On Thu, Jul 10, 2014 at 02:59:10PM +0000, "Jóhann B. Guðmundsson" wrote:
>
> On 07/10/2014 12:51 PM, Zbigniew Jędrzejewski-Szmek wrote:
> >An administrator might want to block a certain sysusers config file from
> >being executed, e.g. to block the creation of a certain user.
> >---
> > src/sysusers/sysusers.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> >diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
> >index 129493a1e7..68c552d24a 100644
> >--- a/src/sysusers/sysusers.c
> >+++ b/src/sysusers/sysusers.c
> >@@ -62,6 +62,8 @@ typedef struct Item {
> > static char *arg_root = NULL;
> > static const char conf_file_dirs[] =
> >+ "/etc/sysusers.d\0"
> >+ "/run/sysusers.d\0"
> > "/usr/local/lib/sysusers.d\0"
> > "/usr/lib/sysusers.d\0"
> > #ifdef HAVE_SPLIT_USR
>
> How does this handle multiple users and if I as an administrator I
> wanted to block some users from being created I simply would not
> have installed the component that created him in the first place no?
Let's say that mydatabase.rpm wants to use mydatabaseuser, and creates
the user using sysusers.d, and has a config file which contains
user = mydatabaseuser.
You as an admin know this, but want to use a different user for
whatever reason. So you provide the config file, but sysusers will
still create the user. This is not harmful usually, but can lead
e.g. to confusion, if you or the other admin later sees that this
user exists. So you might do 'ln -s /dev/null /etc/sysusers.d/mydatabase.conf',
to avoid that.
Zbyszek
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
