On Sa, 23.12.17 00:33, Sébastien Luttringer (se...@seblu.net) wrote: > The first issue[1] is to be able to define the root user shell. > Currently, sysusers.d/basic.conf provides a nologin shell, which prevent root > to login and execute commands (even via sudo). We cannot override the > sysusers.d/basic.conf with a crafted version because systemd-sysusers doesn't > support a shell definition in its format. > As a consequence, I added back root to passwd/group/shadow/gshadow[4]. > So, what's the strategy about this? Should root user be an exception and be > defined somewhere else than others users because it requires a valid > shell?
Hmm, so sysusers.d as the name suggests is intended for system users, i.e. the users daemon run as which usually have /usr/bin/nologin as shell. The "root" user is a bit weird in that regard as it kinda is both a user humans log into, and a user that daemons run as. Right now we don't really support the part about "human users logging in" in sysusers.d and I am not sure if we should, but maybe it would be OK to have a new "p" stanza or so, that allows setting the root password. But then again, it's a bit strange having the root pw stored at some place literally... Note that "systemd-firstboot" is supposed to be a tool for provisioning an OS image with basic settings before first boot, including with a root pw. Maybe just using that would be preferable? > The second issue[2] is about the lp group defined in sysusers.d/basic.conf. > Because the cups Arch package set rights on files based on the lp group it > needs a static gid (pacman requirement). lp defined in sysusers.d/basic.conf > is > without gid[5], so what's the best way to override it? Hmm, you should be able to simply drop-in a second file with a more strict definition. sysusers.d should probably merge entries like this, and not complain unless things are directly contradicting. If it does complain about it we should probably fix that. In that case, please file a bug. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel