picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Systemd/src/sysusers/sysusers.c

2042 lines
70 KiB
C
Raw Normal View History

license: LGPL-2.1+ -> LGPL-2.1-or-later
2020-11-09 05:23:58 +01:00
/* SPDX-License-Identifier: LGPL-2.1-or-later */
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include <getopt.h>
sysusers: don't allow user names longer than UT_NAMESIZE As pointed out by Miloslav Trmač it might be a good idea to make sure that usernames stay with in the utmp-defined limits.
2014-07-09 19:20:58 +02:00
#include <utmp.h>
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
util-lib: split out allocation calls into alloc-util.[ch]
2015-10-27 03:01:06 +01:00
#include "alloc-util.h"
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
#include "conf-files.h"
#include "copy.h"
util-lib: move CONF_DIRS_NULSTR definition to def.h After all, this is not some compiler or C magic, but something very specific to how systemd works, hence let's move it into def.h, and out of macro.h
2015-11-03 12:26:12 +01:00
#include "def.h"
sysusers: add support for a --image= switch
2020-07-28 18:32:07 +02:00
#include "dissect-image.h"
util-lib: move CONF_DIRS_NULSTR definition to def.h After all, this is not some compiler or C magic, but something very specific to how systemd works, hence let's move it into def.h, and out of macro.h
2015-11-03 12:26:12 +01:00
#include "fd-util.h"
util-lib: don't include fileio.h from fileio-label.h There's no reason for doing that, hence simply don't.
2018-11-30 21:07:21 +01:00
#include "fileio.h"
Rename formats-util.h to format-util.h We don't have plural in the name of any other -util files and this inconsistency trips me up every time I try to type this file name from memory. "formats-util" is even hard to pronounce.
2016-11-07 16:14:59 +01:00
#include "format-util.h"
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands The output of these commands is really long, and already enriched with color. Let's add auto-paging to make this easier to digest.
2018-06-12 15:37:53 +02:00
#include "fs-util.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "hashmap.h"
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
#include "main-func.h"
sysusers: add support for a --image= switch
2020-07-28 18:32:07 +02:00
#include "mount-util.h"
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands The output of these commands is really long, and already enriched with color. Let's add auto-paging to make this easier to digest.
2018-06-12 15:37:53 +02:00
#include "pager.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "path-util.h"
Split out pretty-print.c and move pager.c and main-func.h to shared/ This is high-level functionality, and fits better in shared/ (which is for our executables), than in basic/ (which is also for libraries).
2018-11-20 15:42:57 +01:00
#include "pretty-print.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "selinux-util.h"
sysusers: add support for a --image= switch
2020-07-28 18:32:07 +02:00
#include "set.h"
util-lib: split our string related calls from util.[ch] into its own file string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
2015-10-24 22:58:24 +02:00
#include "smack-util.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "specifier.h"
util-lib: split our string related calls from util.[ch] into its own file string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
2015-10-24 22:58:24 +02:00
#include "string-util.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "strv.h"
util-lib: split out all temporary file related calls into tmpfiles-util.c This splits out a bunch of functions from fileio.c that have to do with temporary files. Simply to make the header files a bit shorter, and to group things more nicely. No code changes, just some rearranging of source files.
2018-11-30 21:05:27 +01:00
#include "tmpfile-util-label.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "uid-range.h"
sysusers: look at login.defs when setting the default range to allocate users Also, even if login.defs are not present, don't start allocating at 1, but at SYSTEM_UID_MIN. Fixes #9769. The test is adjusted. Actually, it was busted before, because sysusers would never use SYSTEM_GID_MIN, so if SYSTEM_GID_MIN was different than SYSTEM_UID_MIN, the tests would fail. On all "normal" systems the two are equal, so we didn't notice. Since sysusers now always uses the minimum of the two, we only need to substitute one value.
2020-09-25 17:16:06 +02:00
#include "user-record.h"
util-lib: move CONF_DIRS_NULSTR definition to def.h After all, this is not some compiler or C magic, but something very specific to how systemd works, hence let's move it into def.h, and out of macro.h
2015-11-03 12:26:12 +01:00
#include "user-util.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "utf8.h"
#include "util.h"
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
typedef enum ItemType {
ADD_USER = 'u',
ADD_GROUP = 'g',
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
ADD_MEMBER = 'm',
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
ADD_RANGE = 'r',
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
} ItemType;
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands The output of these commands is really long, and already enriched with color. Let's add auto-paging to make this easier to digest.
2018-06-12 15:37:53 +02:00
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
typedef struct Item {
ItemType type;
char *name;
sysusers: support creating users with a specific primary group This extends the "uid:gid" syntax for "u" lines so that a group name can be given instead of a GID. This requires that the group is either queued for creation by sysusers, or it is already defined on the system. Closes #14340
2020-01-30 20:04:14 +01:00
char *group_name;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
char *uid_path;
char *gid_path;
char *description;
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
char *home;
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
char *shell;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
gid_t gid;
uid_t uid;
bool gid_set:1;
sysusers: use the usual comment style
2018-02-02 10:35:21 +01:00
/* When set the group with the specified gid must exist
* and the check if a uid clashes with the gid is skipped.
*/
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
bool id_set_strict:1;
sysusers: use the usual comment style
2018-02-02 10:35:21 +01:00
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
bool uid_set:1;
sysusers: do not set todo to create a user when we only need a group
2014-06-13 03:26:41 +02:00
bool todo_user:1;
bool todo_group:1;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
} Item;
static char *arg_root = NULL;
sysusers: add support for a --image= switch
2020-07-28 18:32:07 +02:00
static char *arg_image = NULL;
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
static bool arg_cat_config = false;
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
static const char *arg_replace = NULL;
sysusers: take configuration as positional arguments If the configuration is included in a script, this is more convient. I thought it would be possible to use this for rpm scriptlets with '%pre -p systemd-sysuser "..."', but apparently there is no way to pass arguments to the executable ($1 is used for the package installation count). But this functionality seems generally useful, e.g. for testing and one-off scripts, so let's keep it. There's a slight change in behaviour when files are given on the command line: if we cannot parse them, error out instead of ignoring the failure. When trying to parse all configuration files, we don't want to fail even if some config files are broken, but when parsing a list of items specified explicitly, we should. v2: - rename --direct to --inline
2018-01-29 14:47:01 +01:00
static bool arg_inline = false;
basic/pager: convert the pager options to a flags argument Pretty much everything uses just the first argument, and this doesn't make this common pattern more complicated, but makes it simpler to pass multiple options.
2018-11-11 12:56:29 +01:00
static PagerFlags arg_pager_flags = 0;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
static OrderedHashmap *users = NULL, *groups = NULL;
static OrderedHashmap *todo_uids = NULL, *todo_gids = NULL;
static OrderedHashmap *members = NULL;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
static Hashmap *database_by_uid = NULL, *database_by_username = NULL;
static Hashmap *database_by_gid = NULL, *database_by_groupname = NULL;
static Set *database_users = NULL, *database_groups = NULL;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
treewide: introduce UID_INVALID (and friends) as macro for (uid_t) -1
2014-11-28 20:51:01 +01:00
static uid_t search_uid = UID_INVALID;
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
static UidRange *uid_range = NULL;
static unsigned n_uid_range = 0;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: emit warnings about login.defs overrides on first user or group creation *** Running /home/zbyszek/src/systemd-work/test/test-sysusers/test-14.input (with login.defs symlinked) login.defs specifies UID allocation range 401–555 that is different than the built-in defaults (201–998) login.defs specifies GID allocation range 405–666 that is different than the built-in defaults (201–990)
2020-10-01 18:18:26 +02:00
static UGIDAllocationRange login_defs = {};
static bool login_defs_need_warning = false;
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
STATIC_DESTRUCTOR_REGISTER(groups, ordered_hashmap_freep);
STATIC_DESTRUCTOR_REGISTER(users, ordered_hashmap_freep);
STATIC_DESTRUCTOR_REGISTER(members, ordered_hashmap_freep);
STATIC_DESTRUCTOR_REGISTER(todo_uids, ordered_hashmap_freep);
STATIC_DESTRUCTOR_REGISTER(todo_gids, ordered_hashmap_freep);
STATIC_DESTRUCTOR_REGISTER(database_by_uid, hashmap_freep);
STATIC_DESTRUCTOR_REGISTER(database_by_username, hashmap_freep);
STATIC_DESTRUCTOR_REGISTER(database_users, set_free_freep);
STATIC_DESTRUCTOR_REGISTER(database_by_gid, hashmap_freep);
STATIC_DESTRUCTOR_REGISTER(database_by_groupname, hashmap_freep);
STATIC_DESTRUCTOR_REGISTER(database_groups, set_free_freep);
STATIC_DESTRUCTOR_REGISTER(uid_range, freep);
STATIC_DESTRUCTOR_REGISTER(arg_root, freep);
sysusers: add support for a --image= switch
2020-07-28 18:32:07 +02:00
STATIC_DESTRUCTOR_REGISTER(arg_image, freep);
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
sysusers: many different errnos to express one condition See https://bugzilla.redhat.com/show_bug.cgi?id=1807768. It turns out that sysusers cannot query if the group exists: Failed to check if group dnsmasq already exists: No such process ... Failed to check if group systemd-timesync already exists: No such process When the same command is executed later, the issue does not occur. Not sure why the behaviour in the initial transaction is different. But let's accept all errors that the man pages list. We check if the user/group exists before creating anyway, so this seems pretty safe.
2020-03-03 10:18:32 +01:00
static int errno_is_not_exists(int code) {
/* See getpwnam(3) and getgrnam(3): those codes and others can be returned if the user or group are
* not found. */
return IN_SET(code, 0, ENOENT, ESRCH, EBADF, EPERM);
}
sysusers: emit warnings about login.defs overrides on first user or group creation *** Running /home/zbyszek/src/systemd-work/test/test-sysusers/test-14.input (with login.defs symlinked) login.defs specifies UID allocation range 401–555 that is different than the built-in defaults (201–998) login.defs specifies GID allocation range 405–666 that is different than the built-in defaults (201–990)
2020-10-01 18:18:26 +02:00
static void maybe_emit_login_defs_warning(void) {
if (!login_defs_need_warning)
return;
if (login_defs.system_alloc_uid_min != SYSTEM_ALLOC_UID_MIN ||
login_defs.system_uid_max != SYSTEM_UID_MAX)
log_warning("login.defs specifies UID allocation range "UID_FMT""UID_FMT
" that is different than the built-in defaults ("UID_FMT""UID_FMT")",
login_defs.system_alloc_uid_min, login_defs.system_uid_max,
SYSTEM_ALLOC_UID_MIN, SYSTEM_UID_MAX);
if (login_defs.system_alloc_gid_min != SYSTEM_ALLOC_GID_MIN ||
login_defs.system_gid_max != SYSTEM_GID_MAX)
log_warning("login.defs specifies GID allocation range "GID_FMT""GID_FMT
" that is different than the built-in defaults ("GID_FMT""GID_FMT")",
login_defs.system_alloc_gid_min, login_defs.system_gid_max,
SYSTEM_ALLOC_GID_MIN, SYSTEM_GID_MAX);
login_defs_need_warning = false;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
static int load_user_database(void) {
_cleanup_fclose_ FILE *f = NULL;
const char *passwd_path;
struct passwd *pw;
int r;
util: add generic calls for prefixing a root directory to a path So far a number of utilities implemented their own calls for this, unify them in prefix_root() and prefix_roota(). The former uses heap memory, the latter allocates from the stack via alloca(). Port over most users of a --root= logic.
2015-05-13 17:42:10 +02:00
passwd_path = prefix_roota(arg_root, "/etc/passwd");
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
f = fopen(passwd_path, "re");
if (!f)
return errno == ENOENT ? 0 : -errno;
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
r = hashmap_ensure_allocated(&database_by_username, &string_hash_ops);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
return r;
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
r = hashmap_ensure_allocated(&database_by_uid, NULL);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
return r;
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
r = set_ensure_allocated(&database_users, NULL);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
return r;
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
while ((r = fgetpwent_sane(f, &pw)) > 0) {
sysusers: fix memory leak when /etc/passwd contains multiple identical lines Fixes: #8718
2018-04-18 17:58:53 +02:00
char *n;
sysusers: use uniform order for variables Follow-up for 43e948eea6.
2018-04-20 11:14:41 +02:00
int k, q;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
n = strdup(pw->pw_name);
if (!n)
return -ENOMEM;
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
k = set_put(database_users, n);
if (k < 0) {
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
free(n);
return k;
}
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
k = hashmap_put(database_by_username, n, UID_TO_PTR(pw->pw_uid));
if (k < 0 && k != -EEXIST)
return k;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
q = hashmap_put(database_by_uid, UID_TO_PTR(pw->pw_uid), n);
if (q < 0 && q != -EEXIST)
return q;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
static int load_group_database(void) {
_cleanup_fclose_ FILE *f = NULL;
const char *group_path;
struct group *gr;
int r;
util: add generic calls for prefixing a root directory to a path So far a number of utilities implemented their own calls for this, unify them in prefix_root() and prefix_roota(). The former uses heap memory, the latter allocates from the stack via alloca(). Port over most users of a --root= logic.
2015-05-13 17:42:10 +02:00
group_path = prefix_roota(arg_root, "/etc/group");
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
f = fopen(group_path, "re");
if (!f)
return errno == ENOENT ? 0 : -errno;
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
r = hashmap_ensure_allocated(&database_by_groupname, &string_hash_ops);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
return r;
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
r = hashmap_ensure_allocated(&database_by_gid, NULL);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
return r;
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
r = set_ensure_allocated(&database_groups, NULL);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
return r;
sysusers: use fgetgrent_sane()
2018-11-25 20:41:53 +01:00
while ((r = fgetgrent_sane(f, &gr)) > 0) {
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
char *n;
int k, q;
n = strdup(gr->gr_name);
if (!n)
return -ENOMEM;
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
k = set_put(database_groups, n);
if (k < 0) {
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
free(n);
return k;
}
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
k = hashmap_put(database_by_groupname, n, GID_TO_PTR(gr->gr_gid));
if (k < 0 && k != -EEXIST)
return k;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
q = hashmap_put(database_by_gid, GID_TO_PTR(gr->gr_gid), n);
if (q < 0 && q != -EEXIST)
return q;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: use fgetgrent_sane()
2018-11-25 20:41:53 +01:00
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: fix selinux context of backup files Also, fix fopen_temporary_label to set proper context. By chance, all users so far used the same context, so the error didn't matter. Also, check return value from label_init(). https://bugzilla.redhat.com/show_bug.cgi?id=1121806
2014-07-22 02:41:19 +02:00
static int make_backup(const char *target, const char *x) {
sysusers: modernize file backup logic a bit Let's use _cleanup_ magic to clean up files, let's fully operate by fds whenever we can.
