On Wed, Jul 23, 2014 at 05:30:53PM +0200, Kay Sievers wrote: > On Wed, Jul 23, 2014 at 5:17 PM, Zbigniew Jędrzejewski-Szmek > <zbys...@in.waw.pl> wrote: > > On Wed, Jul 23, 2014 at 04:55:59PM +0200, Kay Sievers wrote: > >> On Wed, Jul 23, 2014 at 4:28 PM, Zbigniew Jędrzejewski-Szmek > >> <zbys...@in.waw.pl> wrote: > >> > >> > Anyway, I think that /etc/login.defs support is made out to be something > >> > much more complicated than it really is. IMHO we should: > >> > > >> > - read /etc/login.defs and fall back to the compiled in value > >> > - use whatever result we get in coredump, journald, and sysusers > >> > > >> > It's not like the implementation would be hard, intrusive, or slow. It'd > >> > be > >> > probably +3 lines in one or two places. > >> > >> It is not about the effort *how* to do it, it is *why*. And I still > >> don't think we should have dynamic configuration options for this, it > >> is all just a huge mess that needs to be limited to the bare minimum, > >> it is just too broken as a concept to be supported that way. > >> > >> > If we come up with additional heuristics or rules to determine human > >> > accounts, we can safely add them in a backwards compatible way. > >> > >> We cannot do any normal user queries from journald, so none of the > >> metadata like the primary group is easily for a user is available. > > I know. > > > >> Sysusers is, and probably always will be, limited to the classic > >> passwd, group file. Maybe we can just read the files ourselves and > >> find out that a certain uid is a normal user? Like: > >> - uid >= "1000" --> normal user > >> - lookup uid in passwd > >> - user not found --> normal user > >> - user < 1000 && group == "users" --> normal user > >> - everything else would be a system user > > But please add to this (at the top) > > - parse SYS_GID_MIN and SYS_GID_MAX from /etc/login.defs and if > > found and users falls within --> system user > > > > This is safe as soon as /etc is accessible and provides backwards > > compatibillity. > > Well, the point is to make the rules in this broken model simpler, not > more complicated as they already are. :) > > If we would read login.defs, we should probably not do any magic > heuristics. And at the moment, I still think we should ignore > login.defs. If we find it, then certainly, it should override other considerations.
> > Also, I'd modify > > - user < 1000 && group == "users" --> normal user > > to > > - group == "users" --> normal user > > not to make things too complicated. > > > > I see another angry chicken and broken egg problem now: > > - We want to get rid of /etc/login.defs, *but* > > - we read /etc/login.defs at compilation time. > > This means that we probably should stop looking at that file during > > compilation time and stick to an internal default, possibly allowing > > overriding with ./configure switch. > > Maybe, yes. It was just to init the build sys with the current distro > defaults. Right, but it makes login.defs even more entrenched. Zbyszek _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel