picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Systemd/src/sysusers/sysusers.c

2037 lines
65 KiB
C
Raw Normal View History

Add SPDX license identifiers to source files under the LGPL This follows what the kernel is doing, c.f. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
2017-11-18 17:09:20 +01:00
/* SPDX-License-Identifier: LGPL-2.1+ */
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include <getopt.h>
sysusers: don't allow user names longer than UT_NAMESIZE As pointed out by Miloslav Trmač it might be a good idea to make sure that usernames stay with in the utmp-defined limits.
2014-07-09 19:20:58 +02:00
#include <utmp.h>
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
util-lib: split out allocation calls into alloc-util.[ch]
2015-10-27 03:01:06 +01:00
#include "alloc-util.h"
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
#include "conf-files.h"
#include "copy.h"
util-lib: move CONF_DIRS_NULSTR definition to def.h After all, this is not some compiler or C magic, but something very specific to how systemd works, hence let's move it into def.h, and out of macro.h
2015-11-03 12:26:12 +01:00
#include "def.h"
#include "fd-util.h"
util-lib: don't include fileio.h from fileio-label.h There's no reason for doing that, hence simply don't.
2018-11-30 21:07:21 +01:00
#include "fileio.h"
Rename formats-util.h to format-util.h We don't have plural in the name of any other -util files and this inconsistency trips me up every time I try to type this file name from memory. "formats-util" is even hard to pronounce.
2016-11-07 16:14:59 +01:00
#include "format-util.h"
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands The output of these commands is really long, and already enriched with color. Let's add auto-paging to make this easier to digest.
2018-06-12 15:37:53 +02:00
#include "fs-util.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "hashmap.h"
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands The output of these commands is really long, and already enriched with color. Let's add auto-paging to make this easier to digest.
2018-06-12 15:37:53 +02:00
#include "pager.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "path-util.h"
Split out pretty-print.c and move pager.c and main-func.h to shared/ This is high-level functionality, and fits better in shared/ (which is for our executables), than in basic/ (which is also for libraries).
2018-11-20 15:42:57 +01:00
#include "pretty-print.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "selinux-util.h"
util-lib: split our string related calls from util.[ch] into its own file string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
2015-10-24 22:58:24 +02:00
#include "smack-util.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "specifier.h"
util-lib: split our string related calls from util.[ch] into its own file string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
2015-10-24 22:58:24 +02:00
#include "string-util.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "strv.h"
util-lib: split out all temporary file related calls into tmpfiles-util.c This splits out a bunch of functions from fileio.c that have to do with temporary files. Simply to make the header files a bit shorter, and to group things more nicely. No code changes, just some rearranging of source files.
2018-11-30 21:05:27 +01:00
#include "tmpfile-util-label.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "uid-range.h"
util-lib: move CONF_DIRS_NULSTR definition to def.h After all, this is not some compiler or C magic, but something very specific to how systemd works, hence let's move it into def.h, and out of macro.h
2015-11-03 12:26:12 +01:00
#include "user-util.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "utf8.h"
#include "util.h"
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
typedef enum ItemType {
ADD_USER = 'u',
ADD_GROUP = 'g',
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
ADD_MEMBER = 'm',
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
ADD_RANGE = 'r',
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
} ItemType;
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands The output of these commands is really long, and already enriched with color. Let's add auto-paging to make this easier to digest.
2018-06-12 15:37:53 +02:00
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
typedef struct Item {
ItemType type;
char *name;
char *uid_path;
char *gid_path;
char *description;
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
char *home;
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
char *shell;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
gid_t gid;
uid_t uid;
bool gid_set:1;
sysusers: use the usual comment style
2018-02-02 10:35:21 +01:00
/* When set the group with the specified gid must exist
* and the check if a uid clashes with the gid is skipped.
*/
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
bool id_set_strict:1;
sysusers: use the usual comment style
2018-02-02 10:35:21 +01:00
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
bool uid_set:1;
sysusers: do not set todo to create a user when we only need a group
2014-06-13 03:26:41 +02:00
bool todo_user:1;
bool todo_group:1;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
} Item;
static char *arg_root = NULL;
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
static bool arg_cat_config = false;
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
static const char *arg_replace = NULL;
sysusers: take configuration as positional arguments If the configuration is included in a script, this is more convient. I thought it would be possible to use this for rpm scriptlets with '%pre -p systemd-sysuser "..."', but apparently there is no way to pass arguments to the executable ($1 is used for the package installation count). But this functionality seems generally useful, e.g. for testing and one-off scripts, so let's keep it. There's a slight change in behaviour when files are given on the command line: if we cannot parse them, error out instead of ignoring the failure. When trying to parse all configuration files, we don't want to fail even if some config files are broken, but when parsing a list of items specified explicitly, we should. v2: - rename --direct to --inline
2018-01-29 14:47:01 +01:00
static bool arg_inline = false;
basic/pager: convert the pager options to a flags argument Pretty much everything uses just the first argument, and this doesn't make this common pattern more complicated, but makes it simpler to pass multiple options.
2018-11-11 12:56:29 +01:00
static PagerFlags arg_pager_flags = 0;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
static OrderedHashmap *users = NULL, *groups = NULL;
static OrderedHashmap *todo_uids = NULL, *todo_gids = NULL;
static OrderedHashmap *members = NULL;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
static Hashmap *database_uid = NULL, *database_user = NULL;
static Hashmap *database_gid = NULL, *database_group = NULL;
treewide: introduce UID_INVALID (and friends) as macro for (uid_t) -1
2014-11-28 20:51:01 +01:00
static uid_t search_uid = UID_INVALID;
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
static UidRange *uid_range = NULL;
static unsigned n_uid_range = 0;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
static int load_user_database(void) {
_cleanup_fclose_ FILE *f = NULL;
const char *passwd_path;
struct passwd *pw;
int r;
util: add generic calls for prefixing a root directory to a path So far a number of utilities implemented their own calls for this, unify them in prefix_root() and prefix_roota(). The former uses heap memory, the latter allocates from the stack via alloca(). Port over most users of a --root= logic.
2015-05-13 17:42:10 +02:00
passwd_path = prefix_roota(arg_root, "/etc/passwd");
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
f = fopen(passwd_path, "re");
if (!f)
return errno == ENOENT ? 0 : -errno;
hashmap: introduce hash_ops to make struct Hashmap smaller It is redundant to store 'hash' and 'compare' function pointers in struct Hashmap separately. The functions always comprise a pair. Store a single pointer to struct hash_ops instead. systemd keeps hundreds of hashmaps, so this saves a little bit of memory.
2014-08-13 01:00:18 +02:00
r = hashmap_ensure_allocated(&database_user, &string_hash_ops);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
return r;
hashmap: introduce hash_ops to make struct Hashmap smaller It is redundant to store 'hash' and 'compare' function pointers in struct Hashmap separately. The functions always comprise a pair. Store a single pointer to struct hash_ops instead. systemd keeps hundreds of hashmaps, so this saves a little bit of memory.
2014-08-13 01:00:18 +02:00
r = hashmap_ensure_allocated(&database_uid, NULL);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
return r;
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
while ((r = fgetpwent_sane(f, &pw)) > 0) {
sysusers: fix memory leak when /etc/passwd contains multiple identical lines Fixes: #8718
2018-04-18 17:58:53 +02:00
char *n;
sysusers: use uniform order for variables Follow-up for 43e948eea6.
2018-04-20 11:14:41 +02:00
int k, q;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
n = strdup(pw->pw_name);
if (!n)
return -ENOMEM;
k = hashmap_put(database_user, n, UID_TO_PTR(pw->pw_uid));
if (k < 0 && k != -EEXIST) {
free(n);
return k;
}
q = hashmap_put(database_uid, UID_TO_PTR(pw->pw_uid), n);
if (q < 0 && q != -EEXIST) {
sysusers: fix memory leak when /etc/passwd contains multiple identical lines Fixes: #8718
2018-04-18 17:58:53 +02:00
if (k <= 0)
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
free(n);
return q;
}
sysusers: use uniform order for variables Follow-up for 43e948eea6.
2018-04-20 11:14:41 +02:00
if (k <= 0 && q <= 0)
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
free(n);
}
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
static int load_group_database(void) {
_cleanup_fclose_ FILE *f = NULL;
const char *group_path;
struct group *gr;
int r;
util: add generic calls for prefixing a root directory to a path So far a number of utilities implemented their own calls for this, unify them in prefix_root() and prefix_roota(). The former uses heap memory, the latter allocates from the stack via alloca(). Port over most users of a --root= logic.
2015-05-13 17:42:10 +02:00
group_path = prefix_roota(arg_root, "/etc/group");
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
f = fopen(group_path, "re");
if (!f)
return errno == ENOENT ? 0 : -errno;
hashmap: introduce hash_ops to make struct Hashmap smaller It is redundant to store 'hash' and 'compare' function pointers in struct Hashmap separately. The functions always comprise a pair. Store a single pointer to struct hash_ops instead. systemd keeps hundreds of hashmaps, so this saves a little bit of memory.
2014-08-13 01:00:18 +02:00
r = hashmap_ensure_allocated(&database_group, &string_hash_ops);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
return r;
hashmap: introduce hash_ops to make struct Hashmap smaller It is redundant to store 'hash' and 'compare' function pointers in struct Hashmap separately. The functions always comprise a pair. Store a single pointer to struct hash_ops instead. systemd keeps hundreds of hashmaps, so this saves a little bit of memory.
2014-08-13 01:00:18 +02:00
r = hashmap_ensure_allocated(&database_gid, NULL);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
return r;
errno = 0;
while ((gr = fgetgrent(f))) {
char *n;
int k, q;
n = strdup(gr->gr_name);
if (!n)
return -ENOMEM;
k = hashmap_put(database_group, n, GID_TO_PTR(gr->gr_gid));
if (k < 0 && k != -EEXIST) {
free(n);
return k;
}
q = hashmap_put(database_gid, GID_TO_PTR(gr->gr_gid), n);
if (q < 0 && q != -EEXIST) {
sysusers: fix memory leak when /etc/passwd contains multiple identical lines Fixes: #8718
2018-04-18 17:58:53 +02:00
if (k <= 0)
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
free(n);
return q;
}
sysusers: use uniform order for variables Follow-up for 43e948eea6.
2018-04-20 11:14:41 +02:00
if (k <= 0 && q <= 0)
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
free(n);
errno = 0;
}
if (!IN_SET(errno, 0, ENOENT))
return -errno;
return 0;
}
sysusers: fix selinux context of backup files Also, fix fopen_temporary_label to set proper context. By chance, all users so far used the same context, so the error didn't matter. Also, check return value from label_init(). https://bugzilla.redhat.com/show_bug.cgi?id=1121806
2014-07-22 02:41:19 +02:00
static int make_backup(const char *target, const char *x) {
_cleanup_close_ int src = -1;
_cleanup_fclose_ FILE *dst = NULL;
sysusers: fix memleak (#4443) Fixes: Oct 20 09:10:49 systemd-sysusers[144]: Direct leak of 20 byte(s) in 1 object(s) allocated from: Oct 20 09:10:49 systemd-sysusers[144]: #0 0x7f3565a13e60 in malloc (/lib64/libasan.so.3+0xc6e60) Oct 20 09:10:49 systemd-sysusers[144]: #1 0x7f3565526bd0 in malloc_multiply src/basic/alloc-util.h:70 Oct 20 09:10:49 systemd-sysusers[144]: #2 0x7f356552cb55 in tempfn_xxxxxx src/basic/fileio.c:1116 Oct 20 09:10:49 systemd-sysusers[144]: #3 0x7f356552c4f0 in fopen_temporary src/basic/fileio.c:1042 Oct 20 09:10:49 systemd-sysusers[144]: #4 0x7f356555e00e in fopen_temporary_label src/basic/fileio-label.c:63 Oct 20 09:10:49 systemd-sysusers[144]: #5 0x56197c4a1766 in make_backup src/sysusers/sysusers.c:209 Oct 20 09:10:49 systemd-sysusers[144]: #6 0x56197c4a6335 in write_files src/sysusers/sysusers.c:710 Oct 20 09:10:49 systemd-sysusers[144]: #7 0x56197c4ae571 in main src/sysusers/sysusers.c:1817 Oct 20 09:10:49 systemd-sysusers[144]: #8 0x7f3564dee730 in __libc_start_main (/lib64/libc.so.6+0x20730)
2016-10-21 12:30:45 +02:00
_cleanup_free_ char *temp = NULL;
char *backup;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
struct timespec ts[2];
struct stat st;
int r;
src = open(x, O_RDONLY|O_CLOEXEC|O_NOCTTY);
if (src < 0) {
if (errno == ENOENT) /* No backup necessary... */
return 0;
return -errno;
}
if (fstat(src, &st) < 0)
return -errno;
sysusers: fix selinux context of backup files Also, fix fopen_temporary_label to set proper context. By chance, all users so far used the same context, so the error didn't matter. Also, check return value from label_init(). https://bugzilla.redhat.com/show_bug.cgi?id=1121806
2014-07-22 02:41:19 +02:00
r = fopen_temporary_label(target, x, &dst, &temp);
if (r < 0)
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
copy: change the various copy_xyz() calls to take a unified flags parameter This adds a unified "copy_flags" parameter to all copy_xyz() function calls, replacing the various boolean flags so far used. This should make many invocations more readable as it is clear what behaviour is precisely requested. This also prepares ground for adding support for more modes later on.
2017-02-13 19:00:22 +01:00
r = copy_bytes(src, fileno(dst), (uint64_t) -1, COPY_REFLINK);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
goto fail;
sysusers: fix selinux context of backup files Also, fix fopen_temporary_label to set proper context. By chance, all users so far used the same context, so the error didn't matter. Also, check return value from label_init(). https://bugzilla.redhat.com/show_bug.cgi?id=1121806
2014-07-22 02:41:19 +02:00
/* Don't fail on chmod() or chown(). If it stays owned by us
* and/or unreadable by others, then it isn't too bad... */
util: rework strappenda(), and rename it strjoina() After all it is now much more like strjoin() than strappend(). At the same time, add support for NULL sentinels, even if they are normally not necessary.
2015-02-03 02:05:59 +01:00
backup = strjoina(x, "-");
sysusers: fix selinux context of backup files Also, fix fopen_temporary_label to set proper context. By chance, all users so far used the same context, so the error didn't matter. Also, check return value from label_init(). https://bugzilla.redhat.com/show_bug.cgi?id=1121806
2014-07-22 02:41:19 +02:00
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
/* Copy over the access mask */
sysusers: use fchmod_and_chown()
2018-06-14 04:39:55 +02:00
r = fchmod_and_chown(fileno(dst), st.st_mode & 07777, st.st_uid, st.st_gid);
if (r < 0)
log_warning_errno(r, "Failed to change access mode or ownership of %s: %m", backup);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
ts[0] = st.st_atim;
ts[1] = st.st_mtim;
sysusers: be nice and print a warning if futimens() fails CID# 1251163
2014-11-07 16:34:37 +01:00
if (futimens(fileno(dst), ts) < 0)
treewide: use log_*_errno whenever %m is in the format string If the format string contains %m, clearly errno must have a meaningful value, so we might as well use log_*_errno to have ERRNO= logged. Using: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/' Plus some whitespace, linewrap, and indent adjustments.
2014-11-28 19:29:59 +01:00
log_warning_errno(errno, "Failed to fix access and modification time of %s: %m", backup);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
"Don't fear the fsync()" For files which are vital to boot 1. Avoid opening any window where power loss will zero them out or worse. I know app developers all coded to the ext3 implementation, but the only formal documentation we have says we're broken if we actually rely on it. E.g. * `man mount`, search for `auto_da_alloc`. * http://www.linux-mtd.infradead.org/faq/ubifs.html#L_atomic_change * https://thunk.org/tytso/blog/2009/03/15/dont-fear-the-fsync/ 2. If we tell the kernel we're interested in writing them to disk, it will tell us if that fails. So at minimum, this means we play our part in notifying the user about errors. I refactored error-handling in `udevadm-hwdb` a little. It turns out I did exactly the same as had already been done in the `systemd-hwdb` version, i.e. commit d702dcd.
2017-08-17 18:09:44 +02:00
r = fflush_sync_and_check(dst);
if (r < 0)
goto fail;
if (rename(temp, backup) < 0) {
r = -errno;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
goto fail;
"Don't fear the fsync()" For files which are vital to boot 1. Avoid opening any window where power loss will zero them out or worse. I know app developers all coded to the ext3 implementation, but the only formal documentation we have says we're broken if we actually rely on it. E.g. * `man mount`, search for `auto_da_alloc`. * http://www.linux-mtd.infradead.org/faq/ubifs.html#L_atomic_change * https://thunk.org/tytso/blog/2009/03/15/dont-fear-the-fsync/ 2. If we tell the kernel we're interested in writing them to disk, it will tell us if that fails. So at minimum, this means we play our part in notifying the user about errors. I refactored error-handling in `udevadm-hwdb` a little. It turns out I did exactly the same as had already been done in the `systemd-hwdb` version, i.e. commit d702dcd.
2017-08-17 18:09:44 +02:00
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return 0;
fail:
unlink(temp);
return r;
}
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
static int putgrent_with_members(const struct group *gr, FILE *group) {
char **a;
assert(gr);
assert(group);
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
a = ordered_hashmap_get(members, gr->gr_name);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
if (a) {
_cleanup_strv_free_ char **l = NULL;
bool added = false;
char **i;
l = strv_copy(gr->gr_mem);
if (!l)
return -ENOMEM;
STRV_FOREACH(i, a) {
if (strv_find(l, *i))
continue;
if (strv_extend(&l, *i) < 0)
return -ENOMEM;
added = true;
}
if (added) {
struct group t;
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
int r;
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
strv_uniq(l);
strv_sort(l);
t = *gr;
t.gr_mem = l;
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = putgrent_sane(&t, group);
return r < 0 ? r : 1;
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
}
}
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
return putgrent_sane(gr, group);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
}
build-sys: use #if Y instead of #ifdef Y everywhere The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-10-03 10:41:51 +02:00
#if ENABLE_GSHADOW
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
static int putsgent_with_members(const struct sgrp *sg, FILE *gshadow) {
char **a;
assert(sg);
assert(gshadow);
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
a = ordered_hashmap_get(members, sg->sg_namp);
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
if (a) {
_cleanup_strv_free_ char **l = NULL;
bool added = false;
char **i;
l = strv_copy(sg->sg_mem);
if (!l)
return -ENOMEM;
STRV_FOREACH(i, a) {
if (strv_find(l, *i))
continue;
if (strv_extend(&l, *i) < 0)
return -ENOMEM;
added = true;
}
if (added) {
struct sgrp t;
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
int r;
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
strv_uniq(l);
strv_sort(l);
t = *sg;
t.sg_mem = l;
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = putsgent_sane(&t, gshadow);
return r < 0 ? r : 1;
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
}
}
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
return putsgent_sane(sg, gshadow);
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
}
sysusers: make group shadow support configurable Some distros (openSUSE) don't have group shadow support enabled. This can lead to the following error: # systemd-sysusers Creating group foofoo with gid 478. # systemd-sysusers # groupdel foofoo # systemd-sysusers Creating group foofoo with gid 478. Failed to write files: File exists This patch adds --disable-gshadow option to configure. If used, systemd-sysvusers won't consider /etc/gshadow.
2017-05-09 14:02:37 +02:00
#endif
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
sysuser: simplify access mode syncing by introducing helper function for it
2014-11-11 18:12:40 +01:00
static int sync_rights(FILE *from, FILE *to) {
struct stat st;
if (fstat(fileno(from), &st) < 0)
return -errno;
sysusers: use fchmod_and_chown()
2018-06-14 04:39:55 +02:00
return fchmod_and_chown(fileno(to), st.st_mode & 07777, st.st_uid, st.st_gid);
sysuser: simplify access mode syncing by introducing helper function for it
2014-11-11 18:12:40 +01:00
}
smack: label /etc/passwd and friends as '_' smack label when --with-smack-run-label' is enabled systemd-sysusers.service unit creates system users and groups and it could update /etc/passwd, /etc/group, /etc/shadow and /etc/gshadow. Those files should have '_' smack label because of accessibility. However, if systemd has its own smack label using '--with-smack-run-label' configuration, systemd-sysusers process spawned by systemd(pid:1) has its parent smack label and eventually updated files also is set as its parent smack label. This patch fixes that bug by labeling updated files as '_' smack label when --with-smack-run-label' is enabled.
2015-10-06 12:08:16 +02:00
static int rename_and_apply_smack(const char *temp_path, const char *dest_path) {
int r = 0;
if (rename(temp_path, dest_path) < 0)
return -errno;
#ifdef SMACK_RUN_LABEL
r = mac_smack_apply(dest_path, SMACK_ATTR_ACCESS, SMACK_FLOOR_LABEL);
if (r < 0)
return r;
#endif
return r;
}
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
static const char* default_shell(uid_t uid) {
return uid == 0 ? "/bin/sh" : "/sbin/nologin";
}
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
static int write_temporary_passwd(const char *passwd_path, FILE **tmpfile, char **tmpfile_path) {
_cleanup_fclose_ FILE *original = NULL, *passwd = NULL;
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
_cleanup_(unlink_and_freep) char *passwd_tmp = NULL;
sysusers: do not append entries after the NIS ones The NIS-catchall entry switches from files to NIS lookup and never goes back, so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup} entries don't have to be). That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally works. It's age-old historic behaviour that the NIS entry must be the last one. It doesn't seem to be specified somewhere, but it worked like this since very early SunOS when NIS was first included. Fixes: #8467
2018-03-15 18:46:28 +01:00
struct passwd *pw = NULL;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
Iterator iterator;
Item *i;
int r;
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
if (ordered_hashmap_size(todo_uids) == 0)
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
return 0;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
r = fopen_temporary_label("/etc/passwd", passwd_path, &passwd, &passwd_tmp);
if (r < 0)
return r;
original = fopen(passwd_path, "re");
if (original) {
r = sync_rights(original, passwd);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
while ((r = fgetpwent_sane(original, &pw)) > 0) {
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
i = ordered_hashmap_get(users, pw->pw_name);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (i && i->todo_user) {
log_error("%s: User \"%s\" already exists.", passwd_path, pw->pw_name);
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return -EEXIST;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
sysusers: Preserve ownership and mode on /etc/passwd and friends When running sysusers we would clobber file ownership and permissions on the files /etc/passwd, /etc/group and /etc/[g]shadow. This simply preserves the ownership and mode if existing files are found.
2014-10-29 15:03:41 +01:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
if (ordered_hashmap_contains(todo_uids, UID_TO_PTR(pw->pw_uid))) {
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
log_error("%s: Detected collision for UID " UID_FMT ".", passwd_path, pw->pw_uid);
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return -EEXIST;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
sysusers: do not append entries after the NIS ones The NIS-catchall entry switches from files to NIS lookup and never goes back, so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup} entries don't have to be). That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally works. It's age-old historic behaviour that the NIS entry must be the last one. It doesn't seem to be specified somewhere, but it worked like this since very early SunOS when NIS was first included. Fixes: #8467
2018-03-15 18:46:28 +01:00
/* Make sure we keep the NIS entries (if any) at the end. */
if (IN_SET(pw->pw_name[0], '+', '-'))
break;
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = putpwent_sane(pw, passwd);
if (r < 0)
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
if (r < 0)
return r;
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
} else {
if (errno != ENOENT)
return -errno;
if (fchmod(fileno(passwd), 0644) < 0)
return -errno;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
ORDERED_HASHMAP_FOREACH(i, todo_uids, iterator) {
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
struct passwd n = {
.pw_name = i->name,
.pw_uid = i->uid,
.pw_gid = i->gid,
.pw_gecos = i->description,
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
/* "x" means the password is stored in the shadow file */
.pw_passwd = (char*) "x",
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
/* We default to the root directory as home */
.pw_dir = i->home ? i->home : (char*) "/",
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
/* Initialize the shell to nologin, with one exception:
* for root we patch in something special */
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
.pw_shell = i->shell ?: (char*) default_shell(i->uid),
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
};
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = putpwent_sane(&n, passwd);
if (r < 0)
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
sysusers: do not append entries after the NIS ones The NIS-catchall entry switches from files to NIS lookup and never goes back, so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup} entries don't have to be). That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally works. It's age-old historic behaviour that the NIS entry must be the last one. It doesn't seem to be specified somewhere, but it worked like this since very early SunOS when NIS was first included. Fixes: #8467
2018-03-15 18:46:28 +01:00
/* Append the remaining NIS entries if any */
while (pw) {
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = putpwent_sane(pw, passwd);
if (r < 0)
return r;
sysusers: do not append entries after the NIS ones The NIS-catchall entry switches from files to NIS lookup and never goes back, so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup} entries don't have to be). That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally works. It's age-old historic behaviour that the NIS entry must be the last one. It doesn't seem to be specified somewhere, but it worked like this since very early SunOS when NIS was first included. Fixes: #8467
2018-03-15 18:46:28 +01:00
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = fgetpwent_sane(original, &pw);
if (r < 0)
return r;
if (r == 0)
break;
sysusers: do not append entries after the NIS ones The NIS-catchall entry switches from files to NIS lookup and never goes back, so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup} entries don't have to be). That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally works. It's age-old historic behaviour that the NIS entry must be the last one. It doesn't seem to be specified somewhere, but it worked like this since very early SunOS when NIS was first included. Fixes: #8467
2018-03-15 18:46:28 +01:00
}
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
r = fflush_and_check(passwd);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
*tmpfile = TAKE_PTR(passwd);
*tmpfile_path = TAKE_PTR(passwd_tmp);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
return 0;
}
static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char **tmpfile_path) {
_cleanup_fclose_ FILE *original = NULL, *shadow = NULL;
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
_cleanup_(unlink_and_freep) char *shadow_tmp = NULL;
sysusers: also add support for NIS entries in /etc/shadow Commit 563dc6f8e2cda4114dd20f32655890ed378c3740 added support for /etc/{passwd,group} only but since nsswitch.conf(5) appears to document the NIS entries also for shadow, let's support this case too.
2018-03-20 09:32:05 +01:00
struct spwd *sp = NULL;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
Iterator iterator;
long lstchg;
Item *i;
int r;
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
if (ordered_hashmap_size(todo_uids) == 0)
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
return 0;
r = fopen_temporary_label("/etc/shadow", shadow_path, &shadow, &shadow_tmp);
if (r < 0)
return r;
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY);
original = fopen(shadow_path, "re");
if (original) {
r = sync_rights(original, shadow);
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
while ((r = fgetspent_sane(original, &sp)) > 0) {
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
i = ordered_hashmap_get(users, sp->sp_namp);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (i && i->todo_user) {
/* we will update the existing entry */
sp->sp_lstchg = lstchg;
sysusers: Preserve ownership and mode on /etc/passwd and friends When running sysusers we would clobber file ownership and permissions on the files /etc/passwd, /etc/group and /etc/[g]shadow. This simply preserves the ownership and mode if existing files are found.
2014-10-29 15:03:41 +01:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
/* only the /etc/shadow stage is left, so we can
* safely remove the item from the todo set */
i->todo_user = false;
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
ordered_hashmap_remove(todo_uids, UID_TO_PTR(i->uid));
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
}
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
sysusers: also add support for NIS entries in /etc/shadow Commit 563dc6f8e2cda4114dd20f32655890ed378c3740 added support for /etc/{passwd,group} only but since nsswitch.conf(5) appears to document the NIS entries also for shadow, let's support this case too.
2018-03-20 09:32:05 +01:00
/* Make sure we keep the NIS entries (if any) at the end. */
if (IN_SET(sp->sp_namp[0], '+', '-'))
break;
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = putspent_sane(sp, shadow);
if (r < 0)
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
if (r < 0)
return r;
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
} else {
if (errno != ENOENT)
return -errno;
if (fchmod(fileno(shadow), 0000) < 0)
return -errno;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
ORDERED_HASHMAP_FOREACH(i, todo_uids, iterator) {
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
struct spwd n = {
.sp_namp = i->name,
.sp_pwdp = (char*) "!!",
.sp_lstchg = lstchg,
.sp_min = -1,
.sp_max = -1,
.sp_warn = -1,
.sp_inact = -1,
.sp_expire = -1,
.sp_flag = (unsigned long) -1, /* this appears to be what everybody does ... */
};
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = putspent_sane(&n, shadow);
if (r < 0)
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: also add support for NIS entries in /etc/shadow Commit 563dc6f8e2cda4114dd20f32655890ed378c3740 added support for /etc/{passwd,group} only but since nsswitch.conf(5) appears to document the NIS entries also for shadow, let's support this case too.
2018-03-20 09:32:05 +01:00
/* Append the remaining NIS entries if any */
while (sp) {
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = putspent_sane(sp, shadow);
if (r < 0)
return r;
sysusers: also add support for NIS entries in /etc/shadow Commit 563dc6f8e2cda4114dd20f32655890ed378c3740 added support for /etc/{passwd,group} only but since nsswitch.conf(5) appears to document the NIS entries also for shadow, let's support this case too.
2018-03-20 09:32:05 +01:00
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = fgetspent_sane(original, &sp);
if (r < 0)
return r;
if (r == 0)
break;
sysusers: also add support for NIS entries in /etc/shadow Commit 563dc6f8e2cda4114dd20f32655890ed378c3740 added support for /etc/{passwd,group} only but since nsswitch.conf(5) appears to document the NIS entries also for shadow, let's support this case too.
2018-03-20 09:32:05 +01:00
}
if (!IN_SET(errno, 0, ENOENT))
return -errno;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
"Don't fear the fsync()" For files which are vital to boot 1. Avoid opening any window where power loss will zero them out or worse. I know app developers all coded to the ext3 implementation, but the only formal documentation we have says we're broken if we actually rely on it. E.g. * `man mount`, search for `auto_da_alloc`. * http://www.linux-mtd.infradead.org/faq/ubifs.html#L_atomic_change * https://thunk.org/tytso/blog/2009/03/15/dont-fear-the-fsync/ 2. If we tell the kernel we're interested in writing them to disk, it will tell us if that fails. So at minimum, this means we play our part in notifying the user about errors. I refactored error-handling in `udevadm-hwdb` a little. It turns out I did exactly the same as had already been done in the `systemd-hwdb` version, i.e. commit d702dcd.
2017-08-17 18:09:44 +02:00
r = fflush_sync_and_check(shadow);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
*tmpfile = TAKE_PTR(shadow);
*tmpfile_path = TAKE_PTR(shadow_tmp);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
return 0;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
static int write_temporary_group(const char *group_path, FILE **tmpfile, char **tmpfile_path) {
_cleanup_fclose_ FILE *original = NULL, *group = NULL;
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
_cleanup_(unlink_and_freep) char *group_tmp = NULL;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
bool group_changed = false;
sysusers: do not append entries after the NIS ones The NIS-catchall entry switches from files to NIS lookup and never goes back, so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup} entries don't have to be). That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally works. It's age-old historic behaviour that the NIS entry must be the last one. It doesn't seem to be specified somewhere, but it worked like this since very early SunOS when NIS was first included. Fixes: #8467
2018-03-15 18:46:28 +01:00
struct group *gr = NULL;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
Iterator iterator;
Item *i;
int r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
if (ordered_hashmap_size(todo_gids) == 0 && ordered_hashmap_size(members) == 0)
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
return 0;
sysusers: Preserve ownership and mode on /etc/passwd and friends When running sysusers we would clobber file ownership and permissions on the files /etc/passwd, /etc/group and /etc/[g]shadow. This simply preserves the ownership and mode if existing files are found.
2014-10-29 15:03:41 +01:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
r = fopen_temporary_label("/etc/group", group_path, &group, &group_tmp);
if (r < 0)
return r;
original = fopen(group_path, "re");
if (original) {
r = sync_rights(original, group);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
while ((r = fgetgrent_sane(original, &gr)) > 0) {
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
/* Safety checks against name and GID collisions. Normally,
* this should be unnecessary, but given that we look at the
* entries anyway here, let's make an extra verification
* step that we don't generate duplicate entries. */
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
i = ordered_hashmap_get(groups, gr->gr_name);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (i && i->todo_group) {
log_error("%s: Group \"%s\" already exists.", group_path, gr->gr_name);
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return -EEXIST;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
if (ordered_hashmap_contains(todo_gids, GID_TO_PTR(gr->gr_gid))) {
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
log_error("%s: Detected collision for GID " GID_FMT ".", group_path, gr->gr_gid);
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return -EEXIST;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: do not append entries after the NIS ones The NIS-catchall entry switches from files to NIS lookup and never goes back, so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup} entries don't have to be). That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally works. It's age-old historic behaviour that the NIS entry must be the last one. It doesn't seem to be specified somewhere, but it worked like this since very early SunOS when NIS was first included. Fixes: #8467
2018-03-15 18:46:28 +01:00
/* Make sure we keep the NIS entries (if any) at the end. */
if (IN_SET(gr->gr_name[0], '+', '-'))
break;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
r = putgrent_with_members(gr, group);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (r > 0)
group_changed = true;
}
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
if (r < 0)
return r;
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
} else {
if (errno != ENOENT)
return -errno;
if (fchmod(fileno(group), 0644) < 0)
return -errno;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
ORDERED_HASHMAP_FOREACH(i, todo_gids, iterator) {
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
struct group n = {
.gr_name = i->name,
.gr_gid = i->gid,
.gr_passwd = (char*) "x",
};
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
r = putgrent_with_members(&n, group);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
group_changed = true;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: do not append entries after the NIS ones The NIS-catchall entry switches from files to NIS lookup and never goes back, so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup} entries don't have to be). That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally works. It's age-old historic behaviour that the NIS entry must be the last one. It doesn't seem to be specified somewhere, but it worked like this since very early SunOS when NIS was first included. Fixes: #8467
2018-03-15 18:46:28 +01:00
/* Append the remaining NIS entries if any */
while (gr) {
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = putgrent_sane(gr, group);
if (r < 0)
return r;
sysusers: do not append entries after the NIS ones The NIS-catchall entry switches from files to NIS lookup and never goes back, so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup} entries don't have to be). That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally works. It's age-old historic behaviour that the NIS entry must be the last one. It doesn't seem to be specified somewhere, but it worked like this since very early SunOS when NIS was first included. Fixes: #8467
2018-03-15 18:46:28 +01:00
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
r = fgetgrent_sane(original, &gr);
if (r < 0)
return r;
if (r == 0)
break;
sysusers: do not append entries after the NIS ones The NIS-catchall entry switches from files to NIS lookup and never goes back, so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup} entries don't have to be). That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally works. It's age-old historic behaviour that the NIS entry must be the last one. It doesn't seem to be specified somewhere, but it worked like this since very early SunOS when NIS was first included. Fixes: #8467
2018-03-15 18:46:28 +01:00
}
"Don't fear the fsync()" For files which are vital to boot 1. Avoid opening any window where power loss will zero them out or worse. I know app developers all coded to the ext3 implementation, but the only formal documentation we have says we're broken if we actually rely on it. E.g. * `man mount`, search for `auto_da_alloc`. * http://www.linux-mtd.infradead.org/faq/ubifs.html#L_atomic_change * https://thunk.org/tytso/blog/2009/03/15/dont-fear-the-fsync/ 2. If we tell the kernel we're interested in writing them to disk, it will tell us if that fails. So at minimum, this means we play our part in notifying the user about errors. I refactored error-handling in `udevadm-hwdb` a little. It turns out I did exactly the same as had already been done in the `systemd-hwdb` version, i.e. commit d702dcd.
2017-08-17 18:09:44 +02:00
r = fflush_sync_and_check(group);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (group_changed) {
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
*tmpfile = TAKE_PTR(group);
*tmpfile_path = TAKE_PTR(group_tmp);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
return 0;
}
static int write_temporary_gshadow(const char * gshadow_path, FILE **tmpfile, char **tmpfile_path) {
build-sys: use #if Y instead of #ifdef Y everywhere The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-10-03 10:41:51 +02:00
#if ENABLE_GSHADOW
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
_cleanup_fclose_ FILE *original = NULL, *gshadow = NULL;
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
_cleanup_(unlink_and_freep) char *gshadow_tmp = NULL;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
bool group_changed = false;
Iterator iterator;
Item *i;
int r;
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
if (ordered_hashmap_size(todo_gids) == 0 && ordered_hashmap_size(members) == 0)
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
return 0;
r = fopen_temporary_label("/etc/gshadow", gshadow_path, &gshadow, &gshadow_tmp);
if (r < 0)
return r;
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
original = fopen(gshadow_path, "re");
if (original) {
struct sgrp *sg;
r = sync_rights(original, gshadow);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
while ((r = fgetsgent_sane(original, &sg)) > 0) {
sysusers: do not reject users with already present /etc/shadow entries This is needed to interoperate firstboot and sysusers. The former one is started first, and it writes only /etc/shadow when it is told to set the root password. It's better to relax checks here than to duplicate functionality in firstboot.
2015-03-07 16:11:32 +01:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
i = ordered_hashmap_get(groups, sg->sg_namp);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (i && i->todo_group) {
log_error("%s: Group \"%s\" already exists.", gshadow_path, sg->sg_namp);
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return -EEXIST;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
r = putsgent_with_members(sg, gshadow);
sysuser: simplify access mode syncing by introducing helper function for it
2014-11-11 18:12:40 +01:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (r > 0)
group_changed = true;
}
user-util: add new wrappers for reading/writing {passwd,shadow,gshadow} database files (#8521) The API povided by the glibc is too error-prone as one has to deal directly with errno in order to detect if errors occured. Suggested by Zbigniew.
2018-03-21 15:26:02 +01:00
if (r < 0)
return r;
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
} else {
if (errno != ENOENT)
return -errno;
if (fchmod(fileno(gshadow), 0000) < 0)
return -errno;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
ORDERED_HASHMAP_FOREACH(i, todo_gids, iterator) {
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
struct sgrp n = {
.sg_namp = i->name,
.sg_passwd = (char*) "!!",
};
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
r = putsgent_with_members(&n, gshadow);
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
group_changed = true;
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
}
"Don't fear the fsync()" For files which are vital to boot 1. Avoid opening any window where power loss will zero them out or worse. I know app developers all coded to the ext3 implementation, but the only formal documentation we have says we're broken if we actually rely on it. E.g. * `man mount`, search for `auto_da_alloc`. * http://www.linux-mtd.infradead.org/faq/ubifs.html#L_atomic_change * https://thunk.org/tytso/blog/2009/03/15/dont-fear-the-fsync/ 2. If we tell the kernel we're interested in writing them to disk, it will tell us if that fails. So at minimum, this means we play our part in notifying the user about errors. I refactored error-handling in `udevadm-hwdb` a little. It turns out I did exactly the same as had already been done in the `systemd-hwdb` version, i.e. commit d702dcd.
2017-08-17 18:09:44 +02:00
r = fflush_sync_and_check(gshadow);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
if (group_changed) {
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
*tmpfile = TAKE_PTR(gshadow);
*tmpfile_path = TAKE_PTR(gshadow_tmp);
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
return 0;
sysusers: make group shadow support configurable Some distros (openSUSE) don't have group shadow support enabled. This can lead to the following error: # systemd-sysusers Creating group foofoo with gid 478. # systemd-sysusers # groupdel foofoo # systemd-sysusers Creating group foofoo with gid 478. Failed to write files: File exists This patch adds --disable-gshadow option to configure. If used, systemd-sysvusers won't consider /etc/gshadow.
2017-05-09 14:02:37 +02:00
#else
return 0;
#endif
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
static int write_files(void) {
_cleanup_fclose_ FILE *passwd = NULL, *group = NULL, *shadow = NULL, *gshadow = NULL;
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
_cleanup_(unlink_and_freep) char *passwd_tmp = NULL, *group_tmp = NULL, *shadow_tmp = NULL, *gshadow_tmp = NULL;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
const char *passwd_path = NULL, *group_path = NULL, *shadow_path = NULL, *gshadow_path = NULL;
int r;
passwd_path = prefix_roota(arg_root, "/etc/passwd");
shadow_path = prefix_roota(arg_root, "/etc/shadow");
group_path = prefix_roota(arg_root, "/etc/group");
gshadow_path = prefix_roota(arg_root, "/etc/gshadow");
r = write_temporary_group(group_path, &group, &group_tmp);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
r = write_temporary_gshadow(gshadow_path, &gshadow, &gshadow_tmp);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
r = write_temporary_passwd(passwd_path, &passwd, &passwd_tmp);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
r = write_temporary_shadow(shadow_path, &shadow, &shadow_tmp);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
/* Make a backup of the old files */
if (group) {
r = make_backup("/etc/group", group_path);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
}
if (gshadow) {
r = make_backup("/etc/gshadow", gshadow_path);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
if (passwd) {
sysusers: fix selinux context of backup files Also, fix fopen_temporary_label to set proper context. By chance, all users so far used the same context, so the error didn't matter. Also, check return value from label_init(). https://bugzilla.redhat.com/show_bug.cgi?id=1121806
2014-07-22 02:41:19 +02:00
r = make_backup("/etc/passwd", passwd_path);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
if (shadow) {
r = make_backup("/etc/shadow", shadow_path);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
/* And make the new files count */
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
if (group) {
r = rename_and_apply_smack(group_tmp, group_path);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
group_tmp = mfree(group_tmp);
}
if (gshadow) {
r = rename_and_apply_smack(gshadow_tmp, gshadow_path);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: split make_files() This patch extracts the code which is in charge to write the new users or groups into temporary files and move it into 4 dedicated functions. This part was previously inlined in makes_files() making this function quite big and hard to read and maintain. There should be no functional change.
2017-05-09 09:37:37 +02:00
gshadow_tmp = mfree(gshadow_tmp);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
if (passwd) {
smack: label /etc/passwd and friends as '_' smack label when --with-smack-run-label' is enabled systemd-sysusers.service unit creates system users and groups and it could update /etc/passwd, /etc/group, /etc/shadow and /etc/gshadow. Those files should have '_' smack label because of accessibility. However, if systemd has its own smack label using '--with-smack-run-label' configuration, systemd-sysusers process spawned by systemd(pid:1) has its parent smack label and eventually updated files also is set as its parent smack label. This patch fixes that bug by labeling updated files as '_' smack label when --with-smack-run-label' is enabled.
2015-10-06 12:08:16 +02:00
r = rename_and_apply_smack(passwd_tmp, passwd_path);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
tree-wide: introduce mfree() Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-07-31 19:56:38 +02:00
passwd_tmp = mfree(passwd_tmp);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
if (shadow) {
smack: label /etc/passwd and friends as '_' smack label when --with-smack-run-label' is enabled systemd-sysusers.service unit creates system users and groups and it could update /etc/passwd, /etc/group, /etc/shadow and /etc/gshadow. Those files should have '_' smack label because of accessibility. However, if systemd has its own smack label using '--with-smack-run-label' configuration, systemd-sysusers process spawned by systemd(pid:1) has its parent smack label and eventually updated files also is set as its parent smack label. This patch fixes that bug by labeling updated files as '_' smack label when --with-smack-run-label' is enabled.
2015-10-06 12:08:16 +02:00
r = rename_and_apply_smack(shadow_tmp, shadow_path);
if (r < 0)
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return r;
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
tree-wide: introduce mfree() Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-07-31 19:56:38 +02:00
shadow_tmp = mfree(shadow_tmp);
sysusers: also update /etc/shadow and /etc/gshadow when creating new system users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19 01:57:24 +02:00
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: make use of cleanup(unlink_and_freep) in write_files() and its auxiliary helpers No functional changes.
2017-05-10 14:28:41 +02:00
return 0;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
static int uid_is_ok(uid_t uid, const char *name, bool check_with_gid) {
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
struct passwd *p;
struct group *g;
const char *n;
Item *i;
/* Let's see if we already have assigned the UID a second time */
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
if (ordered_hashmap_get(todo_uids, UID_TO_PTR(uid)))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return 0;
/* Try to avoid using uids that are already used by a group
* that doesn't have the same name as our new user. */
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
if (check_with_gid) {
i = ordered_hashmap_get(todo_gids, GID_TO_PTR(uid));
if (i && !streq(i->name, name))
return 0;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
/* Let's check the files directly */
if (hashmap_contains(database_uid, UID_TO_PTR(uid)))
return 0;
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
if (check_with_gid) {
n = hashmap_get(database_gid, GID_TO_PTR(uid));
if (n && !streq(n, name))
return 0;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
/* Let's also check via NSS, to avoid UID clashes over LDAP and such, just in case */
if (!arg_root) {
errno = 0;
p = getpwuid(uid);
if (p)
return 0;
sysusers: always treat ENOENT as entry-not-found when doing NSS calls For most NSS calls it is documented that they return NULL + errno=0 when an entry is not found. However, in reality it appears to be common to return NULL + errno=ENOENT, instead. Handle that correctly, and don't consider ENOENT a systematic error.
2014-06-13 19:24:11 +02:00
if (!IN_SET(errno, 0, ENOENT))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return -errno;
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
if (check_with_gid) {
errno = 0;
g = getgrgid((gid_t) uid);
if (g) {
if (!streq(g->gr_name, name))
return 0;
} else if (!IN_SET(errno, 0, ENOENT))
return -errno;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
return 1;
}
static int root_stat(const char *p, struct stat *st) {
const char *fix;
util: add generic calls for prefixing a root directory to a path So far a number of utilities implemented their own calls for this, unify them in prefix_root() and prefix_roota(). The former uses heap memory, the latter allocates from the stack via alloca(). Port over most users of a --root= logic.
2015-05-13 17:42:10 +02:00
fix = prefix_roota(arg_root, p);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (stat(fix, st) < 0)
return -errno;
return 0;
}
static int read_id_from_file(Item *i, uid_t *_uid, gid_t *_gid) {
struct stat st;
bool found_uid = false, found_gid = false;
sysusers: Remove some gcc warnings about uninitialized variables Gcc is spewing some warnings about uninitialized variables. Let's get rid of the noise.
2014-09-18 17:56:57 +02:00
uid_t uid = 0;
gid_t gid = 0;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
assert(i);
/* First, try to get the gid directly */
if (_gid && i->gid_path && root_stat(i->gid_path, &st) >= 0) {
gid = st.st_gid;
found_gid = true;
}
/* Then, try to get the uid directly */
if ((_uid || (_gid && !found_gid))
&& i->uid_path
&& root_stat(i->uid_path, &st) >= 0) {
uid = st.st_uid;
found_uid = true;
/* If we need the gid, but had no success yet, also derive it from the uid path */
if (_gid && !found_gid) {
gid = st.st_gid;
found_gid = true;
}
}
/* If that didn't work yet, then let's reuse the gid as uid */
if (_uid && !found_uid && i->gid_path) {
if (found_gid) {
uid = (uid_t) gid;
found_uid = true;
} else if (root_stat(i->gid_path, &st) >= 0) {
uid = (uid_t) st.st_gid;
found_uid = true;
}
}
if (_uid) {
if (!found_uid)
return 0;
*_uid = uid;
}
if (_gid) {
if (!found_gid)
return 0;
*_gid = gid;
}
return 1;
}
static int add_user(Item *i) {
void *z;
int r;
assert(i);
/* Check the database directly */
z = hashmap_get(database_user, i->name);
if (z) {
log_debug("User %s already exists.", i->name);
sysusers: do not set todo to create a user when we only need a group
2014-06-13 03:26:41 +02:00
i->uid = PTR_TO_UID(z);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
i->uid_set = true;
return 0;
}
if (!arg_root) {
struct passwd *p;
/* Also check NSS */
errno = 0;
p = getpwnam(i->name);
if (p) {
log_debug("User %s already exists.", i->name);
i->uid = p->pw_uid;
i->uid_set = true;
tree-wide: use free_and_strdup() Use free_and_strdup() where appropriate and replace equivalent, open-coded versions.
2015-07-29 20:25:57 +02:00
r = free_and_strdup(&i->description, p->pw_gecos);
if (r < 0)
return log_oom();
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return 0;
}
treewide: another round of simplifications Using the same scripts as in f647962d64e "treewide: yet more log_*_errno + return simplifications".
2014-11-28 19:57:32 +01:00
if (!IN_SET(errno, 0, ENOENT))
return log_error_errno(errno, "Failed to check if user %s already exists: %m", i->name);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
/* Try to use the suggested numeric uid */
if (i->uid_set) {
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
r = uid_is_ok(i->uid, i->name, !i->id_set_strict);
treewide: yet more log_*_errno + return simplifications Using: find . -name '*.[ch]' | while read f; do perl -i.mmm -e \ 'local $/; local $_=<>; s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg; print;' $f done And a couple of manual whitespace fixups.
2014-11-28 18:50:43 +01:00
if (r < 0)
return log_error_errno(r, "Failed to verify uid " UID_FMT ": %m", i->uid);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r == 0) {
log_debug("Suggested user ID " UID_FMT " for %s already used.", i->uid, i->name);
i->uid_set = false;
}
}
/* If that didn't work, try to read it from the specified path */
if (!i->uid_set) {
uid_t c;
if (read_id_from_file(i, &c, NULL) > 0) {
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (c <= 0 || !uid_range_contains(uid_range, n_uid_range, c))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
log_debug("User ID " UID_FMT " of file not suitable for %s.", c, i->name);
else {
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
r = uid_is_ok(c, i->name, true);
treewide: yet more log_*_errno + return simplifications Using: find . -name '*.[ch]' | while read f; do perl -i.mmm -e \ 'local $/; local $_=<>; s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg; print;' $f done And a couple of manual whitespace fixups.
2014-11-28 18:50:43 +01:00
if (r < 0)
return log_error_errno(r, "Failed to verify uid " UID_FMT ": %m", i->uid);
else if (r > 0) {
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
i->uid = c;
i->uid_set = true;
} else
log_debug("User ID " UID_FMT " of file for %s is already used.", c, i->name);
}
}
}
doc: correct punctuation and improve typography in documentation
2014-08-03 07:11:12 +02:00
/* Otherwise, try to reuse the group ID */
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (!i->uid_set && i->gid_set) {
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
r = uid_is_ok((uid_t) i->gid, i->name, true);
treewide: yet more log_*_errno + return simplifications Using: find . -name '*.[ch]' | while read f; do perl -i.mmm -e \ 'local $/; local $_=<>; s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg; print;' $f done And a couple of manual whitespace fixups.
2014-11-28 18:50:43 +01:00
if (r < 0)
return log_error_errno(r, "Failed to verify uid " UID_FMT ": %m", i->uid);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r > 0) {
i->uid = (uid_t) i->gid;
i->uid_set = true;
}
}
/* And if that didn't work either, let's try to find a free one */
if (!i->uid_set) {
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
for (;;) {
r = uid_range_next_lower(uid_range, n_uid_range, &search_uid);
if (r < 0) {
log_error("No free user ID available for %s.", i->name);
return r;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
r = uid_is_ok(search_uid, i->name, true);
treewide: yet more log_*_errno + return simplifications Using: find . -name '*.[ch]' | while read f; do perl -i.mmm -e \ 'local $/; local $_=<>; s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg; print;' $f done And a couple of manual whitespace fixups.
2014-11-28 18:50:43 +01:00
if (r < 0)
return log_error_errno(r, "Failed to verify uid " UID_FMT ": %m", i->uid);
else if (r > 0)
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
break;
}
i->uid_set = true;
i->uid = search_uid;
}
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
r = ordered_hashmap_ensure_allocated(&todo_uids, NULL);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
return log_oom();
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
r = ordered_hashmap_put(todo_uids, UID_TO_PTR(i->uid), i);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
return log_oom();
sysusers: do not set todo to create a user when we only need a group
2014-06-13 03:26:41 +02:00
i->todo_user = true;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
log_info("Creating user %s (%s) with uid " UID_FMT " and gid " GID_FMT ".", i->name, strna(i->description), i->uid, i->gid);
return 0;
}
static int gid_is_ok(gid_t gid) {
struct group *g;
struct passwd *p;
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
if (ordered_hashmap_get(todo_gids, GID_TO_PTR(gid)))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return 0;
/* Avoid reusing gids that are already used by a different user */
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
if (ordered_hashmap_get(todo_uids, UID_TO_PTR(gid)))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return 0;
if (hashmap_contains(database_gid, GID_TO_PTR(gid)))
return 0;
if (hashmap_contains(database_uid, UID_TO_PTR(gid)))
return 0;
if (!arg_root) {
errno = 0;
g = getgrgid(gid);
if (g)
return 0;
sysusers: always treat ENOENT as entry-not-found when doing NSS calls For most NSS calls it is documented that they return NULL + errno=0 when an entry is not found. However, in reality it appears to be common to return NULL + errno=ENOENT, instead. Handle that correctly, and don't consider ENOENT a systematic error.
2014-06-13 19:24:11 +02:00
if (!IN_SET(errno, 0, ENOENT))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return -errno;
errno = 0;
p = getpwuid((uid_t) gid);
if (p)
return 0;
sysusers: always treat ENOENT as entry-not-found when doing NSS calls For most NSS calls it is documented that they return NULL + errno=0 when an entry is not found. However, in reality it appears to be common to return NULL + errno=ENOENT, instead. Handle that correctly, and don't consider ENOENT a systematic error.
2014-06-13 19:24:11 +02:00
if (!IN_SET(errno, 0, ENOENT))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return -errno;
}
return 1;
}
static int add_group(Item *i) {
void *z;
int r;
assert(i);
/* Check the database directly */
z = hashmap_get(database_group, i->name);
if (z) {
log_debug("Group %s already exists.", i->name);
i->gid = PTR_TO_GID(z);
i->gid_set = true;
return 0;
}
/* Also check NSS */
if (!arg_root) {
struct group *g;
errno = 0;
g = getgrnam(i->name);
if (g) {
log_debug("Group %s already exists.", i->name);
i->gid = g->gr_gid;
i->gid_set = true;
return 0;
}
treewide: another round of simplifications Using the same scripts as in f647962d64e "treewide: yet more log_*_errno + return simplifications".
2014-11-28 19:57:32 +01:00
if (!IN_SET(errno, 0, ENOENT))
return log_error_errno(errno, "Failed to check if group %s already exists: %m", i->name);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
/* Try to use the suggested numeric gid */
if (i->gid_set) {
r = gid_is_ok(i->gid);
treewide: yet more log_*_errno + return simplifications Using: find . -name '*.[ch]' | while read f; do perl -i.mmm -e \ 'local $/; local $_=<>; s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg; print;' $f done And a couple of manual whitespace fixups.
2014-11-28 18:50:43 +01:00
if (r < 0)
return log_error_errno(r, "Failed to verify gid " GID_FMT ": %m", i->gid);
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
if (i->id_set_strict) {
sysusers: ensure GID in uid:gid syntax exists Ensure that the GID already exists or is created when the new "uid:gid" syntax is used. This ensures the behaviour is always predictable.
2018-01-25 12:50:14 +01:00
/* If we require the gid to already exist we can return here:
* r > 0: means the gid does not exist -> fail
* r == 0: means the gid exists -> nothing more to do.
*/
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
if (r > 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Failed to create %s: please create GID %d",
i->name, i->gid);
sysusers: ensure GID in uid:gid syntax exists Ensure that the GID already exists or is created when the new "uid:gid" syntax is used. This ensures the behaviour is always predictable.
2018-01-25 12:50:14 +01:00
if (r == 0)
return 0;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r == 0) {
log_debug("Suggested group ID " GID_FMT " for %s already used.", i->gid, i->name);
i->gid_set = false;
}
}
/* Try to reuse the numeric uid, if there's one */
if (!i->gid_set && i->uid_set) {
r = gid_is_ok((gid_t) i->uid);
treewide: yet more log_*_errno + return simplifications Using: find . -name '*.[ch]' | while read f; do perl -i.mmm -e \ 'local $/; local $_=<>; s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg; print;' $f done And a couple of manual whitespace fixups.
2014-11-28 18:50:43 +01:00
if (r < 0)
return log_error_errno(r, "Failed to verify gid " GID_FMT ": %m", i->gid);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r > 0) {
i->gid = (gid_t) i->uid;
i->gid_set = true;
}
}
/* If that didn't work, try to read it from the specified path */
if (!i->gid_set) {
gid_t c;
if (read_id_from_file(i, NULL, &c) > 0) {
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (c <= 0 || !uid_range_contains(uid_range, n_uid_range, c))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
log_debug("Group ID " GID_FMT " of file not suitable for %s.", c, i->name);
else {
r = gid_is_ok(c);
treewide: yet more log_*_errno + return simplifications Using: find . -name '*.[ch]' | while read f; do perl -i.mmm -e \ 'local $/; local $_=<>; s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg; print;' $f done And a couple of manual whitespace fixups.
2014-11-28 18:50:43 +01:00
if (r < 0)
return log_error_errno(r, "Failed to verify gid " GID_FMT ": %m", i->gid);
else if (r > 0) {
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
i->gid = c;
i->gid_set = true;
} else
log_debug("Group ID " GID_FMT " of file for %s already used.", c, i->name);
}
}
}
/* And if that didn't work either, let's try to find a free one */
if (!i->gid_set) {
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
for (;;) {
/* We look for new GIDs in the UID pool! */
r = uid_range_next_lower(uid_range, n_uid_range, &search_uid);
if (r < 0) {
log_error("No free group ID available for %s.", i->name);
return r;
}
r = gid_is_ok(search_uid);
treewide: yet more log_*_errno + return simplifications Using: find . -name '*.[ch]' | while read f; do perl -i.mmm -e \ 'local $/; local $_=<>; s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg; print;' $f done And a couple of manual whitespace fixups.
2014-11-28 18:50:43 +01:00
if (r < 0)
return log_error_errno(r, "Failed to verify gid " GID_FMT ": %m", i->gid);
else if (r > 0)
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
break;
}
i->gid_set = true;
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
i->gid = search_uid;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
r = ordered_hashmap_ensure_allocated(&todo_gids, NULL);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
return log_oom();
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
r = ordered_hashmap_put(todo_gids, GID_TO_PTR(i->gid), i);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0)
return log_oom();
sysusers: do not set todo to create a user when we only need a group
2014-06-13 03:26:41 +02:00
i->todo_group = true;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
log_info("Creating group %s with gid " GID_FMT ".", i->name, i->gid);
return 0;
}
static int process_item(Item *i) {
int r;
assert(i);
switch (i->type) {
sysusers: do not create duplicated groups when create users The commit e2c2060f7b3b11fa3cca8899d80963b7a05cc4ab introduces the issue #8315. Fixes #8315.
2018-03-01 19:27:34 +01:00
case ADD_USER: {
Item *j;
j = ordered_hashmap_get(groups, i->name);
if (j && j->todo_group) {
/* When the group with the same name is already in queue,
* use the information about the group and do not create
* duplicated group entry. */
i->gid_set = j->gid_set;
i->gid = j->gid;
i->id_set_strict = true;
} else {
r = add_group(i);
if (r < 0)
return r;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return add_user(i);
sysusers: do not create duplicated groups when create users The commit e2c2060f7b3b11fa3cca8899d80963b7a05cc4ab introduces the issue #8315. Fixes #8315.
2018-03-01 19:27:34 +01:00
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: make ADD_GROUP always create a group Do not merge group creation with user creation because with the new uid:gid syntax this can result in confusing (and unwanted) behavior.
2018-01-24 11:46:10 +01:00
case ADD_GROUP:
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return add_group(i);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
default:
assert_not_reached("Unknown item type");
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
static void item_free(Item *i) {
if (!i)
return;
free(i->name);
free(i->uid_path);
free(i->gid_path);
free(i->description);
sysusers: fix memleak (#4430) Fixes: ``` ==28075== 64 bytes in 1 blocks are definitely lost in loss record 2 of 3 ==28075== at 0x4C2BAEE: malloc (vg_replace_malloc.c:298) ==28075== by 0x4C2DCA1: realloc (vg_replace_malloc.c:785) ==28075== by 0x4ED40A2: greedy_realloc (alloc-util.c:57) ==28075== by 0x4E90F87: extract_first_word (extract-word.c:78) ==28075== by 0x4E91813: extract_many_words (extract-word.c:270) ==28075== by 0x10FE93: parse_line (sysusers.c:1325) ==28075== by 0x11198B: read_config_file (sysusers.c:1640) ==28075== by 0x111EB8: main (sysusers.c:1773) ==28075== ```
2016-10-20 20:23:32 +02:00
free(i->home);
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
free(i->shell);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
free(i);
}
DEFINE_TRIVIAL_CLEANUP_FUNC(Item*, item_free);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
static int add_implicit(void) {
char *g, **l;
Iterator iterator;
int r;
/* Implicitly create additional users and groups, if they were listed in "m" lines */
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
ORDERED_HASHMAP_FOREACH_KEY(l, g, members, iterator) {
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
char **m;
sysusers: do not implicitly create group by 'm' if 'u' with the same name exists The commit e2c2060f7b3b11fa3cca8899d80963b7a05cc4ab makes 'm' lines disturb 'u' lines. This fixes the disturbance.
2018-03-01 23:38:28 +01:00
STRV_FOREACH(m, l)
if (!ordered_hashmap_get(users, *m)) {
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
_cleanup_(item_freep) Item *j = NULL;
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
r = ordered_hashmap_ensure_allocated(&users, &string_hash_ops);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
if (r < 0)
return log_oom();
j = new0(Item, 1);
if (!j)
return log_oom();
j->type = ADD_USER;
j->name = strdup(*m);
if (!j->name)
return log_oom();
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
r = ordered_hashmap_put(users, j->name, j);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
if (r < 0)
return log_oom();
log_debug("Adding implicit user '%s' due to m line", j->name);
j = NULL;
}
sysusers: do not implicitly create group by 'm' if 'u' with the same name exists The commit e2c2060f7b3b11fa3cca8899d80963b7a05cc4ab makes 'm' lines disturb 'u' lines. This fixes the disturbance.
2018-03-01 23:38:28 +01:00
if (!(ordered_hashmap_get(users, g) ||
ordered_hashmap_get(groups, g))) {
_cleanup_(item_freep) Item *j = NULL;
r = ordered_hashmap_ensure_allocated(&groups, &string_hash_ops);
if (r < 0)
return log_oom();
j = new0(Item, 1);
if (!j)
return log_oom();
j->type = ADD_GROUP;
j->name = strdup(g);
if (!j->name)
return log_oom();
r = ordered_hashmap_put(groups, j->name, j);
if (r < 0)
return log_oom();
log_debug("Adding implicit group '%s' due to m line", j->name);
j = NULL;
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
}
}
return 0;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
static bool item_equal(Item *a, Item *b) {
assert(a);
assert(b);
if (a->type != b->type)
return false;
if (!streq_ptr(a->name, b->name))
return false;
if (!streq_ptr(a->uid_path, b->uid_path))
return false;
if (!streq_ptr(a->gid_path, b->gid_path))
return false;
if (!streq_ptr(a->description, b->description))
return false;
if (a->uid_set != b->uid_set)
return false;
if (a->uid_set && a->uid != b->uid)
return false;
if (a->gid_set != b->gid_set)
return false;
if (a->gid_set && a->gid != b->gid)
return false;
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
if (!streq_ptr(a->home, b->home))
return false;
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
if (!streq_ptr(a->shell, b->shell))
return false;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return true;
}
static int parse_line(const char *fname, unsigned line, const char *buffer) {
static const Specifier specifier_table[] = {
core: introduce specifiers for /tmp and /var/tmp This corresponds nicely with the specifiers we already pass for /var/lib, /var/cache, /run and so on. This is particular useful to update the test-path service files to operate without guessable files, thus allowing multiple parallel test-path invocations to pass without issues (the idea is to set $TMPDIR early on in the test to some private directory, and then only use the new %T or %V specifier to refer to it).
2018-05-29 11:25:26 +02:00
{ 'm', specifier_machine_id, NULL },
{ 'b', specifier_boot_id, NULL },
{ 'H', specifier_host_name, NULL },
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
{ 'v', specifier_kernel_release, NULL },
core: introduce specifiers for /tmp and /var/tmp This corresponds nicely with the specifiers we already pass for /var/lib, /var/cache, /run and so on. This is particular useful to update the test-path service files to operate without guessable files, thus allowing multiple parallel test-path invocations to pass without issues (the idea is to set $TMPDIR early on in the test to some private directory, and then only use the new %T or %V specifier to refer to it).
2018-05-29 11:25:26 +02:00
{ 'T', specifier_tmp_dir, NULL },
{ 'V', specifier_var_tmp_dir, NULL },
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
{}
};
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
_cleanup_free_ char *action = NULL,
*name = NULL, *resolved_name = NULL,
*id = NULL, *resolved_id = NULL,
sysusers: support specifier expansion for GECOS and home directory fields
2018-05-31 10:36:22 +02:00
*description = NULL, *resolved_description = NULL,
*home = NULL, *resolved_home = NULL,
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
*shell, *resolved_shell = NULL;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
_cleanup_(item_freep) Item *i = NULL;
Item *existing;
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
OrderedHashmap *h;
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
int r;
const char *p;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
assert(fname);
assert(line >= 1);
assert(buffer);
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
/* Parse columns */
p = buffer;
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
r = extract_many_words(&p, NULL, EXTRACT_QUOTES,
&action, &name, &id, &description, &home, &shell, NULL);
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
if (r < 0) {
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
log_error("[%s:%u] Syntax error.", fname, line);
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
return r;
}
if (r < 2) {
log_error("[%s:%u] Missing action and name columns.", fname, line);
return -EINVAL;
}
Convert unquote_*_word users to expect isempty(p) after the last entry This is so that, when called in a loop, unquote_first_word can distinguish between reaching the end of a string because it has consumed all the input before the end, and consuming all the input. This is important because we later add a flag that allows char *in = ""; char *out; unquote_first_word(&in, &out, flags); To put "" in out, and set in = NULL, so the trailing empty string of the input can be consumed, and mark that the input has been consumed.
2015-06-19 17:24:29 +02:00
if (!isempty(p)) {
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
log_error("[%s:%u] Trailing garbage.", fname, line);
return -EINVAL;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
/* Verify action */
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (strlen(action) != 1) {
log_error("[%s:%u] Unknown modifier '%s'", fname, line, action);
return -EINVAL;
}
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (!IN_SET(action[0], ADD_USER, ADD_GROUP, ADD_MEMBER, ADD_RANGE)) {
treewide: fix typos and remove accidental repetition of words
2016-07-10 14:48:23 +02:00
log_error("[%s:%u] Unknown command type '%c'.", fname, line, action[0]);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return -EBADMSG;
}
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
/* Verify name */
tree-wide: introduce mfree() Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-07-31 19:56:38 +02:00
if (isempty(name) || streq(name, "-"))
name = mfree(name);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (name) {
r = specifier_printf(name, specifier_table, NULL, &resolved_name);
if (r < 0) {
log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, name);
return r;
}
if (!valid_user_group_name(resolved_name)) {
log_error("[%s:%u] '%s' is not a valid user or group name.", fname, line, resolved_name);
return -EINVAL;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
/* Verify id */
tree-wide: introduce mfree() Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-07-31 19:56:38 +02:00
if (isempty(id) || streq(id, "-"))
id = mfree(id);
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (id) {
r = specifier_printf(id, specifier_table, NULL, &resolved_id);
if (r < 0) {
log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, name);
return r;
}
}
/* Verify description */
tree-wide: introduce mfree() Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-07-31 19:56:38 +02:00
if (isempty(description) || streq(description, "-"))
description = mfree(description);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (description) {
sysusers: support specifier expansion for GECOS and home directory fields
2018-05-31 10:36:22 +02:00
r = specifier_printf(description, specifier_table, NULL, &resolved_description);
if (r < 0) {
log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, description);
return r;
}
if (!valid_gecos(resolved_description)) {
log_error("[%s:%u] '%s' is not a valid GECOS field.", fname, line, resolved_description);
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
return -EINVAL;
}
}
/* Verify home */
tree-wide: introduce mfree() Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-07-31 19:56:38 +02:00
if (isempty(home) || streq(home, "-"))
home = mfree(home);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (home) {
sysusers: support specifier expansion for GECOS and home directory fields
2018-05-31 10:36:22 +02:00
r = specifier_printf(home, specifier_table, NULL, &resolved_home);
if (r < 0) {
log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, home);
return r;
}
if (!valid_home(resolved_home)) {
log_error("[%s:%u] '%s' is not a valid home directory field.", fname, line, resolved_home);
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
return -EINVAL;
}
}
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
/* Verify shell */
if (isempty(shell) || streq(shell, "-"))
shell = mfree(shell);
if (shell) {
r = specifier_printf(shell, specifier_table, NULL, &resolved_shell);
if (r < 0) {
log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, shell);
return r;
}
if (!valid_shell(resolved_shell)) {
log_error("[%s:%u] '%s' is not a valid login shell field.", fname, line, resolved_shell);
return -EINVAL;
}
}
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
switch (action[0]) {
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
case ADD_RANGE:
if (resolved_name) {
log_error("[%s:%u] Lines of type 'r' don't take a name field.", fname, line);
return -EINVAL;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (!resolved_id) {
log_error("[%s:%u] Lines of type 'r' require a ID range in the third field.", fname, line);
return -EINVAL;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
if (description || home || shell) {
log_error("[%s:%u] Lines of type '%c' don't take a %s field.",
fname, line, action[0],
description ? "GECOS" : home ? "home directory" : "login shell");
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
return -EINVAL;
}
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
r = uid_range_add_str(&uid_range, &n_uid_range, resolved_id);
if (r < 0) {
log_error("[%s:%u] Invalid UID range %s.", fname, line, resolved_id);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
return -EINVAL;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
return 0;
case ADD_MEMBER: {
char **l;
/* Try to extend an existing member or group item */
if (!name) {
log_error("[%s:%u] Lines of type 'm' require a user name in the second field.", fname, line);
return -EINVAL;
}
if (!resolved_id) {
log_error("[%s:%u] Lines of type 'm' require a group name in the third field.", fname, line);
return -EINVAL;
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
if (!valid_user_group_name(resolved_id)) {
log_error("[%s:%u] '%s' is not a valid user or group name.", fname, line, resolved_id);
return -EINVAL;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
if (description || home || shell) {
log_error("[%s:%u] Lines of type '%c' don't take a %s field.",
fname, line, action[0],
description ? "GECOS" : home ? "home directory" : "login shell");
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
return -EINVAL;
}
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
r = ordered_hashmap_ensure_allocated(&members, &string_hash_ops);
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
if (r < 0)
return log_oom();
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
l = ordered_hashmap_get(members, resolved_id);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
if (l) {
/* A list for this group name already exists, let's append to it */
r = strv_push(&l, resolved_name);
if (r < 0)
return log_oom();
resolved_name = NULL;
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
assert_se(ordered_hashmap_update(members, resolved_id, l) >= 0);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
} else {
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
/* No list for this group name exists yet, create one */
l = new0(char *, 2);
if (!l)
return -ENOMEM;
l[0] = resolved_name;
l[1] = NULL;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
r = ordered_hashmap_put(members, resolved_id, l);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r < 0) {
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
free(l);
return log_oom();
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
resolved_id = resolved_name = NULL;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
return 0;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
case ADD_USER:
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (!name) {
log_error("[%s:%u] Lines of type 'u' require a user name in the second field.", fname, line);
return -EINVAL;
}
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
r = ordered_hashmap_ensure_allocated(&users, &string_hash_ops);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
if (r < 0)
return log_oom();
i = new0(Item, 1);
if (!i)
return log_oom();
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (resolved_id) {
if (path_is_absolute(resolved_id)) {
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
i->uid_path = TAKE_PTR(resolved_id);
path-util: introduce path_simplify() The function is similar to path_kill_slashes() but also removes initial './', trailing '/.', and '/./' in the path. When the second argument of path_simplify() is false, then it behaves as the same as path_kill_slashes(). Hence, this also replaces path_kill_slashes() with path_simplify().
2018-05-31 16:39:31 +02:00
path_simplify(i->uid_path, false);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
} else {
sysusers: allow uid:gid in sysusers.conf files This PR allows to write sysuser.conf lines like: ``` u games 5:60 - ``` This will create an a "games" user with uid 5 and games group with gid 60. This is arguable ugly, however it is required to represent certain configurations like the default passwd file on Debian and Ubuntu. When the ":" syntax is used and there is a group with the given gid already then no new group is created. This allows writing the following: ``` g unrelated 60 u games 5:60 - ``` which will create a "games" user with the uid 5 and the primary gid 60. No group games is created here (might be useful for [1]). [1] https://pagure.io/packaging-committee/issue/442
2018-01-23 19:53:08 +01:00
_cleanup_free_ char *uid = NULL, *gid = NULL;
if (split_pair(resolved_id, ":", &uid, &gid) == 0) {
r = parse_gid(gid, &i->gid);
if (r < 0)
return log_error_errno(r, "Failed to parse GID: '%s': %m", id);
i->gid_set = true;
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
i->id_set_strict = true;
sysusers: allow uid:gid in sysusers.conf files This PR allows to write sysuser.conf lines like: ``` u games 5:60 - ``` This will create an a "games" user with uid 5 and games group with gid 60. This is arguable ugly, however it is required to represent certain configurations like the default passwd file on Debian and Ubuntu. When the ":" syntax is used and there is a group with the given gid already then no new group is created. This allows writing the following: ``` g unrelated 60 u games 5:60 - ``` which will create a "games" user with the uid 5 and the primary gid 60. No group games is created here (might be useful for [1]). [1] https://pagure.io/packaging-committee/issue/442
2018-01-23 19:53:08 +01:00
free_and_replace(resolved_id, uid);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
}
sysusers: support `u username -:300` style syntax (#8325) This PR implements the first part of RFE #8046. I.e. this allows to write: ``` u username -:300 ``` Where the uid is chosen automatically but the gid is fixed.
2018-03-02 12:56:44 +01:00
if (!streq(resolved_id, "-")) {
r = parse_uid(resolved_id, &i->uid);
if (r < 0)
return log_error_errno(r, "Failed to parse UID: '%s': %m", id);
i->uid_set = true;
}
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
}
}
sysusers: support specifier expansion for GECOS and home directory fields
2018-05-31 10:36:22 +02:00
i->description = TAKE_PTR(resolved_description);
i->home = TAKE_PTR(resolved_home);
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
i->shell = TAKE_PTR(resolved_shell);
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
h = users;
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
break;
case ADD_GROUP:
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (!name) {
log_error("[%s:%u] Lines of type 'g' require a user name in the second field.", fname, line);
return -EINVAL;
}
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
sysusers: allow the shell to be specified This is necessary for some system users where the "login shell" is set to a specific binary.
2018-01-30 14:28:10 +01:00
if (description || home || shell) {
log_error("[%s:%u] Lines of type '%c' don't take a %s field.",
fname, line, action[0],
description ? "GECOS" : home ? "home directory" : "login shell");
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
return -EINVAL;
}
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
r = ordered_hashmap_ensure_allocated(&groups, &string_hash_ops);
sysusers: add another column to sysusers files for the home directory
2014-08-19 16:34:06 +02:00
if (r < 0)
return log_oom();
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
i = new0(Item, 1);
if (!i)
return log_oom();
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (resolved_id) {
if (path_is_absolute(resolved_id)) {
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
i->gid_path = TAKE_PTR(resolved_id);
path-util: introduce path_simplify() The function is similar to path_kill_slashes() but also removes initial './', trailing '/.', and '/./' in the path. When the second argument of path_simplify() is false, then it behaves as the same as path_kill_slashes(). Hence, this also replaces path_kill_slashes() with path_simplify().