2020-09-23 17:49:35 +02:00
_cleanup_(unlink_and_freep) char *dst_tmp = NULL;
sysusers: fix selinux context of backup files Also, fix fopen_temporary_label to set proper context. By chance, all users so far used the same context, so the error didn't matter. Also, check return value from label_init(). https://bugzilla.redhat.com/show_bug.cgi?id=1121806
2014-07-22 02:41:19 +02:00
_cleanup_fclose_ FILE *dst = NULL;
sysusers: modernize file backup logic a bit Let's use _cleanup_ magic to clean up files, let's fully operate by fds whenever we can.
2020-09-23 17:49:35 +02:00
_cleanup_close_ int src = -1;
const char *backup;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
struct stat st;
int r;
sysusers: modernize file backup logic a bit Let's use _cleanup_ magic to clean up files, let's fully operate by fds whenever we can.
2020-09-23 17:49:35 +02:00
assert(target);
assert(x);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
src = open(x, O_RDONLY|O_CLOEXEC|O_NOCTTY);
if (src < 0) {
if (errno == ENOENT) /* No backup necessary... */
return 0;
return -errno;
}
if (fstat(src, &st) < 0)
return -errno;
sysusers: modernize file backup logic a bit Let's use _cleanup_ magic to clean up files, let's fully operate by fds whenever we can.
2020-09-23 17:49:35 +02:00
r = fopen_temporary_label(
target, /* The path for which to the lookup the label */
x, /* Where we want the file actually to end up */
&dst,
&dst_tmp /* The temporary file we write to */);
sysusers: fix selinux context of backup files Also, fix fopen_temporary_label to set proper context. By chance, all users so far used the same context, so the error didn't matter. Also, check return value from label_init(). https://bugzilla.redhat.com/show_bug.cgi?id=1121806
2014-07-22 02:41:19 +02:00
if (r < 0)
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
copy: change the various copy_xyz() calls to take a unified flags parameter This adds a unified "copy_flags" parameter to all copy_xyz() function calls, replacing the various boolean flags so far used. This should make many invocations more readable as it is clear what behaviour is precisely requested. This also prepares ground for adding support for more modes later on.
2017-02-13 19:00:22 +01:00
r = copy_bytes(src, fileno(dst), (uint64_t) -1, COPY_REFLINK);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
sysusers: modernize file backup logic a bit Let's use _cleanup_ magic to clean up files, let's fully operate by fds whenever we can.
2020-09-23 17:49:35 +02:00
return r;
sysusers: fix selinux context of backup files Also, fix fopen_temporary_label to set proper context. By chance, all users so far used the same context, so the error didn't matter. Also, check return value from label_init(). https://bugzilla.redhat.com/show_bug.cgi?id=1121806
2014-07-22 02:41:19 +02:00
util: rework strappenda(), and rename it strjoina() After all it is now much more like strjoin() than strappend(). At the same time, add support for NULL sentinels, even if they are normally not necessary.
2015-02-03 02:05:59 +01:00
backup = strjoina(x, "-");
sysusers: fix selinux context of backup files Also, fix fopen_temporary_label to set proper context. By chance, all users so far used the same context, so the error didn't matter. Also, check return value from label_init(). https://bugzilla.redhat.com/show_bug.cgi?id=1121806
2014-07-22 02:41:19 +02:00
sysusers: modernize file backup logic a bit Let's use _cleanup_ magic to clean up files, let's fully operate by fds whenever we can.
2020-09-23 17:49:35 +02:00
/* Copy over the access mask. Don't fail on chmod() or chown(). If it stays owned by us and/or
* unreadable by others, then it isn't too bad... */
r = fchmod_and_chown(fileno(dst), st.st_mode & 07777, st.st_uid, st.st_gid);
sysusers: use fchmod_and_chown()
2018-06-14 04:39:55 +02:00
if (r < 0)
log_warning_errno(r, "Failed to change access mode or ownership of %s: %m", backup);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: modernize file backup logic a bit Let's use _cleanup_ magic to clean up files, let's fully operate by fds whenever we can.
2020-09-23 17:49:35 +02:00
if (futimens(fileno(dst), (const struct timespec[2]) { st.st_atim, st.st_mtim }) < 0)
treewide: use log_*_errno whenever %m is in the format string If the format string contains %m, clearly errno must have a meaningful value, so we might as well use log_*_errno to have ERRNO= logged. Using: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/' Plus some whitespace, linewrap, and indent adjustments.
2014-11-28 19:29:59 +01:00
log_warning_errno(errno, "Failed to fix access and modification time of %s: %m", backup);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: modernize file backup logic a bit Let's use _cleanup_ magic to clean up files, let's fully operate by fds whenever we can.
2020-09-23 17:49:35 +02:00
r = fsync_full(fileno(dst));
"Don't fear the fsync()" For files which are vital to boot 1. Avoid opening any window where power loss will zero them out or worse. I know app developers all coded to the ext3 implementation, but the only formal documentation we have says we're broken if we actually rely on it. E.g. * `man mount`, search for `auto_da_alloc`. * http://www.linux-mtd.infradead.org/faq/ubifs.html#L_atomic_change * https://thunk.org/tytso/blog/2009/03/15/dont-fear-the-fsync/ 2. If we tell the kernel we're interested in writing them to disk, it will tell us if that fails. So at minimum, this means we play our part in notifying the user about errors. I refactored error-handling in `udevadm-hwdb` a little. It turns out I did exactly the same as had already been done in the `systemd-hwdb` version, i.e. commit d702dcd.
2017-08-17 18:09:44 +02:00
if (r < 0)
sysusers: modernize file backup logic a bit Let's use _cleanup_ magic to clean up files, let's fully operate by fds whenever we can.
2020-09-23 17:49:35 +02:00
return r;
"Don't fear the fsync()" For files which are vital to boot 1. Avoid opening any window where power loss will zero them out or worse. I know app developers all coded to the ext3 implementation, but the only formal documentation we have says we're broken if we actually rely on it. E.g. * `man mount`, search for `auto_da_alloc`. * http://www.linux-mtd.infradead.org/faq/ubifs.html#L_atomic_change * https://thunk.org/tytso/blog/2009/03/15/dont-fear-the-fsync/ 2. If we tell the kernel we're interested in writing them to disk, it will tell us if that fails. So at minimum, this means we play our part in notifying the user about errors. I refactored error-handling in `udevadm-hwdb` a little. It turns out I did exactly the same as had already been done in the `systemd-hwdb` version, i.e. commit d702dcd.
2017-08-17 18:09:44 +02:00
sysusers: modernize file backup logic a bit Let's use _cleanup_ magic to clean up files, let's fully operate by fds whenever we can.
2020-09-23 17:49:35 +02:00
if (rename(dst_tmp, backup) < 0)
return errno;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: modernize file backup logic a bit Let's use _cleanup_ magic to clean up files, let's fully operate by fds whenever we can.
2020-09-23 17:49:35 +02:00
dst_tmp = mfree(dst_tmp); /* disable the unlink_and_freep() hook now that the file has been renamed*/
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return 0;
}
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
static int putgrent_with_members(const struct group *gr, FILE *group) {
char **a;
assert(gr);
assert(group);
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
a = ordered_hashmap_get(members, gr->gr_name);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
if (a) {
_cleanup_strv_free_ char **l = NULL;
bool added = false;
char **i;
l = strv_copy(gr->gr_mem);
if (!l)
return -ENOMEM;
STRV_FOREACH(i, a) {
if (strv_find(l, *i))
continue;
if (strv_extend(&l, *i) < 0)
return -ENOMEM;
added = true;
}
if (added) {
struct group t;
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
int r;
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
strv_uniq(l);
strv_sort(l);
t = *gr;
t.gr_mem = l;
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = putgrent_sane(&t, group);
return r < 0 ? r : 1;
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
}
}
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
return putgrent_sane(gr, group);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
}
build-sys: use #if Y instead of #ifdef Y everywhere The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-10-03 10:41:51 +02:00
#if ENABLE_GSHADOW
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
static int putsgent_with_members(const struct sgrp *sg, FILE *gshadow) {
char **a;
assert(sg);
assert(gshadow);
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
a = ordered_hashmap_get(members, sg->sg_namp);
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
if (a) {
_cleanup_strv_free_ char **l = NULL;
bool added = false;
char **i;
l = strv_copy(sg->sg_mem);
if (!l)
return -ENOMEM;
STRV_FOREACH(i, a) {
if (strv_find(l, *i))
continue;
if (strv_extend(&l, *i) < 0)
return -ENOMEM;
added = true;
}
if (added) {
struct sgrp t;
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
int r;
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
strv_uniq(l);
strv_sort(l);
t = *sg;
t.sg_mem = l;
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = putsgent_sane(&t, gshadow);
return r < 0 ? r : 1;
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
}
}
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
return putsgent_sane(sg, gshadow);
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
}
sysusers: make group shadow support configurable Some distros (openSUSE) don't have group shadow support enabled. This can lead to the following error: # systemd-sysusers Creating group foofoo with gid 478. # systemd-sysusers # groupdel foofoo # systemd-sysusers Creating group foofoo with gid 478. Failed to write files: File exists This patch adds --disable-gshadow option to configure. If used, systemd-sysvusers won't consider /etc/gshadow.
2017-05-09 14:02:37 +02:00
#endif
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
static const char* default_shell(uid_t uid) {
meson: make nologin path build time configurable Some distros install nologin as /usr/sbin/nologin, others as /sbin/nologin. Since we can't really on merged-usr everywhere (where the path wouldn't matter), make the path build time configurable via -Dnologin-path=. Closes #13028
2019-07-18 01:24:00 +02:00
return uid == 0 ? "/bin/sh" : NOLOGIN;
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
}
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
static int write_temporary_passwd(const char *passwd_path, FILE **tmpfile, char **tmpfile_path) {
_cleanup_fclose_ FILE *original = NULL, *passwd = NULL;
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
_cleanup_(unlink_and_freep) char *passwd_tmp = NULL;
sysusers: do not append entries after the NIS ones The NIS-catchall entry switches from files to NIS lookup and never goes back, so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup} entries don't have to be). That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally works. It's age-old historic behaviour that the NIS entry must be the last one. It doesn't seem to be specified somewhere, but it worked like this since very early SunOS when NIS was first included. Fixes: #8467
2018-03-15 18:46:28 +01:00
struct passwd *pw = NULL;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
Item *i;
int r;
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
if (ordered_hashmap_size(todo_uids) == 0)
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
return 0;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
r = fopen_temporary_label("/etc/passwd", passwd_path, &passwd, &passwd_tmp);
if (r < 0)
return r;
original = fopen(passwd_path, "re");
if (original) {
fileio: Refactor sync_rights to take fds as arguments
2020-05-26 20:00:45 +02:00
r = sync_rights(fileno(original), fileno(passwd));
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
while ((r = fgetpwent_sane(original, &pw)) > 0) {
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
i = ordered_hashmap_get(users, pw->pw_name);
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (i && i->todo_user)
return log_error_errno(SYNTHETIC_ERRNO(EEXIST),
"%s: User \"%s\" already exists.",
passwd_path, pw->pw_name);
sysusers: Preserve ownership and mode on /etc/passwd and friends When running sysusers we would clobber file ownership and permissions on the files /etc/passwd, /etc/group and /etc/[g]shadow. This simply preserves the ownership and mode if existing files are found.
2014-10-29 15:03:41 +01:00
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (ordered_hashmap_contains(todo_uids, UID_TO_PTR(pw->pw_uid)))
return log_error_errno(SYNTHETIC_ERRNO(EEXIST),
"%s: Detected collision for UID " UID_FMT ".",
passwd_path, pw->pw_uid);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
sysusers: do not append entries after the NIS ones The NIS-catchall entry switches from files to NIS lookup and never goes back, so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup} entries don't have to be). That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally works. It's age-old historic behaviour that the NIS entry must be the last one. It doesn't seem to be specified somewhere, but it worked like this since very early SunOS when NIS was first included. Fixes: #8467
2018-03-15 18:46:28 +01:00
/* Make sure we keep the NIS entries (if any) at the end. */
if (IN_SET(pw->pw_name[0], '+', '-'))
break;
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = putpwent_sane(pw, passwd);
if (r < 0)
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
if (r < 0)
return r;
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
} else {
if (errno != ENOENT)
return -errno;
if (fchmod(fileno(passwd), 0644) < 0)
return -errno;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
tree-wide: define iterator inside of the macro
2020-09-08 11:58:29 +02:00
ORDERED_HASHMAP_FOREACH(i, todo_uids) {
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
struct passwd n = {
.pw_name = i->name,
.pw_uid = i->uid,
.pw_gid = i->gid,
.pw_gecos = i->description,
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
/* "x" means the password is stored in the shadow file */
.pw_passwd = (char*) "x",
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
/* We default to the root directory as home */
sysusers: properly mark generated accounts as locked Previously, we'd only set the shell to /usr/bin/nologin and lock the password for system users. Let's go one step further and also lock the whole account. This is a paranoid safety precaution, since neither disabling the shell like this nor disabling the password is sufficient to lock an account, since remote shell tools generally allow passing different shells, and logins into ftp or similar protocols don't know the shell concept anyway. Moreover, in times of ssh authentication by password is just one option of authentication among many. Takes inspiration from the recommendations in usermod(8)'s -L switch: "Note: if you wish to lock the account (not only access with a password), you should also set the EXPIRE_DATE to 1."
2019-08-07 12:35:29 +02:00
.pw_dir = i->home ?: (char*) "/",
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
/* Initialize the shell to nologin, with one exception:
* for root we patch in something special */
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
.pw_shell = i->shell ?: (char*) default_shell(i->uid),
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
};
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = putpwent_sane(&n, passwd);
if (r < 0)
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
sysusers: do not append entries after the NIS ones The NIS-catchall entry switches from files to NIS lookup and never goes back, so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup} entries don't have to be). That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally works. It's age-old historic behaviour that the NIS entry must be the last one. It doesn't seem to be specified somewhere, but it worked like this since very early SunOS when NIS was first included. Fixes: #8467
2018-03-15 18:46:28 +01:00
/* Append the remaining NIS entries if any */
while (pw) {
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = putpwent_sane(pw, passwd);
if (r < 0)
return r;
sysusers: do not append entries after the NIS ones The NIS-catchall entry switches from files to NIS lookup and never goes back, so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup} entries don't have to be). That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally works. It's age-old historic behaviour that the NIS entry must be the last one. It doesn't seem to be specified somewhere, but it worked like this since very early SunOS when NIS was first included. Fixes: #8467
2018-03-15 18:46:28 +01:00
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = fgetpwent_sane(original, &pw);
if (r < 0)
return r;
if (r == 0)
break;
sysusers: do not append entries after the NIS ones The NIS-catchall entry switches from files to NIS lookup and never goes back, so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup} entries don't have to be). That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally works. It's age-old historic behaviour that the NIS entry must be the last one. It doesn't seem to be specified somewhere, but it worked like this since very early SunOS when NIS was first included. Fixes: #8467
2018-03-15 18:46:28 +01:00
}
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
r = fflush_and_check(passwd);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
*tmpfile = TAKE_PTR(passwd);
*tmpfile_path = TAKE_PTR(passwd_tmp);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
return 0;
}
static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char **tmpfile_path) {
_cleanup_fclose_ FILE *original = NULL, *shadow = NULL;
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
_cleanup_(unlink_and_freep) char *shadow_tmp = NULL;
sysusers: also add support for NIS entries in /etc/shadow Commit 563dc6f8e2cda4114dd20f32655890ed378c3740 added support for /etc/{passwd,group} only but since nsswitch.conf(5) appears to document the NIS entries also for shadow, let's support this case too.
