all just a huge mess that needs to be limited to the bare minimum, >> it is just too broken as a concept to be supported that way. >> >> > If we come up with additional heuristics or rules to determine human >> > accounts, we can safely add them in a backwards compatible way. >> >> We cannot do any normal user queries from journald, so none of the >> metadata like the primary group is easily for a user is available. > I know. > >> Sysusers is, and probably always will be, limited to the classic >> passwd, group file. Maybe we can just read the files ourselves and >> find out that a certain uid is a normal user? Like: >> - uid >= "1000" --> normal user >> - lookup uid in passwd >> - user not found --> normal user >> - user < 1000 && group == "users" --> normal user >> - everything else would be a system user > But please add to this (at the top) > - parse SYS_GID_MIN and SYS_GID_MAX from /etc/login.defs and if > found and users falls within --> system user > > This is safe as soon as /etc is accessible and provides backwards > compatibillity.
Well, the point is to make the rules in this broken model simpler, not more complicated as they already are. :) If we would read login.defs, we should probably not do any magic heuristics. And at the moment, I still think we should ignore login.defs. > Also, I'd modify > - user < 1000 && group == "users" --> normal user > to > - group == "users" --> normal user > not to make things too complicated. > > I see another angry chicken and broken egg problem now: > - We want to get rid of /etc/login.defs, *but* > - we read /etc/login.defs at compilation time. > This means that we probably should stop looking at that file during > compilation time and stick to an internal default, possibly allowing > overriding with ./configure switch. Maybe, yes. It was just to init the build sys with the current distro defaults. Kay _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel