Package: systemd
Version: 247.3-7+deb11u1
Severity: normal
X-Debbugs-Cc: mgul...@mathworks.com
Dear Maintainer,
Systemd creates a few users and groups on first boot via systemd-sysusers
(e.g. systemd-timesync, systemd-coredump). These users are created with UIDs
and GIDs starting from 999, working downwards. However systemd still creates
users in this range even when SYS_UID_{MIN,MAX} and SYS_GID_{MIN,MAX} are set in
/etc/login.defs (as well as the relevant settings in /etc/adduser.conf).
Starting with systemd 247, systemd does provide an option to respect
/etc/login.defs for auto-generated UIDs, however that feature must be enabled
via the compile-time option '-Dcompat-mutable-uid-boundaries=true', which Debian
does not currently do. This feature was added to systemd via this pull request:
https://github.com/systemd/systemd/pull/17172.
At my organization, we have some unix accounts that are > 20 years old, and some
of the old UIDs and GIDs are in the 100-999 range. These can't be easily
renumbered as this would cause NFS permission issues (there are *many* file
servers). To work around this, we configure our systems to use a higher ID
range (30000) for system UIDs and GIDs, however systemd on Debian does not
currently respect this configuration. Its easy-enough to renumber these
auto-created accounts since there aren't many and they don't own any files in
the filesystem, but it would be nice if systemd created them with the right
UID/GID in the first place.
FYI I looked at the rpm SPEC for RHEL9 and it looks like it has this feature
enabled, so that gives some confidence that it is stable.
Thanks,
Mike
-- Package-specific info:
-- System Information:
Debian Release: 11.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-20-amd64 (SMP w/12 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages systemd depends on:
ii adduser 3.118
ii libacl1 2.2.53-10
ii libapparmor1 2.13.6-10
ii libaudit1 1:3.0-2
ii libblkid1 2.36.1-8+deb11u1
ii libc6 2.31-13+deb11u5.tmw1
ii libcap2 1:2.44-1
ii libcrypt1 1:4.4.18-4
ii libcryptsetup12 2:2.3.7-1+deb11u1
ii libgcrypt20 1.8.7-6
ii libgnutls30 3.7.1-5+deb11u2
ii libgpg-error0 1.38-2
ii libip4tc2 1.8.7-1
ii libkmod2 28-1
ii liblz4-1 1.9.3-2
ii liblzma5 5.2.5-2.1~deb11u1
ii libmount1 2.36.1-8+deb11u1
ii libpam0g 1.4.0-9+deb11u1
ii libseccomp2 2.5.1-1+deb11u1
ii libselinux1 3.1-3
ii libsystemd0 247.3-7+deb11u1
ii libzstd1 1.4.8+dfsg-2.1
ii mount 2.36.1-8+deb11u1
ii util-linux 2.36.1-8+deb11u1
Versions of packages systemd recommends:
ii dbus 1.12.24-0+deb11u1
ii ntp [time-daemon] 1:4.2.8p15+dfsg-1
Versions of packages systemd suggests:
ii policykit-1 0.105-31+deb11u1
ii systemd-container 247.3-7+deb11u1
Versions of packages systemd is related to:
pn dracut <none>
ii initramfs-tools 0.140
pn libnss-systemd <none>
ii libpam-systemd 247.3-7+deb11u1
ii udev 247.3-7+deb11u1
-- no debconf information