2018-03-20 09:32:05 +01:00
struct spwd *sp = NULL;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
long lstchg;
Item *i;
int r;
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
if (ordered_hashmap_size(todo_uids) == 0)
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
return 0;
r = fopen_temporary_label("/etc/shadow", shadow_path, &shadow, &shadow_tmp);
if (r < 0)
return r;
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY);
original = fopen(shadow_path, "re");
if (original) {
fileio: Refactor sync_rights to take fds as arguments
2020-05-26 20:00:45 +02:00
r = sync_rights(fileno(original), fileno(shadow));
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
while ((r = fgetspent_sane(original, &sp)) > 0) {
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
i = ordered_hashmap_get(users, sp->sp_namp);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (i && i->todo_user) {
/* we will update the existing entry */
sp->sp_lstchg = lstchg;
sysusers: Preserve ownership and mode on /etc/passwd and friends When running sysusers we would clobber file ownership and permissions on the files /etc/passwd, /etc/group and /etc/[g]shadow. This simply preserves the ownership and mode if existing files are found.
2014-10-29 15:03:41 +01:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
/* only the /etc/shadow stage is left, so we can
* safely remove the item from the todo set */
i->todo_user = false;
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
ordered_hashmap_remove(todo_uids, UID_TO_PTR(i->uid));
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
}
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
sysusers: also add support for NIS entries in /etc/shadow Commit 563dc6f8e2cda4114dd20f32655890ed378c3740 added support for /etc/{passwd,group} only but since nsswitch.conf(5) appears to document the NIS entries also for shadow, let's support this case too.
2018-03-20 09:32:05 +01:00
/* Make sure we keep the NIS entries (if any) at the end. */
if (IN_SET(sp->sp_namp[0], '+', '-'))
break;
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = putspent_sane(sp, shadow);
if (r < 0)
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
if (r < 0)
return r;
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
} else {
if (errno != ENOENT)
return -errno;
if (fchmod(fileno(shadow), 0000) < 0)
return -errno;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
tree-wide: define iterator inside of the macro
2020-09-08 11:58:29 +02:00
ORDERED_HASHMAP_FOREACH(i, todo_uids) {
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
struct spwd n = {
.sp_namp = i->name,
sysusers: be extra careful when locking accounts Let's use "!*" instead of "!!" as invalid password string. Generally, any invalid password string can be used to for locking an account, according to shadow(5). To temporarily lock a password of an account it is commonly implemented to prefix the original password with a single "!", so that it can later on be unlocked again by removing the "!", restoring the original password. Thus, the "!" marker is an indicator for a locked password; the act of prefixing "!" to a password string is the locking operation; and the removal of a "!" prefix is the unlock operation. (This is also suggested in shadow(5)). If we want to entirely lock an account we previously used "!!" as password string. This is nice since it indicates the password is locked. However, it is less than ideal, since applying the password unlock operation once will change the string to "!", which is still a locked password. Unlocking the password a second time will result in "", i.e. the empty password, which will in many cases allow logging in without password. And that's a problem. Hopefully, tools do not allow such duplicate unlocking, but it's still not a nice property. By changing our password string to "!*" we get different behaviour: the password will appear locked. When it is unlocked the password is "*" which is an invalid password. In that case the password is hence unlocked but invalid, which is a much better state to be in than the above. This is paranoia hardening. Not more. There's no report that anyone every unlocked an account twice and people could log in.
2020-05-05 21:46:56 +02:00
.sp_pwdp = (char*) "!*", /* lock this password, and make it invalid */
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
.sp_lstchg = lstchg,
.sp_min = -1,
.sp_max = -1,
.sp_warn = -1,
.sp_inact = -1,
Revert "sysusers: properly mark generated accounts as locked" This reverts the gist of commit 636e72bce63e7e99b76357f7d524d16f61558775. The comment and the tiny cleanup are left alone. We shouldn't lock the accounts because people actually need to use them, and if they are locked, various tools will refuse. See https://github.com/systemd/systemd/pull/13277#issuecomment-529964578 and follow-up comments.
2019-10-21 16:26:42 +02:00
.sp_expire = -1,
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
.sp_flag = (unsigned long) -1, /* this appears to be what everybody does ... */
};
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = putspent_sane(&n, shadow);
if (r < 0)
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: also add support for NIS entries in /etc/shadow Commit 563dc6f8e2cda4114dd20f32655890ed378c3740 added support for /etc/{passwd,group} only but since nsswitch.conf(5) appears to document the NIS entries also for shadow, let's support this case too.
2018-03-20 09:32:05 +01:00
/* Append the remaining NIS entries if any */
while (sp) {
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = putspent_sane(sp, shadow);
if (r < 0)
return r;
sysusers: also add support for NIS entries in /etc/shadow Commit 563dc6f8e2cda4114dd20f32655890ed378c3740 added support for /etc/{passwd,group} only but since nsswitch.conf(5) appears to document the NIS entries also for shadow, let's support this case too.
2018-03-20 09:32:05 +01:00
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = fgetspent_sane(original, &sp);
if (r < 0)
return r;
if (r == 0)
break;
sysusers: also add support for NIS entries in /etc/shadow Commit 563dc6f8e2cda4114dd20f32655890ed378c3740 added support for /etc/{passwd,group} only but since nsswitch.conf(5) appears to document the NIS entries also for shadow, let's support this case too.
2018-03-20 09:32:05 +01:00
}
if (!IN_SET(errno, 0, ENOENT))
return -errno;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
"Don't fear the fsync()" For files which are vital to boot 1. Avoid opening any window where power loss will zero them out or worse. I know app developers all coded to the ext3 implementation, but the only formal documentation we have says we're broken if we actually rely on it. E.g. * `man mount`, search for `auto_da_alloc`. * http://www.linux-mtd.infradead.org/faq/ubifs.html#L_atomic_change * https://thunk.org/tytso/blog/2009/03/15/dont-fear-the-fsync/ 2. If we tell the kernel we're interested in writing them to disk, it will tell us if that fails. So at minimum, this means we play our part in notifying the user about errors. I refactored error-handling in `udevadm-hwdb` a little. It turns out I did exactly the same as had already been done in the `systemd-hwdb` version, i.e. commit d702dcd.
2017-08-17 18:09:44 +02:00
r = fflush_sync_and_check(shadow);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
*tmpfile = TAKE_PTR(shadow);
*tmpfile_path = TAKE_PTR(shadow_tmp);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
return 0;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
static int write_temporary_group(const char *group_path, FILE **tmpfile, char **tmpfile_path) {
_cleanup_fclose_ FILE *original = NULL, *group = NULL;
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
_cleanup_(unlink_and_freep) char *group_tmp = NULL;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
bool group_changed = false;
sysusers: do not append entries after the NIS ones The NIS-catchall entry switches from files to NIS lookup and never goes back, so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup} entries don't have to be). That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally works. It's age-old historic behaviour that the NIS entry must be the last one. It doesn't seem to be specified somewhere, but it worked like this since very early SunOS when NIS was first included. Fixes: #8467
2018-03-15 18:46:28 +01:00
struct group *gr = NULL;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
Item *i;
int r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
if (ordered_hashmap_size(todo_gids) == 0 && ordered_hashmap_size(members) == 0)
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
return 0;
sysusers: Preserve ownership and mode on /etc/passwd and friends When running sysusers we would clobber file ownership and permissions on the files /etc/passwd, /etc/group and /etc/[g]shadow. This simply preserves the ownership and mode if existing files are found.
2014-10-29 15:03:41 +01:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
r = fopen_temporary_label("/etc/group", group_path, &group, &group_tmp);
if (r < 0)
return r;
original = fopen(group_path, "re");
if (original) {
fileio: Refactor sync_rights to take fds as arguments
2020-05-26 20:00:45 +02:00
r = sync_rights(fileno(original), fileno(group));
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
while ((r = fgetgrent_sane(original, &gr)) > 0) {
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
/* Safety checks against name and GID collisions. Normally,
* this should be unnecessary, but given that we look at the
* entries anyway here, let's make an extra verification
* step that we don't generate duplicate entries. */
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
i = ordered_hashmap_get(groups, gr->gr_name);
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (i && i->todo_group)
return log_error_errno(SYNTHETIC_ERRNO(EEXIST),
"%s: Group \"%s\" already exists.",
group_path, gr->gr_name);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (ordered_hashmap_contains(todo_gids, GID_TO_PTR(gr->gr_gid)))
return log_error_errno(SYNTHETIC_ERRNO(EEXIST),
"%s: Detected collision for GID " GID_FMT ".",
group_path, gr->gr_gid);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: do not append entries after the NIS ones The NIS-catchall entry switches from files to NIS lookup and never goes back, so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup} entries don't have to be). That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally works. It's age-old historic behaviour that the NIS entry must be the last one. It doesn't seem to be specified somewhere, but it worked like this since very early SunOS when NIS was first included. Fixes: #8467
2018-03-15 18:46:28 +01:00
/* Make sure we keep the NIS entries (if any) at the end. */
if (IN_SET(gr->gr_name[0], '+', '-'))
break;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
r = putgrent_with_members(gr, group);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (r > 0)
group_changed = true;
}
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
if (r < 0)
return r;
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
} else {
if (errno != ENOENT)
return -errno;
if (fchmod(fileno(group), 0644) < 0)
return -errno;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
tree-wide: define iterator inside of the macro
2020-09-08 11:58:29 +02:00
ORDERED_HASHMAP_FOREACH(i, todo_gids) {
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
struct group n = {
.gr_name = i->name,
.gr_gid = i->gid,
.gr_passwd = (char*) "x",
};
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
r = putgrent_with_members(&n, group);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
group_changed = true;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: do not append entries after the NIS ones The NIS-catchall entry switches from files to NIS lookup and never goes back, so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup} entries don't have to be). That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally works. It's age-old historic behaviour that the NIS entry must be the last one. It doesn't seem to be specified somewhere, but it worked like this since very early SunOS when NIS was first included. Fixes: #8467
2018-03-15 18:46:28 +01:00
/* Append the remaining NIS entries if any */
while (gr) {
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = putgrent_sane(gr, group);
if (r < 0)
return r;
sysusers: do not append entries after the NIS ones The NIS-catchall entry switches from files to NIS lookup and never goes back, so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup} entries don't have to be). That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally works. It's age-old historic behaviour that the NIS entry must be the last one. It doesn't seem to be specified somewhere, but it worked like this since very early SunOS when NIS was first included. Fixes: #8467
2018-03-15 18:46:28 +01:00
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = fgetgrent_sane(original, &gr);
if (r < 0)
return r;
if (r == 0)
break;
sysusers: do not append entries after the NIS ones The NIS-catchall entry switches from files to NIS lookup and never goes back, so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup} entries don't have to be). That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally works. It's age-old historic behaviour that the NIS entry must be the last one. It doesn't seem to be specified somewhere, but it worked like this since very early SunOS when NIS was first included. Fixes: #8467
2018-03-15 18:46:28 +01:00
}
"Don't fear the fsync()" For files which are vital to boot 1. Avoid opening any window where power loss will zero them out or worse. I know app developers all coded to the ext3 implementation, but the only formal documentation we have says we're broken if we actually rely on it. E.g. * `man mount`, search for `auto_da_alloc`. * http://www.linux-mtd.infradead.org/faq/ubifs.html#L_atomic_change * https://thunk.org/tytso/blog/2009/03/15/dont-fear-the-fsync/ 2. If we tell the kernel we're interested in writing them to disk, it will tell us if that fails. So at minimum, this means we play our part in notifying the user about errors. I refactored error-handling in `udevadm-hwdb` a little. It turns out I did exactly the same as had already been done in the `systemd-hwdb` version, i.e. commit d702dcd.
2017-08-17 18:09:44 +02:00
r = fflush_sync_and_check(group);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (group_changed) {
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
*tmpfile = TAKE_PTR(group);
*tmpfile_path = TAKE_PTR(group_tmp);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
return 0;
}
static int write_temporary_gshadow(const char * gshadow_path, FILE **tmpfile, char **tmpfile_path) {
build-sys: use #if Y instead of #ifdef Y everywhere The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-10-03 10:41:51 +02:00
#if ENABLE_GSHADOW
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
_cleanup_fclose_ FILE *original = NULL, *gshadow = NULL;
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
_cleanup_(unlink_and_freep) char *gshadow_tmp = NULL;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
bool group_changed = false;
Item *i;
int r;
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
if (ordered_hashmap_size(todo_gids) == 0 && ordered_hashmap_size(members) == 0)
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
return 0;
r = fopen_temporary_label("/etc/gshadow", gshadow_path, &gshadow, &gshadow_tmp);
if (r < 0)
return r;
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
original = fopen(gshadow_path, "re");
if (original) {
struct sgrp *sg;
fileio: Refactor sync_rights to take fds as arguments
2020-05-26 20:00:45 +02:00
r = sync_rights(fileno(original), fileno(gshadow));
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
while ((r = fgetsgent_sane(original, &sg)) > 0) {
sysusers: do not reject users with already present /etc/shadow entries This is needed to interoperate firstboot and sysusers. The former one is started first, and it writes only /etc/shadow when it is told to set the root password. It's better to relax checks here than to duplicate functionality in firstboot.
2015-03-07 16:11:32 +01:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
i = ordered_hashmap_get(groups, sg->sg_namp);
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (i && i->todo_group)
return log_error_errno(SYNTHETIC_ERRNO(EEXIST),
"%s: Group \"%s\" already exists.",
gshadow_path, sg->sg_namp);
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
r = putsgent_with_members(sg, gshadow);
sysuser: simplify access mode syncing by introducing helper function for it
2014-11-11 18:12:40 +01:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (r > 0)
group_changed = true;
}
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
if (r < 0)
return r;
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
} else {
if (errno != ENOENT)
return -errno;
if (fchmod(fileno(gshadow), 0000) < 0)
return -errno;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
tree-wide: define iterator inside of the macro
2020-09-08 11:58:29 +02:00
ORDERED_HASHMAP_FOREACH(i, todo_gids) {
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
struct sgrp n = {
.sg_namp = i->name,
sysusers: use "!*" instead of "!!" as an invalid group password This basically implements fc58c0c7bf7e4f525b916e3e5be0de2307fef04e for gshadow. gpasswd may not have a lock/unlock that behaves the same as passwd, but according to gshadow(5) the logic of the password field is the same.
