sysusers: make group shadow support configurable

Some distros (openSUSE) don't have group shadow support enabled. This can lead to the following error: # systemd-sysusers Creating group foofoo with gid 478. # systemd-sysusers # groupdel foofoo # systemd-sysusers Creating group foofoo with gid 478. Failed to write files: File exists This patch adds --disable-gshadow option to configure. If used, systemd-sysvusers won't consider /etc/gshadow.
2017-05-09 14:02:37 +02:00 · 2017-05-09 14:02:37 +02:00 · b14e1b4394
parent b20b0b6606
commit b14e1b4394
4 changed files with 15 additions and 0 deletions
--- a/configure.ac
+++ b/configure.ac
@ -1092,6 +1092,11 @@ if test "x$enable_sysusers" != "xno"; then
 fi
 AM_CONDITIONAL(ENABLE_SYSUSERS, [test "$have_sysusers" = "yes"])

+AC_ARG_ENABLE(gshadow, AS_HELP_STRING([--disable-gshadow], [disable shadow group support]))
+AS_IF([test "x${enable_gshadow}" != "xno"], [
+        AC_DEFINE(ENABLE_GSHADOW, 1, [shadow group support is enabled])
+])
+
 # ------------------------------------------------------------------------------
 have_firstboot=no
 AC_ARG_ENABLE(firstboot, AS_HELP_STRING([--disable-firstboot], [disable firstboot support]))
--- a/meson.build
+++ b/meson.build
@ -988,6 +988,7 @@ foreach pair : [['utmp',          'HAVE_UTMP'],
                ['tpm',           'SD_BOOT_LOG_TPM'],
                ['ima',           'HAVE_IMA'],
                ['smack',         'HAVE_SMACK'],
+                ['gshadow',       'ENABLE_GSHADOW'],
               ]

        if get_option(pair[0])
@ -2473,6 +2474,7 @@ foreach tuple : [
        ['hibernate'],
        ['adm group',        get_option('adm-group')],
        ['wheel group',      get_option('wheel-group')],
+        ['gshadow'],
        ['debug hashmap'],
        ['debug mmap cache'],
 ]
--- a/meson_options.txt
+++ b/meson_options.txt
@ -146,6 +146,8 @@ option('dev-kvm-mode', type : 'string', value : '0660',
       description : '/dev/kvm access mode')
 option('default-kill-user-processes', type : 'boolean',
       description : 'the default value for KillUserProcesses= setting')
+option('gshadow', type : 'boolean',
+       description : 'support for shadow group')

 option('default-dnssec', type : 'combo',
       description : 'default DNSSEC mode',
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@ -292,6 +292,7 @@ static int putgrent_with_members(const struct group *gr, FILE *group) {
        return 0;
 }

+#ifdef ENABLE_GSHADOW
 static int putsgent_with_members(const struct sgrp *sg, FILE *gshadow) {
        char **a;

@ -341,6 +342,7 @@ static int putsgent_with_members(const struct sgrp *sg, FILE *gshadow) {

        return 0;
 }
+#endif

 static int sync_rights(FILE *from, FILE *to) {
        struct stat st;
@ -659,6 +661,7 @@ fail:
 }

 static int write_temporary_gshadow(const char * gshadow_path, FILE **tmpfile, char **tmpfile_path) {
+#ifdef ENABLE_GSHADOW
        _cleanup_fclose_ FILE *original = NULL, *gshadow = NULL;
        _cleanup_free_ char *gshadow_tmp = NULL;
        bool group_changed = false;
@ -740,6 +743,9 @@ static int write_temporary_gshadow(const char * gshadow_path, FILE **tmpfile, ch
 fail:
        unlink(gshadow_tmp);
        return r;
+#else
+        return 0;
+#endif
 }

 static int write_files(void) {