2020-09-30 07:09:25 +02:00
.sg_passwd = (char*) "!*",
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
};
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
r = putsgent_with_members(&n, gshadow);
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
group_changed = true;
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
}
"Don't fear the fsync()" For files which are vital to boot 1. Avoid opening any window where power loss will zero them out or worse. I know app developers all coded to the ext3 implementation, but the only formal documentation we have says we're broken if we actually rely on it. E.g. * `man mount`, search for `auto_da_alloc`. * http://www.linux-mtd.infradead.org/faq/ubifs.html#L_atomic_change * https://thunk.org/tytso/blog/2009/03/15/dont-fear-the-fsync/ 2. If we tell the kernel we're interested in writing them to disk, it will tell us if that fails. So at minimum, this means we play our part in notifying the user about errors. I refactored error-handling in `udevadm-hwdb` a little. It turns out I did exactly the same as had already been done in the `systemd-hwdb` version, i.e. commit d702dcd.
2017-08-17 18:09:44 +02:00
r = fflush_sync_and_check(gshadow);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
if (group_changed) {
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
*tmpfile = TAKE_PTR(gshadow);
*tmpfile_path = TAKE_PTR(gshadow_tmp);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
return 0;
sysusers: make group shadow support configurable Some distros (openSUSE) don't have group shadow support enabled. This can lead to the following error: # systemd-sysusers Creating group foofoo with gid 478. # systemd-sysusers # groupdel foofoo # systemd-sysusers Creating group foofoo with gid 478. Failed to write files: File exists This patch adds --disable-gshadow option to configure. If used, systemd-sysvusers won't consider /etc/gshadow.
2017-05-09 14:02:37 +02:00
#else
return 0;
#endif
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
static int write_files(void) {
_cleanup_fclose_ FILE *passwd = NULL, *group = NULL, *shadow = NULL, *gshadow = NULL;
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
_cleanup_(unlink_and_freep) char *passwd_tmp = NULL, *group_tmp = NULL, *shadow_tmp = NULL, *gshadow_tmp = NULL;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
const char *passwd_path = NULL, *group_path = NULL, *shadow_path = NULL, *gshadow_path = NULL;
int r;
passwd_path = prefix_roota(arg_root, "/etc/passwd");
shadow_path = prefix_roota(arg_root, "/etc/shadow");
group_path = prefix_roota(arg_root, "/etc/group");
gshadow_path = prefix_roota(arg_root, "/etc/gshadow");
r = write_temporary_group(group_path, &group, &group_tmp);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
r = write_temporary_gshadow(gshadow_path, &gshadow, &gshadow_tmp);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
r = write_temporary_passwd(passwd_path, &passwd, &passwd_tmp);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
r = write_temporary_shadow(shadow_path, &shadow, &shadow_tmp);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
/* Make a backup of the old files */
if (group) {
r = make_backup("/etc/group", group_path);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
if (gshadow) {
r = make_backup("/etc/gshadow", gshadow_path);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
if (passwd) {
sysusers: fix selinux context of backup files Also, fix fopen_temporary_label to set proper context. By chance, all users so far used the same context, so the error didn't matter. Also, check return value from label_init(). https://bugzilla.redhat.com/show_bug.cgi?id=1121806
2014-07-22 02:41:19 +02:00
r = make_backup("/etc/passwd", passwd_path);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
if (shadow) {
r = make_backup("/etc/shadow", shadow_path);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
/* And make the new files count */
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (group) {
fileio: Rename rename_and_apply_smack to rename_and_apply_smack_floor_label.
2020-05-26 19:49:26 +02:00
r = rename_and_apply_smack_floor_label(group_tmp, group_path);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
group_tmp = mfree(group_tmp);
}
if (gshadow) {
fileio: Rename rename_and_apply_smack to rename_and_apply_smack_floor_label.
2020-05-26 19:49:26 +02:00
r = rename_and_apply_smack_floor_label(gshadow_tmp, gshadow_path);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
gshadow_tmp = mfree(gshadow_tmp);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
if (passwd) {
fileio: Rename rename_and_apply_smack to rename_and_apply_smack_floor_label.
2020-05-26 19:49:26 +02:00
r = rename_and_apply_smack_floor_label(passwd_tmp, passwd_path);
smack: label /etc/passwd and friends as '_' smack label when --with-smack-run-label' is enabled systemd-sysusers.service unit creates system users and groups and it could update /etc/passwd, /etc/group, /etc/shadow and /etc/gshadow. Those files should have '_' smack label because of accessibility. However, if systemd has its own smack label using '--with-smack-run-label' configuration, systemd-sysusers process spawned by systemd(pid:1) has its parent smack label and eventually updated files also is set as its parent smack label. This patch fixes that bug by labeling updated files as '_' smack label when --with-smack-run-label' is enabled.
2015-10-06 12:08:16 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
tree-wide: introduce mfree() Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-07-31 19:56:38 +02:00
passwd_tmp = mfree(passwd_tmp);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
if (shadow) {
fileio: Rename rename_and_apply_smack to rename_and_apply_smack_floor_label.
2020-05-26 19:49:26 +02:00
r = rename_and_apply_smack_floor_label(shadow_tmp, shadow_path);
smack: label /etc/passwd and friends as '_' smack label when --with-smack-run-label' is enabled systemd-sysusers.service unit creates system users and groups and it could update /etc/passwd, /etc/group, /etc/shadow and /etc/gshadow. Those files should have '_' smack label because of accessibility. However, if systemd has its own smack label using '--with-smack-run-label' configuration, systemd-sysusers process spawned by systemd(pid:1) has its parent smack label and eventually updated files also is set as its parent smack label. This patch fixes that bug by labeling updated files as '_' smack label when --with-smack-run-label' is enabled.
2015-10-06 12:08:16 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
tree-wide: introduce mfree() Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-07-31 19:56:38 +02:00
shadow_tmp = mfree(shadow_tmp);
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return 0;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
static int uid_is_ok(uid_t uid, const char *name, bool check_with_gid) {
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
struct passwd *p;
struct group *g;
const char *n;
Item *i;
/* Let's see if we already have assigned the UID a second time */
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
if (ordered_hashmap_get(todo_uids, UID_TO_PTR(uid)))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return 0;
/* Try to avoid using uids that are already used by a group
* that doesn't have the same name as our new user. */
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
if (check_with_gid) {
i = ordered_hashmap_get(todo_gids, GID_TO_PTR(uid));
if (i && !streq(i->name, name))
return 0;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
/* Let's check the files directly */
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
if (hashmap_contains(database_by_uid, UID_TO_PTR(uid)))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return 0;
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
if (check_with_gid) {
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
n = hashmap_get(database_by_gid, GID_TO_PTR(uid));
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
if (n && !streq(n, name))
return 0;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
/* Let's also check via NSS, to avoid UID clashes over LDAP and such, just in case */
if (!arg_root) {
errno = 0;
p = getpwuid(uid);
if (p)
return 0;
sysusers: always treat ENOENT as entry-not-found when doing NSS calls For most NSS calls it is documented that they return NULL + errno=0 when an entry is not found. However, in reality it appears to be common to return NULL + errno=ENOENT, instead. Handle that correctly, and don't consider ENOENT a systematic error.
2014-06-13 19:24:11 +02:00
if (!IN_SET(errno, 0, ENOENT))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return -errno;
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
if (check_with_gid) {
errno = 0;
g = getgrgid((gid_t) uid);
if (g) {
if (!streq(g->gr_name, name))
return 0;
} else if (!IN_SET(errno, 0, ENOENT))
return -errno;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
return 1;
}
static int root_stat(const char *p, struct stat *st) {
const char *fix;
util: add generic calls for prefixing a root directory to a path So far a number of utilities implemented their own calls for this, unify them in prefix_root() and prefix_roota(). The former uses heap memory, the latter allocates from the stack via alloca(). Port over most users of a --root= logic.
2015-05-13 17:42:10 +02:00
fix = prefix_roota(arg_root, p);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (stat(fix, st) < 0)
return -errno;
return 0;
}
static int read_id_from_file(Item *i, uid_t *_uid, gid_t *_gid) {
struct stat st;
bool found_uid = false, found_gid = false;
sysusers: Remove some gcc warnings about uninitialized variables Gcc is spewing some warnings about uninitialized variables. Let's get rid of the noise.
2014-09-18 17:56:57 +02:00
uid_t uid = 0;
gid_t gid = 0;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
assert(i);
/* First, try to get the gid directly */
if (_gid && i->gid_path && root_stat(i->gid_path, &st) >= 0) {
gid = st.st_gid;
found_gid = true;
}
/* Then, try to get the uid directly */
if ((_uid || (_gid && !found_gid))
&& i->uid_path
&& root_stat(i->uid_path, &st) >= 0) {
uid = st.st_uid;
found_uid = true;
/* If we need the gid, but had no success yet, also derive it from the uid path */
if (_gid && !found_gid) {
gid = st.st_gid;
found_gid = true;
}
}
/* If that didn't work yet, then let's reuse the gid as uid */
if (_uid && !found_uid && i->gid_path) {
if (found_gid) {
uid = (uid_t) gid;
found_uid = true;
} else if (root_stat(i->gid_path, &st) >= 0) {
uid = (uid_t) st.st_gid;
found_uid = true;
}
}
if (_uid) {
if (!found_uid)
return 0;
*_uid = uid;
}
if (_gid) {
if (!found_gid)
return 0;
*_gid = gid;
}
return 1;
}
static int add_user(Item *i) {
void *z;
int r;
assert(i);
/* Check the database directly */
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
z = hashmap_get(database_by_username, i->name);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (z) {
log_debug("User %s already exists.", i->name);
sysusers: do not set todo to create a user when we only need a group
2014-06-13 03:26:41 +02:00
i->uid = PTR_TO_UID(z);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
i->uid_set = true;
return 0;
}
if (!arg_root) {
struct passwd *p;
/* Also check NSS */
errno = 0;
p = getpwnam(i->name);
if (p) {
log_debug("User %s already exists.", i->name);
i->uid = p->pw_uid;
i->uid_set = true;
tree-wide: use free_and_strdup() Use free_and_strdup() where appropriate and replace equivalent, open-coded versions.
2015-07-29 20:25:57 +02:00
r = free_and_strdup(&i->description, p->pw_gecos);
if (r < 0)
return log_oom();
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return 0;
}
sysusers: many different errnos to express one condition See https://bugzilla.redhat.com/show_bug.cgi?id=1807768. It turns out that sysusers cannot query if the group exists: Failed to check if group dnsmasq already exists: No such process ... Failed to check if group systemd-timesync already exists: No such process When the same command is executed later, the issue does not occur. Not sure why the behaviour in the initial transaction is different. But let's accept all errors that the man pages list. We check if the user/group exists before creating anyway, so this seems pretty safe.
2020-03-03 10:18:32 +01:00
if (!errno_is_not_exists(errno))
treewide: another round of simplifications Using the same scripts as in f647962d64e "treewide: yet more log_*_errno + return simplifications".
2014-11-28 19:57:32 +01:00
return log_error_errno(errno, "Failed to check if user %s already exists: %m", i->name);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
/* Try to use the suggested numeric uid */
if (i->uid_set) {
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
r = uid_is_ok(i->uid, i->name, !i->id_set_strict);
treewide: yet more log_*_errno + return simplifications Using: find . -name '*.[ch]' | while read f; do perl -i.mmm -e \ 'local $/; local $_=<>; s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg; print;' $f done And a couple of manual whitespace fixups.
2014-11-28 18:50:43 +01:00
if (r < 0)
return log_error_errno(r, "Failed to verify uid " UID_FMT ": %m", i->uid);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r == 0) {
log_debug("Suggested user ID " UID_FMT " for %s already used.", i->uid, i->name);
i->uid_set = false;
}
}
/* If that didn't work, try to read it from the specified path */
if (!i->uid_set) {
uid_t c;
if (read_id_from_file(i, &c, NULL) > 0) {
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (c <= 0 || !uid_range_contains(uid_range, n_uid_range, c))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
log_debug("User ID " UID_FMT " of file not suitable for %s.", c, i->name);
else {
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
r = uid_is_ok(c, i->name, true);
treewide: yet more log_*_errno + return simplifications Using: find . -name '*.[ch]' | while read f; do perl -i.mmm -e \ 'local $/; local $_=<>; s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg; print;' $f done And a couple of manual whitespace fixups.
2014-11-28 18:50:43 +01:00
if (r < 0)
return log_error_errno(r, "Failed to verify uid " UID_FMT ": %m", i->uid);
else if (r > 0) {
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
i->uid = c;
i->uid_set = true;
} else
log_debug("User ID " UID_FMT " of file for %s is already used.", c, i->name);
}
}
}
doc: correct punctuation and improve typography in documentation
2014-08-03 07:11:12 +02:00
/* Otherwise, try to reuse the group ID */
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (!i->uid_set && i->gid_set) {
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
r = uid_is_ok((uid_t) i->gid, i->name, true);
treewide: yet more log_*_errno + return simplifications Using: find . -name '*.[ch]' | while read f; do perl -i.mmm -e \ 'local $/; local $_=<>; s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg; print;' $f done And a couple of manual whitespace fixups.
2014-11-28 18:50:43 +01:00
if (r < 0)
return log_error_errno(r, "Failed to verify uid " UID_FMT ": %m", i->uid);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r > 0) {
i->uid = (uid_t) i->gid;
i->uid_set = true;
}
}
/* And if that didn't work either, let's try to find a free one */
if (!i->uid_set) {
sysusers: emit warnings about login.defs overrides on first user or group creation *** Running /home/zbyszek/src/systemd-work/test/test-sysusers/test-14.input (with login.defs symlinked) login.defs specifies UID allocation range 401–555 that is different than the built-in defaults (201–998) login.defs specifies GID allocation range 405–666 that is different than the built-in defaults (201–990)
2020-10-01 18:18:26 +02:00
maybe_emit_login_defs_warning();
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
for (;;) {
r = uid_range_next_lower(uid_range, n_uid_range, &search_uid);
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (r < 0)
return log_error_errno(r, "No free user ID available for %s.", i->name);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
r = uid_is_ok(search_uid, i->name, true);
treewide: yet more log_*_errno + return simplifications Using: find . -name '*.[ch]' | while read f; do perl -i.mmm -e \ 'local $/; local $_=<>; s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg; print;' $f done And a couple of manual whitespace fixups.
2014-11-28 18:50:43 +01:00
if (r < 0)
return log_error_errno(r, "Failed to verify uid " UID_FMT ": %m", i->uid);
else if (r > 0)
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
break;
}
i->uid_set = true;
i->uid = search_uid;
}
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
r = ordered_hashmap_ensure_allocated(&todo_uids, NULL);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
return log_oom();
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
r = ordered_hashmap_put(todo_uids, UID_TO_PTR(i->uid), i);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
return log_oom();
sysusers: do not set todo to create a user when we only need a group
2014-06-13 03:26:41 +02:00
i->todo_user = true;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
log_info("Creating user %s (%s) with uid " UID_FMT " and gid " GID_FMT ".", i->name, strna(i->description), i->uid, i->gid);
return 0;
}
static int gid_is_ok(gid_t gid) {
struct group *g;
struct passwd *p;
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
if (ordered_hashmap_get(todo_gids, GID_TO_PTR(gid)))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return 0;
/* Avoid reusing gids that are already used by a different user */
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
if (ordered_hashmap_get(todo_uids, UID_TO_PTR(gid)))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return 0;
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
if (hashmap_contains(database_by_gid, GID_TO_PTR(gid)))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return 0;
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
if (hashmap_contains(database_by_uid, UID_TO_PTR(gid)))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return 0;
if (!arg_root) {
errno = 0;
g = getgrgid(gid);
if (g)
return 0;
sysusers: always treat ENOENT as entry-not-found when doing NSS calls For most NSS calls it is documented that they return NULL + errno=0 when an entry is not found. However, in reality it appears to be common to return NULL + errno=ENOENT, instead. Handle that correctly, and don't consider ENOENT a systematic error.
2014-06-13 19:24:11 +02:00
if (!IN_SET(errno, 0, ENOENT))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return -errno;
errno = 0;
p = getpwuid((uid_t) gid);
if (p)
return 0;
sysusers: always treat ENOENT as entry-not-found when doing NSS calls For most NSS calls it is documented that they return NULL + errno=0 when an entry is not found. However, in reality it appears to be common to return NULL + errno=ENOENT, instead. Handle that correctly, and don't consider ENOENT a systematic error.
2014-06-13 19:24:11 +02:00
if (!IN_SET(errno, 0, ENOENT))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return -errno;
}
return 1;
}
sysusers: support creating users with a specific primary group This extends the "uid:gid" syntax for "u" lines so that a group name can be given instead of a GID. This requires that the group is either queued for creation by sysusers, or it is already defined on the system. Closes #14340
2020-01-30 20:04:14 +01:00
static int get_gid_by_name(const char *name, gid_t *gid) {
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
void *z;
sysusers: support creating users with a specific primary group This extends the "uid:gid" syntax for "u" lines so that a group name can be given instead of a GID. This requires that the group is either queued for creation by sysusers, or it is already defined on the system. Closes #14340
2020-01-30 20:04:14 +01:00
assert(gid);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
/* Check the database directly */
sysusers: support creating users with a specific primary group This extends the "uid:gid" syntax for "u" lines so that a group name can be given instead of a GID. This requires that the group is either queued for creation by sysusers, or it is already defined on the system. Closes #14340
2020-01-30 20:04:14 +01:00
z = hashmap_get(database_by_groupname, name);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (z) {
sysusers: support creating users with a specific primary group This extends the "uid:gid" syntax for "u" lines so that a group name can be given instead of a GID. This requires that the group is either queued for creation by sysusers, or it is already defined on the system. Closes #14340
2020-01-30 20:04:14 +01:00
*gid = PTR_TO_GID(z);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return 0;
}
/* Also check NSS */
if (!arg_root) {
struct group *g;
errno = 0;
sysusers: support creating users with a specific primary group This extends the "uid:gid" syntax for "u" lines so that a group name can be given instead of a GID. This requires that the group is either queued for creation by sysusers, or it is already defined on the system. Closes #14340
2020-01-30 20:04:14 +01:00
g = getgrnam(name);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (g) {
sysusers: support creating users with a specific primary group This extends the "uid:gid" syntax for "u" lines so that a group name can be given instead of a GID. This requires that the group is either queued for creation by sysusers, or it is already defined on the system. Closes #14340
2020-01-30 20:04:14 +01:00
*gid = g->gr_gid;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return 0;
}
sysusers: many different errnos to express one condition See https://bugzilla.redhat.com/show_bug.cgi?id=1807768. It turns out that sysusers cannot query if the group exists: Failed to check if group dnsmasq already exists: No such process ... Failed to check if group systemd-timesync already exists: No such process When the same command is executed later, the issue does not occur. Not sure why the behaviour in the initial transaction is different. But let's accept all errors that the man pages list. We check if the user/group exists before creating anyway, so this seems pretty safe.
2020-03-03 10:18:32 +01:00
if (!errno_is_not_exists(errno))
sysusers: support creating users with a specific primary group This extends the "uid:gid" syntax for "u" lines so that a group name can be given instead of a GID. This requires that the group is either queued for creation by sysusers, or it is already defined on the system. Closes #14340
2020-01-30 20:04:14 +01:00
return log_error_errno(errno, "Failed to check if group %s already exists: %m", name);
}
return -ENOENT;
}
static int add_group(Item *i) {
int r;
assert(i);
r = get_gid_by_name(i->name, &i->gid);
if (r != -ENOENT) {
if (r < 0)
return r;
log_debug("Group %s already exists.", i->name);
i->gid_set = true;
return 0;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
/* Try to use the suggested numeric gid */
if (i->gid_set) {
r = gid_is_ok(i->gid);
treewide: yet more log_*_errno + return simplifications Using: find . -name '*.[ch]' | while read f; do perl -i.mmm -e \ 'local $/; local $_=<>; s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg; print;' $f done And a couple of manual whitespace fixups.
2014-11-28 18:50:43 +01:00
if (r < 0)
return log_error_errno(r, "Failed to verify gid " GID_FMT ": %m", i->gid);
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
if (i->id_set_strict) {
sysusers: ensure GID in uid:gid syntax exists Ensure that the GID already exists or is created when the new "uid:gid" syntax is used. This ensures the behaviour is always predictable.
2018-01-25 12:50:14 +01:00
/* If we require the gid to already exist we can return here:
* r > 0: means the gid does not exist -> fail
* r == 0: means the gid exists -> nothing more to do.
*/
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
if (r > 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Failed to create %s: please create GID %d",
i->name, i->gid);
sysusers: ensure GID in uid:gid syntax exists Ensure that the GID already exists or is created when the new "uid:gid" syntax is used. This ensures the behaviour is always predictable.
2018-01-25 12:50:14 +01:00
if (r == 0)
return 0;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r == 0) {
log_debug("Suggested group ID " GID_FMT " for %s already used.", i->gid, i->name);
i->gid_set = false;
}
}
/* Try to reuse the numeric uid, if there's one */
if (!i->gid_set && i->uid_set) {
r = gid_is_ok((gid_t) i->uid);
treewide: yet more log_*_errno + return simplifications Using: find . -name '*.[ch]' | while read f; do perl -i.mmm -e \ 'local $/; local $_=<>; s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg; print;' $f done And a couple of manual whitespace fixups.
2014-11-28 18:50:43 +01:00
if (r < 0)
return log_error_errno(r, "Failed to verify gid " GID_FMT ": %m", i->gid);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r > 0) {
i->gid = (gid_t) i->uid;
i->gid_set = true;
}
}
/* If that didn't work, try to read it from the specified path */
if (!i->gid_set) {
gid_t c;
if (read_id_from_file(i, NULL, &c) > 0) {
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (c <= 0 || !uid_range_contains(uid_range, n_uid_range, c))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
log_debug("Group ID " GID_FMT " of file not suitable for %s.", c, i->name);
else {
r = gid_is_ok(c);
treewide: yet more log_*_errno + return simplifications Using: find . -name '*.[ch]' | while read f; do perl -i.mmm -e \ 'local $/; local $_=<>; s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg; print;' $f done And a couple of manual whitespace fixups.
2014-11-28 18:50:43 +01:00
if (r < 0)
return log_error_errno(r, "Failed to verify gid " GID_FMT ": %m", i->gid);
else if (r > 0) {
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
i->gid = c;
i->gid_set = true;
} else
log_debug("Group ID " GID_FMT " of file for %s already used.", c, i->name);
}
}
}
/* And if that didn't work either, let's try to find a free one */
if (!i->gid_set) {
sysusers: emit warnings about login.defs overrides on first user or group creation *** Running /home/zbyszek/src/systemd-work/test/test-sysusers/test-14.input (with login.defs symlinked) login.defs specifies UID allocation range 401–555 that is different than the built-in defaults (201–998) login.defs specifies GID allocation range 405–666 that is different than the built-in defaults (201–990)
2020-10-01 18:18:26 +02:00
maybe_emit_login_defs_warning();
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
for (;;) {
/* We look for new GIDs in the UID pool! */
r = uid_range_next_lower(uid_range, n_uid_range, &search_uid);
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (r < 0)
return log_error_errno(r, "No free group ID available for %s.", i->name);
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
r = gid_is_ok(search_uid);
treewide: yet more log_*_errno + return simplifications Using: find . -name '*.[ch]' | while read f; do perl -i.mmm -e \ 'local $/; local $_=<>; s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg; print;' $f done And a couple of manual whitespace fixups.
2014-11-28 18:50:43 +01:00
if (r < 0)
return log_error_errno(r, "Failed to verify gid " GID_FMT ": %m", i->gid);
else if (r > 0)
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
break;
}
i->gid_set = true;
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
i->gid = search_uid;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
r = ordered_hashmap_ensure_allocated(&todo_gids, NULL);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
return log_oom();
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
r = ordered_hashmap_put(todo_gids, GID_TO_PTR(i->gid), i);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
return log_oom();
sysusers: do not set todo to create a user when we only need a group
2014-06-13 03:26:41 +02:00
i->todo_group = true;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
log_info("Creating group %s with gid " GID_FMT ".", i->name, i->gid);
return 0;
}
static int process_item(Item *i) {
int r;
assert(i);
switch (i->type) {
sysusers: do not create duplicated groups when create users The commit e2c2060f7b3b11fa3cca8899d80963b7a05cc4ab introduces the issue #8315. Fixes #8315.
2018-03-01 19:27:34 +01:00
case ADD_USER: {
Item *j;
sysusers: support creating users with a specific primary group This extends the "uid:gid" syntax for "u" lines so that a group name can be given instead of a GID. This requires that the group is either queued for creation by sysusers, or it is already defined on the system. Closes #14340
2020-01-30 20:04:14 +01:00
j = ordered_hashmap_get(groups, i->group_name ?: i->name);
sysusers: do not create duplicated groups when create users The commit e2c2060f7b3b11fa3cca8899d80963b7a05cc4ab introduces the issue #8315. Fixes #8315.
2018-03-01 19:27:34 +01:00
if (j && j->todo_group) {
sysusers: support creating users with a specific primary group This extends the "uid:gid" syntax for "u" lines so that a group name can be given instead of a GID. This requires that the group is either queued for creation by sysusers, or it is already defined on the system. Closes #14340
2020-01-30 20:04:14 +01:00
/* When a group with the target name is already in queue,
sysusers: do not create duplicated groups when create users The commit e2c2060f7b3b11fa3cca8899d80963b7a05cc4ab introduces the issue #8315. Fixes #8315.
2018-03-01 19:27:34 +01:00
* use the information about the group and do not create
* duplicated group entry. */
i->gid_set = j->gid_set;
i->gid = j->gid;
i->id_set_strict = true;
sysusers: support creating users with a specific primary group This extends the "uid:gid" syntax for "u" lines so that a group name can be given instead of a GID. This requires that the group is either queued for creation by sysusers, or it is already defined on the system. Closes #14340
2020-01-30 20:04:14 +01:00
} else if (i->group_name) {
/* When a group name was given instead of a GID and it's
* not in queue, then it must already exist. */
r = get_gid_by_name(i->group_name, &i->gid);
if (r < 0)
return log_error_errno(r, "Group %s not found.", i->group_name);
i->gid_set = true;
i->id_set_strict = true;
sysusers: do not create duplicated groups when create users The commit e2c2060f7b3b11fa3cca8899d80963b7a05cc4ab introduces the issue #8315. Fixes #8315.
2018-03-01 19:27:34 +01:00
} else {
r = add_group(i);
if (r < 0)
return r;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return add_user(i);
sysusers: do not create duplicated groups when create users The commit e2c2060f7b3b11fa3cca8899d80963b7a05cc4ab introduces the issue #8315. Fixes #8315.
2018-03-01 19:27:34 +01:00
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: make ADD_GROUP always create a group Do not merge group creation with user creation because with the new uid:gid syntax this can result in confusing (and unwanted) behavior.
2018-01-24 11:46:10 +01:00
case ADD_GROUP:
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return add_group(i);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
default:
assert_not_reached("Unknown item type");
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
static Item* item_free(Item *i) {
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (!i)
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
return NULL;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
free(i->name);
sysusers: support creating users with a specific primary group This extends the "uid:gid" syntax for "u" lines so that a group name can be given instead of a GID. This requires that the group is either queued for creation by sysusers, or it is already defined on the system. Closes #14340
2020-01-30 20:04:14 +01:00
free(i->group_name);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
free(i->uid_path);
free(i->gid_path);
free(i->description);
sysusers: fix memleak (#4430) Fixes: ``` ==28075== 64 bytes in 1 blocks are definitely lost in loss record 2 of 3 ==28075== at 0x4C2BAEE: malloc (vg_replace_malloc.c:298) ==28075== by 0x4C2DCA1: realloc (vg_replace_malloc.c:785) ==28075== by 0x4ED40A2: greedy_realloc (alloc-util.c:57) ==28075== by 0x4E90F87: extract_first_word (extract-word.c:78) ==28075== by 0x4E91813: extract_many_words (extract-word.c:270) ==28075== by 0x10FE93: parse_line (sysusers.c:1325) ==28075== by 0x11198B: read_config_file (sysusers.c:1640) ==28075== by 0x111EB8: main (sysusers.c:1773) ==28075== ```
2016-10-20 20:23:32 +02:00
free(i->home);
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
free(i->shell);
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
return mfree(i);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
DEFINE_TRIVIAL_CLEANUP_FUNC(Item*, item_free);
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(item_hash_ops, char, string_hash_func, string_compare_func, Item, item_free);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
static int add_implicit(void) {
char *g, **l;
int r;
/* Implicitly create additional users and groups, if they were listed in "m" lines */
tree-wide: define iterator inside of the macro
2020-09-08 11:58:29 +02:00
ORDERED_HASHMAP_FOREACH_KEY(l, g, members) {
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
char **m;
sysusers: do not implicitly create group by 'm' if 'u' with the same name exists The commit e2c2060f7b3b11fa3cca8899d80963b7a05cc4ab makes 'm' lines disturb 'u' lines. This fixes the disturbance.
2018-03-01 23:38:28 +01:00
STRV_FOREACH(m, l)
if (!ordered_hashmap_get(users, *m)) {
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
_cleanup_(item_freep) Item *j = NULL;
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
r = ordered_hashmap_ensure_allocated(&users, &item_hash_ops);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
if (r < 0)
return log_oom();
j = new0(Item, 1);
if (!j)
return log_oom();
j->type = ADD_USER;
j->name = strdup(*m);
if (!j->name)
return log_oom();
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
r = ordered_hashmap_put(users, j->name, j);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
if (r < 0)
return log_oom();
log_debug("Adding implicit user '%s' due to m line", j->name);
j = NULL;
}
sysusers: do not implicitly create group by 'm' if 'u' with the same name exists The commit e2c2060f7b3b11fa3cca8899d80963b7a05cc4ab makes 'm' lines disturb 'u' lines. This fixes the disturbance.
2018-03-01 23:38:28 +01:00
if (!(ordered_hashmap_get(users, g) ||
ordered_hashmap_get(groups, g))) {
_cleanup_(item_freep) Item *j = NULL;
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
r = ordered_hashmap_ensure_allocated(&groups, &item_hash_ops);
sysusers: do not implicitly create group by 'm' if 'u' with the same name exists The commit e2c2060f7b3b11fa3cca8899d80963b7a05cc4ab makes 'm' lines disturb 'u' lines. This fixes the disturbance.
2018-03-01 23:38:28 +01:00
if (r < 0)
return log_oom();
j = new0(Item, 1);
if (!j)
return log_oom();
j->type = ADD_GROUP;
j->name = strdup(g);
if (!j->name)
return log_oom();
r = ordered_hashmap_put(groups, j->name, j);
if (r < 0)
return log_oom();
log_debug("Adding implicit group '%s' due to m line", j->name);
j = NULL;
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
}
}
return 0;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
static bool item_equal(Item *a, Item *b) {
assert(a);
assert(b);
if (a->type != b->type)
return false;
if (!streq_ptr(a->name, b->name))
return false;
if (!streq_ptr(a->uid_path, b->uid_path))
return false;
if (!streq_ptr(a->gid_path, b->gid_path))
return false;
if (!streq_ptr(a->description, b->description))
return false;
if (a->uid_set != b->uid_set)
return false;
if (a->uid_set && a->uid != b->uid)
return false;
if (a->gid_set != b->gid_set)
return false;
if (a->gid_set && a->gid != b->gid)
return false;
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
if (!streq_ptr(a->home, b->home))
return false;
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
if (!streq_ptr(a->shell, b->shell))
return false;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return true;
}
static int parse_line(const char *fname, unsigned line, const char *buffer) {
static const Specifier specifier_table[] = {
Add %l as specifier for the hostname without any domain component As described in #15603, it is a fairly common setup to use a fqdn as the configured hostname. But it is often convenient to use just the actual hostname, i.e. until the first dot. This adds support in tmpfiles, sysusers, and unit files for %l which expands to that. Fixes #15603.
2020-05-07 16:16:19 +02:00
{ 'm', specifier_machine_id, NULL },
{ 'b', specifier_boot_id, NULL },
{ 'H', specifier_host_name, NULL },
{ 'l', specifier_short_host_name, NULL },
{ 'v', specifier_kernel_release, NULL },
{ 'a', specifier_architecture, NULL },
{ 'o', specifier_os_id, NULL },
{ 'w', specifier_os_version_id, NULL },
{ 'B', specifier_os_build_id, NULL },
{ 'W', specifier_os_variant_id, NULL },
{ 'T', specifier_tmp_dir, NULL },
{ 'V', specifier_var_tmp_dir, NULL },
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
{}
};
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
_cleanup_free_ char *action = NULL,
*name = NULL, *resolved_name = NULL,
*id = NULL, *resolved_id = NULL,
sysusers: support specifier expansion for GECOS and home directory fields
2018-05-31 10:36:22 +02:00
*description = NULL, *resolved_description = NULL,
*home = NULL, *resolved_home = NULL,
sysusers: add missing initalizer I assume that this is the error causing the invalid free in https://bugzilla.redhat.com/show_bug.cgi?id=1670679.
2019-04-07 21:37:18 +02:00
*shell = NULL, *resolved_shell = NULL;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
_cleanup_(item_freep) Item *i = NULL;
Item *existing;
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
OrderedHashmap *h;
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
int r;
const char *p;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
assert(fname);
assert(line >= 1);
assert(buffer);
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
/* Parse columns */
p = buffer;
Rename EXTRACT_QUOTES to EXTRACT_UNQUOTE Whenever I see EXTRACT_QUOTES, I'm always confused whether it means to leave the quotes in or to take them out. Let's say "unquote", like we say "cunescape".
2019-06-28 11:15:05 +02:00
r = extract_many_words(&p, NULL, EXTRACT_UNQUOTE,
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
&action, &name, &id, &description, &home, &shell, NULL);
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (r < 0)
return log_error_errno(r, "[%s:%u] Syntax error.", fname, line);
if (r < 2)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"[%s:%u] Missing action and name columns.", fname, line);
if (!isempty(p))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"[%s:%u] Trailing garbage.", fname, line);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
/* Verify action */
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (strlen(action) != 1)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"[%s:%u] Unknown modifier '%s'", fname, line, action);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (!IN_SET(action[0], ADD_USER, ADD_GROUP, ADD_MEMBER, ADD_RANGE))
return log_error_errno(SYNTHETIC_ERRNO(EBADMSG),
"[%s:%u] Unknown command type '%c'.", fname, line, action[0]);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
/* Verify name */
tree-wide: introduce empty_or_dash() helper At quite a few places we check isempty() || streq(…, "-"), let's add a helper to simplify that, and replace that by a single function call.
2019-04-08 12:03:33 +02:00
if (empty_or_dash(name))
tree-wide: introduce mfree() Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-07-31 19:56:38 +02:00
name = mfree(name);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (name) {
r = specifier_printf(name, specifier_table, NULL, &resolved_name);
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (r < 0)
sysusers,tmpfiles: always mention error when failing to replace specifiers
2020-04-23 14:50:07 +02:00
return log_error_errno(r, "[%s:%u] Failed to replace specifiers in '%s': %m", fname, line, name);
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
user-util: rework how we validate user names This reworks the user validation infrastructure. There are now two modes. In regular mode we are strict and test against a strict set of valid chars. And in "relaxed" mode we just filter out some really obvious, dangerous stuff. i.e. strict is whitelisting what is OK, but "relaxed" is blacklisting what is really not OK. The idea is that we use strict mode whenver we allocate a new user (i.e. in sysusers.d or homed), while "relaxed" mode is when we process users registered elsewhere, (i.e. userdb, logind, …) The requirements on user name validity vary wildly. SSSD thinks its fine to embedd "@" for example, while the suggested NAME_REGEX field on Debian does not even allow uppercase chars… This effectively liberaralizes a lot what we expect from usernames. The code that warns about questionnable user names is now optional and only used at places such as unit file parsing, so that it doesn't show up on every userdb query, but only when processing configuration files that know better. Fixes: #15149 #15090
2020-04-04 12:23:02 +02:00
if (!valid_user_group_name(resolved_name, 0))
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"[%s:%u] '%s' is not a valid user or group name.",
fname, line, resolved_name);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
/* Verify id */
tree-wide: introduce empty_or_dash() helper At quite a few places we check isempty() || streq(…, "-"), let's add a helper to simplify that, and replace that by a single function call.
2019-04-08 12:03:33 +02:00
if (empty_or_dash(id))
tree-wide: introduce mfree() Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-07-31 19:56:38 +02:00
id = mfree(id);
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (id) {
r = specifier_printf(id, specifier_table, NULL, &resolved_id);
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (r < 0)
sysusers,tmpfiles: always mention error when failing to replace specifiers
2020-04-23 14:50:07 +02:00
return log_error_errno(r, "[%s:%u] Failed to replace specifiers in '%s': %m",
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
fname, line, name);
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
}
/* Verify description */
tree-wide: introduce empty_or_dash() helper At quite a few places we check isempty() || streq(…, "-"), let's add a helper to simplify that, and replace that by a single function call.
2019-04-08 12:03:33 +02:00
if (empty_or_dash(description))
tree-wide: introduce mfree() Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-07-31 19:56:38 +02:00
description = mfree(description);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (description) {
sysusers: support specifier expansion for GECOS and home directory fields
2018-05-31 10:36:22 +02:00
r = specifier_printf(description, specifier_table, NULL, &resolved_description);
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (r < 0)
sysusers,tmpfiles: always mention error when failing to replace specifiers
2020-04-23 14:50:07 +02:00
return log_error_errno(r, "[%s:%u] Failed to replace specifiers in '%s': %m",
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
fname, line, description);
sysusers: support specifier expansion for GECOS and home directory fields
2018-05-31 10:36:22 +02:00
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (!valid_gecos(resolved_description))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"[%s:%u] '%s' is not a valid GECOS field.",
fname, line, resolved_description);
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
}
/* Verify home */
tree-wide: introduce empty_or_dash() helper At quite a few places we check isempty() || streq(…, "-"), let's add a helper to simplify that, and replace that by a single function call.
2019-04-08 12:03:33 +02:00
if (empty_or_dash(home))
tree-wide: introduce mfree() Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-07-31 19:56:38 +02:00
home = mfree(home);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (home) {
sysusers: support specifier expansion for GECOS and home directory fields
2018-05-31 10:36:22 +02:00
r = specifier_printf(home, specifier_table, NULL, &resolved_home);
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (r < 0)
sysusers,tmpfiles: always mention error when failing to replace specifiers
2020-04-23 14:50:07 +02:00
return log_error_errno(r, "[%s:%u] Failed to replace specifiers in '%s': %m",
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
fname, line, home);
sysusers: support specifier expansion for GECOS and home directory fields
2018-05-31 10:36:22 +02:00
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (!valid_home(resolved_home))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"[%s:%u] '%s' is not a valid home directory field.",
fname, line, resolved_home);
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
}
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
/* Verify shell */
tree-wide: introduce empty_or_dash() helper At quite a few places we check isempty() || streq(…, "-"), let's add a helper to simplify that, and replace that by a single function call.
2019-04-08 12:03:33 +02:00
if (empty_or_dash(shell))
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
shell = mfree(shell);
if (shell) {
r = specifier_printf(shell, specifier_table, NULL, &resolved_shell);
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (r < 0)
sysusers,tmpfiles: always mention error when failing to replace specifiers
2020-04-23 14:50:07 +02:00
return log_error_errno(r, "[%s:%u] Failed to replace specifiers in '%s': %m",
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
fname, line, shell);
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (!valid_shell(resolved_shell))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"[%s:%u] '%s' is not a valid login shell field.",
fname, line, resolved_shell);
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
}
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
switch (action[0]) {
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
case ADD_RANGE:
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (resolved_name)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"[%s:%u] Lines of type 'r' don't take a name field.",
fname, line);
if (!resolved_id)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"[%s:%u] Lines of type 'r' require a ID range in the third field.",
fname, line);
if (description || home || shell)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"[%s:%u] Lines of type '%c' don't take a %s field.",
fname, line, action[0],
description ? "GECOS" : home ? "home directory" : "login shell");
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
r = uid_range_add_str(&uid_range, &n_uid_range, resolved_id);
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (r < 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"[%s:%u] Invalid UID range %s.", fname, line, resolved_id);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
return 0;
case ADD_MEMBER: {
/* Try to extend an existing member or group item */
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (!name)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"[%s:%u] Lines of type 'm' require a user name in the second field.",
fname, line);
if (!resolved_id)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"[%s:%u] Lines of type 'm' require a group name in the third field.",
fname, line);
user-util: rework how we validate user names This reworks the user validation infrastructure. There are now two modes. In regular mode we are strict and test against a strict set of valid chars. And in "relaxed" mode we just filter out some really obvious, dangerous stuff. i.e. strict is whitelisting what is OK, but "relaxed" is blacklisting what is really not OK. The idea is that we use strict mode whenver we allocate a new user (i.e. in sysusers.d or homed), while "relaxed" mode is when we process users registered elsewhere, (i.e. userdb, logind, …) The requirements on user name validity vary wildly. SSSD thinks its fine to embedd "@" for example, while the suggested NAME_REGEX field on Debian does not even allow uppercase chars… This effectively liberaralizes a lot what we expect from usernames. The code that warns about questionnable user names is now optional and only used at places such as unit file parsing, so that it doesn't show up on every userdb query, but only when processing configuration files that know better. Fixes: #15149 #15090
2020-04-04 12:23:02 +02:00
if (!valid_user_group_name(resolved_id, 0))
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"[%s:%u] '%s' is not a valid user or group name.",
fname, line, resolved_id);
if (description || home || shell)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"[%s:%u] Lines of type '%c' don't take a %s field.",
fname, line, action[0],
description ? "GECOS" : home ? "home directory" : "login shell");
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
sysusers,strv: export the hash ops to map char* → strv Also make string_strv_hashmap_put return 0 only if the entry already existed.
2019-03-28 17:28:48 +01:00
r = string_strv_ordered_hashmap_put(&members, resolved_id, resolved_name);
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
if (r < 0)
sysusers,strv: export the hash ops to map char* → strv Also make string_strv_hashmap_put return 0 only if the entry already existed.
2019-03-28 17:28:48 +01:00
return log_error_errno(r, "Failed to store mapping for %s: %m", resolved_id);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
return 0;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
case ADD_USER:
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (!name)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"[%s:%u] Lines of type 'u' require a user name in the second field.",
fname, line);
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
r = ordered_hashmap_ensure_allocated(&users, &item_hash_ops);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
if (r < 0)
return log_oom();
i = new0(Item, 1);
if (!i)
return log_oom();
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (resolved_id) {
if (path_is_absolute(resolved_id)) {
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
i->uid_path = TAKE_PTR(resolved_id);
path-util: introduce path_simplify() The function is similar to path_kill_slashes() but also removes initial './', trailing '/.', and '/./' in the path. When the second argument of path_simplify() is false, then it behaves as the same as path_kill_slashes(). Hence, this also replaces path_kill_slashes() with path_simplify().
2018-05-31 16:39:31 +02:00
path_simplify(i->uid_path, false);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
} else {
sysusers: allow uid:gid in sysusers.conf files This PR allows to write sysuser.conf lines like: ``` u games 5:60 - ``` This will create an a "games" user with uid 5 and games group with gid 60. This is arguable ugly, however it is required to represent certain configurations like the default passwd file on Debian and Ubuntu. When the ":" syntax is used and there is a group with the given gid already then no new group is created. This allows writing the following: ``` g unrelated 60 u games 5:60 - ``` which will create a "games" user with the uid 5 and the primary gid 60. No group games is created here (might be useful for [1]). [1] https://pagure.io/packaging-committee/issue/442
2018-01-23 19:53:08 +01:00
_cleanup_free_ char *uid = NULL, *gid = NULL;
if (split_pair(resolved_id, ":", &uid, &gid) == 0) {
r = parse_gid(gid, &i->gid);
sysusers: support creating users with a specific primary group This extends the "uid:gid" syntax for "u" lines so that a group name can be given instead of a GID. This requires that the group is either queued for creation by sysusers, or it is already defined on the system. Closes #14340
2020-01-30 20:04:14 +01:00
if (r < 0) {
user-util: rework how we validate user names This reworks the user validation infrastructure. There are now two modes. In regular mode we are strict and test against a strict set of valid chars. And in "relaxed" mode we just filter out some really obvious, dangerous stuff. i.e. strict is whitelisting what is OK, but "relaxed" is blacklisting what is really not OK. The idea is that we use strict mode whenver we allocate a new user (i.e. in sysusers.d or homed), while "relaxed" mode is when we process users registered elsewhere, (i.e. userdb, logind, …) The requirements on user name validity vary wildly. SSSD thinks its fine to embedd "@" for example, while the suggested NAME_REGEX field on Debian does not even allow uppercase chars… This effectively liberaralizes a lot what we expect from usernames. The code that warns about questionnable user names is now optional and only used at places such as unit file parsing, so that it doesn't show up on every userdb query, but only when processing configuration files that know better. Fixes: #15149 #15090
2020-04-04 12:23:02 +02:00
if (valid_user_group_name(gid, 0))
sysusers: support creating users with a specific primary group This extends the "uid:gid" syntax for "u" lines so that a group name can be given instead of a GID. This requires that the group is either queued for creation by sysusers, or it is already defined on the system. Closes #14340
2020-01-30 20:04:14 +01:00
i->group_name = TAKE_PTR(gid);
else
return log_error_errno(r, "Failed to parse GID: '%s': %m", id);
} else {
i->gid_set = true;
i->id_set_strict = true;
}
sysusers: allow uid:gid in sysusers.conf files This PR allows to write sysuser.conf lines like: ``` u games 5:60 - ``` This will create an a "games" user with uid 5 and games group with gid 60. This is arguable ugly, however it is required to represent certain configurations like the default passwd file on Debian and Ubuntu. When the ":" syntax is used and there is a group with the given gid already then no new group is created. This allows writing the following: ``` g unrelated 60 u games 5:60 - ``` which will create a "games" user with the uid 5 and the primary gid 60. No group games is created here (might be useful for [1]). [1] https://pagure.io/packaging-committee/issue/442
2018-01-23 19:53:08 +01:00
free_and_replace(resolved_id, uid);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
}
sysusers: support `u username -:300` style syntax (#8325) This PR implements the first part of RFE #8046. I.e. this allows to write: ``` u username -:300 ``` Where the uid is chosen automatically but the gid is fixed.
2018-03-02 12:56:44 +01:00
if (!streq(resolved_id, "-")) {
r = parse_uid(resolved_id, &i->uid);
if (r < 0)
return log_error_errno(r, "Failed to parse UID: '%s': %m", id);
i->uid_set = true;
}
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
}
}
sysusers: support specifier expansion for GECOS and home directory fields
2018-05-31 10:36:22 +02:00
i->description = TAKE_PTR(resolved_description);
i->home = TAKE_PTR(resolved_home);
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
i->shell = TAKE_PTR(resolved_shell);
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
h = users;
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
break;
case ADD_GROUP:
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (!name)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"[%s:%u] Lines of type 'g' require a user name in the second field.",
fname, line);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
sysusers: use return_error_errno() where possible
2019-04-07 22:00:11 +02:00
if (description || home || shell)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"[%s:%u] Lines of type '%c' don't take a %s field.",
fname, line, action[0],
description ? "GECOS" : home ? "home directory" : "login shell");
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
r = ordered_hashmap_ensure_allocated(&groups, &item_hash_ops);
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
if (r < 0)
return log_oom();
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
i = new0(Item, 1);
if (!i)
return log_oom();
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (resolved_id) {
if (path_is_absolute(resolved_id)) {
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
i->gid_path = TAKE_PTR(resolved_id);
path-util: introduce path_simplify() The function is similar to path_kill_slashes() but also removes initial './', trailing '/.', and '/./' in the path. When the second argument of path_simplify() is false, then it behaves as the same as path_kill_slashes(). Hence, this also replaces path_kill_slashes() with path_simplify().
2018-05-31 16:39:31 +02:00
path_simplify(i->gid_path, false);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
} else {
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
r = parse_gid(resolved_id, &i->gid);
sysusers: allow uid:gid in sysusers.conf files This PR allows to write sysuser.conf lines like: ``` u games 5:60 - ``` This will create an a "games" user with uid 5 and games group with gid 60. This is arguable ugly, however it is required to represent certain configurations like the default passwd file on Debian and Ubuntu. When the ":" syntax is used and there is a group with the given gid already then no new group is created. This allows writing the following: ``` g unrelated 60 u games 5:60 - ``` which will create a "games" user with the uid 5 and the primary gid 60. No group games is created here (might be useful for [1]). [1] https://pagure.io/packaging-committee/issue/442
2018-01-23 19:53:08 +01:00
if (r < 0)
return log_error_errno(r, "Failed to parse GID: '%s': %m", id);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
i->gid_set = true;
}
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
h = groups;
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
break;
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
sysusers: fix uninitialized warning
2014-07-06 13:33:38 +02:00
default:
return -EBADMSG;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
i->type = action[0];
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
i->name = TAKE_PTR(resolved_name);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
existing = ordered_hashmap_get(h, i->name);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (existing) {
/* Two identical items are fine */
if (!item_equal(existing, i))
log_warning("Two or more conflicting lines for %s configured, ignoring.", i->name);
return 0;
}
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
r = ordered_hashmap_put(h, i->name, i);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
if (r < 0)
return log_oom();
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
i = NULL;
return 0;
}
static int read_config_file(const char *fn, bool ignore_enoent) {
sysusers: optionally, read sysuers configuration from standard input
2014-08-19 02:14:32 +02:00
_cleanup_fclose_ FILE *rf = NULL;
FILE *f = NULL;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
unsigned v = 0;
sysusers: initialize r Needed for the stdin case where it could otherwise end up being used uninitialized.
2014-08-19 23:27:44 +02:00
int r = 0;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
assert(fn);
sysusers: optionally, read sysuers configuration from standard input
2014-08-19 02:14:32 +02:00
if (streq(fn, "-"))
f = stdin;
else {
Eliminate config_dirs vars which hold a static strv
2018-04-27 18:20:17 +02:00
r = search_and_fopen(fn, "re", arg_root, (const char**) CONF_PATHS_STRV("sysusers.d"), &rf);
sysusers: optionally, read sysuers configuration from standard input
2014-08-19 02:14:32 +02:00
if (r < 0) {
if (ignore_enoent && r == -ENOENT)
return 0;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
treewide: a few more log_*_errno + return simplifications The one in tmpfiles.c:create_item() even looks like it fixes a bug.
2014-11-28 19:13:53 +01:00
return log_error_errno(r, "Failed to open '%s', ignoring: %m", fn);
sysusers: optionally, read sysuers configuration from standard input
2014-08-19 02:14:32 +02:00
}
f = rf;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: FOREACH_LINE excorcism
2018-10-18 16:18:52 +02:00
for (;;) {
_cleanup_free_ char *line = NULL;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
char *l;
int k;
sysusers: FOREACH_LINE excorcism
2018-10-18 16:18:52 +02:00
k = read_line(f, LONG_LINE_MAX, &line);
if (k < 0)
return log_error_errno(k, "Failed to read '%s': %m", fn);
if (k == 0)
break;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
v++;
l = strstrip(line);
tree-wide: use IN_SET macro (#6977)
2017-10-04 16:01:32 +02:00
if (IN_SET(*l, 0, '#'))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
continue;
k = parse_line(fn, v, l);
if (k < 0 && r == 0)
r = k;
}
if (ferror(f)) {
treewide: use log_*_errno whenever %m is in the format string If the format string contains %m, clearly errno must have a meaningful value, so we might as well use log_*_errno to have ERRNO= logged. Using: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/' Plus some whitespace, linewrap, and indent adjustments.
2014-11-28 19:29:59 +01:00
log_error_errno(errno, "Failed to read from file %s: %m", fn);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r == 0)
r = -EIO;
}
return r;
}
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
static int cat_config(void) {
_cleanup_strv_free_ char **files = NULL;
int r;
Eliminate config_dirs vars which hold a static strv
2018-04-27 18:20:17 +02:00
r = conf_files_list_with_replacement(arg_root, CONF_PATHS_STRV("sysusers.d"), arg_replace, &files, NULL);
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
if (r < 0)
return r;
basic/pager: convert the pager options to a flags argument Pretty much everything uses just the first argument, and this doesn't make this common pattern more complicated, but makes it simpler to pass multiple options.
2018-11-11 12:56:29 +01:00
(void) pager_open(arg_pager_flags);
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands The output of these commands is really long, and already enriched with color. Let's add auto-paging to make this easier to digest.
2018-06-12 15:37:53 +02:00
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
return cat_files(NULL, files, 0);
}
tree-wide: add clickable man page link to all --help texts This is a bit like the info link in most of GNU's --help texts, but we don't do info but man pages, and we make them properly clickable on terminal supporting that, because awesome. I think it's generally advisable to link up our (brief) --help texts and our (more comprehensive) man pages a bit, so this should be an easy and straight-forward way to do it.
2018-08-09 10:32:31 +02:00
static int help(void) {
_cleanup_free_ char *link = NULL;
int r;
r = terminal_urlify_man("systemd-sysusers.service", "8", &link);
if (r < 0)
return log_oom();
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
"Creates system user accounts.\n\n"
" -h --help Show this help\n"
" --version Show package version\n"
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
" --cat-config Show configuration files\n"
Unify parse_argv style getopt is usually good at printing out a nice error message when commandline options are invalid. It distinguishes between an unknown option and a known option with a missing arg. It is better to let it do its job and not use opterr=0 unless we actually want to suppress messages. So remove opterr=0 in the few places where it wasn't really useful. When an error in options is encountered, we should not print a lengthy help() and overwhelm the user, when we know precisely what is wrong with the commandline. In addition, since help() prints to stdout, it should not be used except when requested with -h or --help. Also, simplify things here and there.
2014-08-02 17:12:21 +02:00
" --root=PATH Operate on an alternate filesystem root\n"
sysusers: add support for a --image= switch
2020-07-28 18:32:07 +02:00
" --image=PATH Operate on disk image as filesystem root\n"
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
" --replace=PATH Treat arguments as replacement for PATH\n"
sysusers: take configuration as positional arguments If the configuration is included in a script, this is more convient. I thought it would be possible to use this for rpm scriptlets with '%pre -p systemd-sysuser "..."', but apparently there is no way to pass arguments to the executable ($1 is used for the package installation count). But this functionality seems generally useful, e.g. for testing and one-off scripts, so let's keep it. There's a slight change in behaviour when files are given on the command line: if we cannot parse them, error out instead of ignoring the failure. When trying to parse all configuration files, we don't want to fail even if some config files are broken, but when parsing a list of items specified explicitly, we should. v2: - rename --direct to --inline
2018-01-29 14:47:01 +01:00
" --inline Treat arguments as configuration lines\n"
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands The output of these commands is really long, and already enriched with color. Let's add auto-paging to make this easier to digest.
2018-06-12 15:37:53 +02:00
" --no-pager Do not pipe output into a pager\n"
tree-wide: add clickable man page link to all --help texts This is a bit like the info link in most of GNU's --help texts, but we don't do info but man pages, and we make them properly clickable on terminal supporting that, because awesome. I think it's generally advisable to link up our (brief) --help texts and our (more comprehensive) man pages a bit, so this should be an easy and straight-forward way to do it.
2018-08-09 10:32:31 +02:00
"\nSee the %s for details.\n"
, program_invocation_short_name
, link
);
return 0;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
static int parse_argv(int argc, char *argv[]) {
enum {
ARG_VERSION = 0x100,
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
ARG_CAT_CONFIG,
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
ARG_ROOT,
sysusers: add support for a --image= switch
2020-07-28 18:32:07 +02:00
ARG_IMAGE,
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
ARG_REPLACE,
sysusers: take configuration as positional arguments If the configuration is included in a script, this is more convient. I thought it would be possible to use this for rpm scriptlets with '%pre -p systemd-sysuser "..."', but apparently there is no way to pass arguments to the executable ($1 is used for the package installation count). But this functionality seems generally useful, e.g. for testing and one-off scripts, so let's keep it. There's a slight change in behaviour when files are given on the command line: if we cannot parse them, error out instead of ignoring the failure. When trying to parse all configuration files, we don't want to fail even if some config files are broken, but when parsing a list of items specified explicitly, we should. v2: - rename --direct to --inline
2018-01-29 14:47:01 +01:00
ARG_INLINE,
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands The output of these commands is really long, and already enriched with color. Let's add auto-paging to make this easier to digest.
2018-06-12 15:37:53 +02:00
ARG_NO_PAGER,
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
};
static const struct option options[] = {
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
{ "help", no_argument, NULL, 'h' },
{ "version", no_argument, NULL, ARG_VERSION },
{ "cat-config", no_argument, NULL, ARG_CAT_CONFIG },
{ "root", required_argument, NULL, ARG_ROOT },
sysusers: add support for a --image= switch
2020-07-28 18:32:07 +02:00
{ "image", required_argument, NULL, ARG_IMAGE },
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
{ "replace", required_argument, NULL, ARG_REPLACE },
{ "inline", no_argument, NULL, ARG_INLINE },
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands The output of these commands is really long, and already enriched with color. Let's add auto-paging to make this easier to digest.
2018-06-12 15:37:53 +02:00
{ "no-pager", no_argument, NULL, ARG_NO_PAGER },
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
{}
};
util-lib: get_current_dir_name() can return errors other than ENOMEM get_current_dir_name() can return a variety of errors, not just ENOMEM, hence don't blindly turn its errors to ENOMEM, but return correct errors in path_make_absolute_cwd(). This trickles down into a couple of other functions, some of which receive unrelated minor fixes too with this commit.
2015-10-22 19:28:31 +02:00
int c, r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
assert(argc >= 0);
assert(argv);
Unify parse_argv style getopt is usually good at printing out a nice error message when commandline options are invalid. It distinguishes between an unknown option and a known option with a missing arg. It is better to let it do its job and not use opterr=0 unless we actually want to suppress messages. So remove opterr=0 in the few places where it wasn't really useful. When an error in options is encountered, we should not print a lengthy help() and overwhelm the user, when we know precisely what is wrong with the commandline. In addition, since help() prints to stdout, it should not be used except when requested with -h or --help. Also, simplify things here and there.
2014-08-02 17:12:21 +02:00
while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
switch (c) {
case 'h':
tree-wide: add clickable man page link to all --help texts This is a bit like the info link in most of GNU's --help texts, but we don't do info but man pages, and we make them properly clickable on terminal supporting that, because awesome. I think it's generally advisable to link up our (brief) --help texts and our (more comprehensive) man pages a bit, so this should be an easy and straight-forward way to do it.
2018-08-09 10:32:31 +02:00
return help();
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
case ARG_VERSION:
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
return version();
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
case ARG_CAT_CONFIG:
arg_cat_config = true;
break;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
case ARG_ROOT:
sysusers/tmpfiles: use --root=/ as way to force offline operation (i.e. without NSS)
2020-05-05 22:48:50 +02:00
r = parse_path_argument_and_warn(optarg, /* suppress_root= */ false, &arg_root);
util-lib: get_current_dir_name() can return errors other than ENOMEM get_current_dir_name() can return a variety of errors, not just ENOMEM, hence don't blindly turn its errors to ENOMEM, but return correct errors in path_make_absolute_cwd(). This trickles down into a couple of other functions, some of which receive unrelated minor fixes too with this commit.
2015-10-22 19:28:31 +02:00
if (r < 0)
path-util: unify how we process paths specified on the command line Let's introduce a common function that makes relative paths absolute and warns about any errors while doing so.
2015-10-22 19:54:29 +02:00
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
break;
sysusers: add support for a --image= switch
2020-07-28 18:32:07 +02:00
case ARG_IMAGE:
tmpfiles,sysusers: disable --image= support in standalone versions Fixes #17278.
2020-10-09 18:02:54 +02:00
#ifdef STANDALONE
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
"This systemd-sysusers version is compiled without support for --image=.");
#else
sysusers: add support for a --image= switch
2020-07-28 18:32:07 +02:00
r = parse_path_argument_and_warn(optarg, /* suppress_root= */ false, &arg_image);
if (r < 0)
return r;
break;
tmpfiles,sysusers: disable --image= support in standalone versions Fixes #17278.
2020-10-09 18:02:54 +02:00
#endif
sysusers: add support for a --image= switch
2020-07-28 18:32:07 +02:00
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
case ARG_REPLACE:
if (!path_is_absolute(optarg) ||
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
!endswith(optarg, ".conf"))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"The argument to --replace= must an absolute path to a config file");
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
arg_replace = optarg;
break;
sysusers: take configuration as positional arguments If the configuration is included in a script, this is more convient. I thought it would be possible to use this for rpm scriptlets with '%pre -p systemd-sysuser "..."', but apparently there is no way to pass arguments to the executable ($1 is used for the package installation count). But this functionality seems generally useful, e.g. for testing and one-off scripts, so let's keep it. There's a slight change in behaviour when files are given on the command line: if we cannot parse them, error out instead of ignoring the failure. When trying to parse all configuration files, we don't want to fail even if some config files are broken, but when parsing a list of items specified explicitly, we should. v2: - rename --direct to --inline
2018-01-29 14:47:01 +01:00
case ARG_INLINE:
arg_inline = true;
break;
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands The output of these commands is really long, and already enriched with color. Let's add auto-paging to make this easier to digest.
2018-06-12 15:37:53 +02:00
case ARG_NO_PAGER:
basic/pager: convert the pager options to a flags argument Pretty much everything uses just the first argument, and this doesn't make this common pattern more complicated, but makes it simpler to pass multiple options.
2018-11-11 12:56:29 +01:00
arg_pager_flags |= PAGER_DISABLE;
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands The output of these commands is really long, and already enriched with color. Let's add auto-paging to make this easier to digest.
2018-06-12 15:37:53 +02:00
break;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
case '?':
return -EINVAL;
default:
assert_not_reached("Unhandled option");
}
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
if (arg_replace && arg_cat_config)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Option --replace= is not supported with --cat-config");
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
if (arg_replace && optind >= argc)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"When --replace= is given, some configuration items must be specified");
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
sysusers: add support for a --image= switch
2020-07-28 18:32:07 +02:00
if (arg_image && arg_root)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Please specify either --root= or --image=, the combination of both is not supported.");
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return 1;
}
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
static int parse_arguments(char **args) {
char **arg;
unsigned pos = 1;
int r;
STRV_FOREACH(arg, args) {
if (arg_inline)
/* Use (argument):n, where n==1 for the first positional arg */
r = parse_line("(argument)", pos, *arg);
else
r = read_config_file(*arg, false);
if (r < 0)
return r;
pos++;
}
return 0;
}
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
static int read_config_files(char **args) {
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
_cleanup_strv_free_ char **files = NULL;
_cleanup_free_ char *p = NULL;
char **f;
int r;
Eliminate config_dirs vars which hold a static strv
2018-04-27 18:20:17 +02:00
r = conf_files_list_with_replacement(arg_root, CONF_PATHS_STRV("sysusers.d"), arg_replace, &files, &p);
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
if (r < 0)
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
return r;
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
STRV_FOREACH(f, files)
if (p && path_equal(*f, p)) {
log_debug("Parsing arguments at position \"%s\"", *f);
r = parse_arguments(args);
if (r < 0)
return r;
} else {
log_debug("Reading config file \"%s\"", *f);
/* Just warn, ignore result otherwise */
(void) read_config_file(*f, true);
}
return 0;
}
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
static int run(int argc, char *argv[]) {
tmpfiles,sysusers: disable --image= support in standalone versions Fixes #17278.
2020-10-09 18:02:54 +02:00
#ifndef STANDALONE
sysusers: add support for a --image= switch
2020-07-28 18:32:07 +02:00
_cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
_cleanup_(decrypted_image_unrefp) DecryptedImage *decrypted_image = NULL;
_cleanup_(umount_and_rmdir_and_freep) char *unlink_dir = NULL;
tmpfiles,sysusers: disable --image= support in standalone versions Fixes #17278.
2020-10-09 18:02:54 +02:00
#endif
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
_cleanup_close_ int lock = -1;
Item *i;
sysusers: use ordered_hashmap_steal_first_key_and_value()
2018-11-22 21:04:32 +01:00
int r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
r = parse_argv(argc, argv);
if (r <= 0)
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
log: introduce new helper call log_setup_service() Let's reduce the common boilerplate and have a single setup function used by all service code to setup logging.
2018-11-20 11:18:22 +01:00
log_setup_service();
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
if (arg_cat_config)
return cat_config();
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
umask(0022);
selinux: always try to load the full selinux db https://github.com/systemd/systemd/pull/2508#issuecomment-190901170 Maybe fixes https://bugzilla.redhat.com/show_bug.cgi?id=1308771.
2016-03-02 02:35:55 +01:00
r = mac_selinux_init();
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
if (r < 0)
Make failures of mac_selinux_init() fatal
2020-06-19 19:29:24 +02:00
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
tmpfiles,sysusers: disable --image= support in standalone versions Fixes #17278.
2020-10-09 18:02:54 +02:00
#ifndef STANDALONE
sysusers: add support for a --image= switch
2020-07-28 18:32:07 +02:00
if (arg_image) {
assert(!arg_root);
r = mount_image_privately_interactively(
arg_image,
DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_VALIDATE_OS|DISSECT_IMAGE_RELAX_VAR_CHECK|DISSECT_IMAGE_FSCK,
&unlink_dir,
&loop_device,
&decrypted_image);
if (r < 0)
return r;
arg_root = strdup(unlink_dir);
if (!arg_root)
return log_oom();
}
tmpfiles,sysusers: disable --image= support in standalone versions Fixes #17278.
2020-10-09 18:02:54 +02:00
#else
assert(!arg_image);
#endif
sysusers: add support for a --image= switch
2020-07-28 18:32:07 +02:00
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
/* If command line arguments are specified along with --replace, read all
* configuration files and insert the positional arguments at the specified
* place. Otherwise, if command line arguments are specified, execute just
* them, and finally, without --replace= or any positional arguments, just
* read configuration and execute it.
*/
if (arg_replace || optind >= argc)
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
r = read_config_files(argv + optind);
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
else
r = parse_arguments(argv + optind);
if (r < 0)
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
nss-systemd,sysusers: make sure sysusers doesn't get confused by nss-systemd (#6812) In nss-systemd we synthesize user entries for "nobody" and "root", as fallback if we boot up with an entirely empty /etc. This is supposed to be a fallback only though, and it's intended that both users exists regularly in /etc/passwd + /etc/group. Before this patch systemd-sysusers would never create the entries however as it notices the synthetic entries. Let's add a way how systemd-sysusers can tell nss-systemd not to synthesize the entries for itself. Fixes: #6808
2017-09-14 06:20:39 +02:00
/* Let's tell nss-systemd not to synthesize the "root" and "nobody" entries for it, so that our detection
* whether the names or UID/GID area already used otherwise doesn't get confused. After all, even though
* nss-systemd synthesizes these users/groups, they should still appear in /etc/passwd and /etc/group, as the
* synthesizing logic is merely supposed to be fallback for cases where we run with a completely unpopulated
* /etc. */
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
if (setenv("SYSTEMD_NSS_BYPASS_SYNTHETIC", "1", 1) < 0)
return log_error_errno(errno, "Failed to set SYSTEMD_NSS_BYPASS_SYNTHETIC environment variable: %m");
nss-systemd,sysusers: make sure sysusers doesn't get confused by nss-systemd (#6812) In nss-systemd we synthesize user entries for "nobody" and "root", as fallback if we boot up with an entirely empty /etc. This is supposed to be a fallback only though, and it's intended that both users exists regularly in /etc/passwd + /etc/group. Before this patch systemd-sysusers would never create the entries however as it notices the synthetic entries. Let's add a way how systemd-sysusers can tell nss-systemd not to synthesize the entries for itself. Fixes: #6808
2017-09-14 06:20:39 +02:00
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (!uid_range) {
sysusers: look at login.defs when setting the default range to allocate users Also, even if login.defs are not present, don't start allocating at 1, but at SYSTEM_UID_MIN. Fixes #9769. The test is adjusted. Actually, it was busted before, because sysusers would never use SYSTEM_GID_MIN, so if SYSTEM_GID_MIN was different than SYSTEM_UID_MIN, the tests would fail. On all "normal" systems the two are equal, so we didn't notice. Since sysusers now always uses the minimum of the two, we only need to substitute one value.
2020-09-25 17:16:06 +02:00
/* Default to default range of SYSTEMD_UID_MIN..SYSTEM_UID_MAX. */
sysusers: emit warnings about login.defs overrides on first user or group creation *** Running /home/zbyszek/src/systemd-work/test/test-sysusers/test-14.input (with login.defs symlinked) login.defs specifies UID allocation range 401–555 that is different than the built-in defaults (201–998) login.defs specifies GID allocation range 405–666 that is different than the built-in defaults (201–990)
2020-10-01 18:18:26 +02:00
r = read_login_defs(&login_defs, NULL, arg_root);
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
if (r < 0)
sysusers: look at login.defs when setting the default range to allocate users Also, even if login.defs are not present, don't start allocating at 1, but at SYSTEM_UID_MIN. Fixes #9769. The test is adjusted. Actually, it was busted before, because sysusers would never use SYSTEM_GID_MIN, so if SYSTEM_GID_MIN was different than SYSTEM_UID_MIN, the tests would fail. On all "normal" systems the two are equal, so we didn't notice. Since sysusers now always uses the minimum of the two, we only need to substitute one value.
2020-09-25 17:16:06 +02:00
return log_error_errno(r, "Failed to read %s%s: %m",
strempty(arg_root), "/etc/login.defs");
sysusers: emit warnings about login.defs overrides on first user or group creation *** Running /home/zbyszek/src/systemd-work/test/test-sysusers/test-14.input (with login.defs symlinked) login.defs specifies UID allocation range 401–555 that is different than the built-in defaults (201–998) login.defs specifies GID allocation range 405–666 that is different than the built-in defaults (201–990)
2020-10-01 18:18:26 +02:00
login_defs_need_warning = true;
sysusers: look at login.defs when setting the default range to allocate users Also, even if login.defs are not present, don't start allocating at 1, but at SYSTEM_UID_MIN. Fixes #9769. The test is adjusted. Actually, it was busted before, because sysusers would never use SYSTEM_GID_MIN, so if SYSTEM_GID_MIN was different than SYSTEM_UID_MIN, the tests would fail. On all "normal" systems the two are equal, so we didn't notice. Since sysusers now always uses the minimum of the two, we only need to substitute one value.
2020-09-25 17:16:06 +02:00
/* We pick a range that very conservative: we look at compiled-in maximum and the value in
* /etc/login.defs. That way the uids/gids which we allocate will be interpreted correctly,
* even if /etc/login.defs is removed later. (The bottom bound doesn't matter much, since
* it's only used during allocation, so we use the configured value directly). */
sysusers: emit warnings about login.defs overrides on first user or group creation *** Running /home/zbyszek/src/systemd-work/test/test-sysusers/test-14.input (with login.defs symlinked) login.defs specifies UID allocation range 401–555 that is different than the built-in defaults (201–998) login.defs specifies GID allocation range 405–666 that is different than the built-in defaults (201–990)
2020-10-01 18:18:26 +02:00
uid_t begin = login_defs.system_alloc_uid_min,
end = MIN3((uid_t) SYSTEM_UID_MAX, login_defs.system_uid_max, login_defs.system_gid_max);
sysusers: look at login.defs when setting the default range to allocate users Also, even if login.defs are not present, don't start allocating at 1, but at SYSTEM_UID_MIN. Fixes #9769. The test is adjusted. Actually, it was busted before, because sysusers would never use SYSTEM_GID_MIN, so if SYSTEM_GID_MIN was different than SYSTEM_UID_MIN, the tests would fail. On all "normal" systems the two are equal, so we didn't notice. Since sysusers now always uses the minimum of the two, we only need to substitute one value.
2020-09-25 17:16:06 +02:00
if (begin < end) {
r = uid_range_add(&uid_range, &n_uid_range, begin, end - begin + 1);
if (r < 0)
return log_oom();
}
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
}
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
r = add_implicit();
if (r < 0)
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
return r;
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
util-lib: move take_password_lock() to user-util.[ch] Also, rename it take_etc_passwd_lock(), in order to make it more expressive.
2015-10-26 19:08:09 +01:00
lock = take_etc_passwd_lock(arg_root);
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
if (lock < 0)
return log_error_errno(lock, "Failed to take /etc/passwd lock: %m");
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
r = load_user_database();
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
if (r < 0)
return log_error_errno(r, "Failed to load user database: %m");
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
r = load_group_database();
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
if (r < 0)
return log_error_errno(r, "Failed to read group database: %m");
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
tree-wide: define iterator inside of the macro
2020-09-08 11:58:29 +02:00
ORDERED_HASHMAP_FOREACH(i, groups)
sysusers: clarify that we knowingly ignore process_items() return values
2018-04-18 17:59:22 +02:00
(void) process_item(i);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
tree-wide: define iterator inside of the macro
2020-09-08 11:58:29 +02:00
ORDERED_HASHMAP_FOREACH(i, users)
sysusers: clarify that we knowingly ignore process_items() return values
2018-04-18 17:59:22 +02:00
(void) process_item(i);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
r = write_files();
if (r < 0)
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
return log_error_errno(r, "Failed to write files: %m");
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
return 0;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: define main through macro This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
2018-11-25 20:42:36 +01:00
DEFINE_MAIN_FUNCTION(run);
Reference in a new issue Copy permalink