2018-05-31 16:39:31 +02:00
path_simplify(i->gid_path, false);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
} else {
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
r = parse_gid(resolved_id, &i->gid);
sysusers: allow uid:gid in sysusers.conf files This PR allows to write sysuser.conf lines like: ``` u games 5:60 - ``` This will create an a "games" user with uid 5 and games group with gid 60. This is arguable ugly, however it is required to represent certain configurations like the default passwd file on Debian and Ubuntu. When the ":" syntax is used and there is a group with the given gid already then no new group is created. This allows writing the following: ``` g unrelated 60 u games 5:60 - ``` which will create a "games" user with the uid 5 and the primary gid 60. No group games is created here (might be useful for [1]). [1] https://pagure.io/packaging-committee/issue/442
2018-01-23 19:53:08 +01:00
if (r < 0)
return log_error_errno(r, "Failed to parse GID: '%s': %m", id);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
i->gid_set = true;
}
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
h = groups;
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
break;
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
sysusers: fix uninitialized warning
2014-07-06 13:33:38 +02:00
default:
return -EBADMSG;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
i->type = action[0];
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
i->name = TAKE_PTR(resolved_name);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
existing = ordered_hashmap_get(h, i->name);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (existing) {
/* Two identical items are fine */
if (!item_equal(existing, i))
log_warning("Two or more conflicting lines for %s configured, ignoring.", i->name);
return 0;
}
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
r = ordered_hashmap_put(h, i->name, i);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
if (r < 0)
return log_oom();
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
i = NULL;
return 0;
}
static int read_config_file(const char *fn, bool ignore_enoent) {
sysusers: optionally, read sysuers configuration from standard input
2014-08-19 02:14:32 +02:00
_cleanup_fclose_ FILE *rf = NULL;
FILE *f = NULL;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
unsigned v = 0;
sysusers: initialize r Needed for the stdin case where it could otherwise end up being used uninitialized.
2014-08-19 23:27:44 +02:00
int r = 0;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
assert(fn);
sysusers: optionally, read sysuers configuration from standard input
2014-08-19 02:14:32 +02:00
if (streq(fn, "-"))
f = stdin;
else {
Eliminate config_dirs vars which hold a static strv
2018-04-27 18:20:17 +02:00
r = search_and_fopen(fn, "re", arg_root, (const char**) CONF_PATHS_STRV("sysusers.d"), &rf);
sysusers: optionally, read sysuers configuration from standard input
2014-08-19 02:14:32 +02:00
if (r < 0) {
if (ignore_enoent && r == -ENOENT)
return 0;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
treewide: a few more log_*_errno + return simplifications The one in tmpfiles.c:create_item() even looks like it fixes a bug.
2014-11-28 19:13:53 +01:00
return log_error_errno(r, "Failed to open '%s', ignoring: %m", fn);
sysusers: optionally, read sysuers configuration from standard input
2014-08-19 02:14:32 +02:00
}
f = rf;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
sysusers: FOREACH_LINE excorcism
2018-10-18 16:18:52 +02:00
for (;;) {
_cleanup_free_ char *line = NULL;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
char *l;
int k;
sysusers: FOREACH_LINE excorcism
2018-10-18 16:18:52 +02:00
k = read_line(f, LONG_LINE_MAX, &line);
if (k < 0)
return log_error_errno(k, "Failed to read '%s': %m", fn);
if (k == 0)
break;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
v++;
l = strstrip(line);
tree-wide: use IN_SET macro (#6977)
2017-10-04 16:01:32 +02:00
if (IN_SET(*l, 0, '#'))
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
continue;
k = parse_line(fn, v, l);
if (k < 0 && r == 0)
r = k;
}
if (ferror(f)) {
treewide: use log_*_errno whenever %m is in the format string If the format string contains %m, clearly errno must have a meaningful value, so we might as well use log_*_errno to have ERRNO= logged. Using: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/' Plus some whitespace, linewrap, and indent adjustments.
2014-11-28 19:29:59 +01:00
log_error_errno(errno, "Failed to read from file %s: %m", fn);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (r == 0)
r = -EIO;
}
return r;
}
static void free_database(Hashmap *by_name, Hashmap *by_id) {
char *name;
for (;;) {
name = hashmap_first(by_id);
if (!name)
break;
hashmap_remove(by_name, name);
hashmap_steal_first_key(by_id);
free(name);
}
while ((name = hashmap_steal_first_key(by_name)))
free(name);
hashmap_free(by_name);
hashmap_free(by_id);
}
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
static int cat_config(void) {
_cleanup_strv_free_ char **files = NULL;
int r;
Eliminate config_dirs vars which hold a static strv
2018-04-27 18:20:17 +02:00
r = conf_files_list_with_replacement(arg_root, CONF_PATHS_STRV("sysusers.d"), arg_replace, &files, NULL);
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
if (r < 0)
return r;
basic/pager: convert the pager options to a flags argument Pretty much everything uses just the first argument, and this doesn't make this common pattern more complicated, but makes it simpler to pass multiple options.
2018-11-11 12:56:29 +01:00
(void) pager_open(arg_pager_flags);
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands The output of these commands is really long, and already enriched with color. Let's add auto-paging to make this easier to digest.
2018-06-12 15:37:53 +02:00
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
return cat_files(NULL, files, 0);
}
tree-wide: add clickable man page link to all --help texts This is a bit like the info link in most of GNU's --help texts, but we don't do info but man pages, and we make them properly clickable on terminal supporting that, because awesome. I think it's generally advisable to link up our (brief) --help texts and our (more comprehensive) man pages a bit, so this should be an easy and straight-forward way to do it.
2018-08-09 10:32:31 +02:00
static int help(void) {
_cleanup_free_ char *link = NULL;
int r;
r = terminal_urlify_man("systemd-sysusers.service", "8", &link);
if (r < 0)
return log_oom();
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
"Creates system user accounts.\n\n"
" -h --help Show this help\n"
" --version Show package version\n"
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
" --cat-config Show configuration files\n"
Unify parse_argv style getopt is usually good at printing out a nice error message when commandline options are invalid. It distinguishes between an unknown option and a known option with a missing arg. It is better to let it do its job and not use opterr=0 unless we actually want to suppress messages. So remove opterr=0 in the few places where it wasn't really useful. When an error in options is encountered, we should not print a lengthy help() and overwhelm the user, when we know precisely what is wrong with the commandline. In addition, since help() prints to stdout, it should not be used except when requested with -h or --help. Also, simplify things here and there.
2014-08-02 17:12:21 +02:00
" --root=PATH Operate on an alternate filesystem root\n"
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
" --replace=PATH Treat arguments as replacement for PATH\n"
sysusers: take configuration as positional arguments If the configuration is included in a script, this is more convient. I thought it would be possible to use this for rpm scriptlets with '%pre -p systemd-sysuser "..."', but apparently there is no way to pass arguments to the executable ($1 is used for the package installation count). But this functionality seems generally useful, e.g. for testing and one-off scripts, so let's keep it. There's a slight change in behaviour when files are given on the command line: if we cannot parse them, error out instead of ignoring the failure. When trying to parse all configuration files, we don't want to fail even if some config files are broken, but when parsing a list of items specified explicitly, we should. v2: - rename --direct to --inline
2018-01-29 14:47:01 +01:00
" --inline Treat arguments as configuration lines\n"
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands The output of these commands is really long, and already enriched with color. Let's add auto-paging to make this easier to digest.
2018-06-12 15:37:53 +02:00
" --no-pager Do not pipe output into a pager\n"
tree-wide: add clickable man page link to all --help texts This is a bit like the info link in most of GNU's --help texts, but we don't do info but man pages, and we make them properly clickable on terminal supporting that, because awesome. I think it's generally advisable to link up our (brief) --help texts and our (more comprehensive) man pages a bit, so this should be an easy and straight-forward way to do it.
2018-08-09 10:32:31 +02:00
"\nSee the %s for details.\n"
, program_invocation_short_name
, link
);
return 0;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
}
static int parse_argv(int argc, char *argv[]) {
enum {
ARG_VERSION = 0x100,
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
ARG_CAT_CONFIG,
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
ARG_ROOT,
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
ARG_REPLACE,
sysusers: take configuration as positional arguments If the configuration is included in a script, this is more convient. I thought it would be possible to use this for rpm scriptlets with '%pre -p systemd-sysuser "..."', but apparently there is no way to pass arguments to the executable ($1 is used for the package installation count). But this functionality seems generally useful, e.g. for testing and one-off scripts, so let's keep it. There's a slight change in behaviour when files are given on the command line: if we cannot parse them, error out instead of ignoring the failure. When trying to parse all configuration files, we don't want to fail even if some config files are broken, but when parsing a list of items specified explicitly, we should. v2: - rename --direct to --inline
2018-01-29 14:47:01 +01:00
ARG_INLINE,
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands The output of these commands is really long, and already enriched with color. Let's add auto-paging to make this easier to digest.
2018-06-12 15:37:53 +02:00
ARG_NO_PAGER,
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
};
static const struct option options[] = {
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
{ "help", no_argument, NULL, 'h' },
{ "version", no_argument, NULL, ARG_VERSION },
{ "cat-config", no_argument, NULL, ARG_CAT_CONFIG },
{ "root", required_argument, NULL, ARG_ROOT },
{ "replace", required_argument, NULL, ARG_REPLACE },
{ "inline", no_argument, NULL, ARG_INLINE },
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands The output of these commands is really long, and already enriched with color. Let's add auto-paging to make this easier to digest.
2018-06-12 15:37:53 +02:00
{ "no-pager", no_argument, NULL, ARG_NO_PAGER },
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
{}
};
util-lib: get_current_dir_name() can return errors other than ENOMEM get_current_dir_name() can return a variety of errors, not just ENOMEM, hence don't blindly turn its errors to ENOMEM, but return correct errors in path_make_absolute_cwd(). This trickles down into a couple of other functions, some of which receive unrelated minor fixes too with this commit.
2015-10-22 19:28:31 +02:00
int c, r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
assert(argc >= 0);
assert(argv);
Unify parse_argv style getopt is usually good at printing out a nice error message when commandline options are invalid. It distinguishes between an unknown option and a known option with a missing arg. It is better to let it do its job and not use opterr=0 unless we actually want to suppress messages. So remove opterr=0 in the few places where it wasn't really useful. When an error in options is encountered, we should not print a lengthy help() and overwhelm the user, when we know precisely what is wrong with the commandline. In addition, since help() prints to stdout, it should not be used except when requested with -h or --help. Also, simplify things here and there.
2014-08-02 17:12:21 +02:00
while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
switch (c) {
case 'h':
tree-wide: add clickable man page link to all --help texts This is a bit like the info link in most of GNU's --help texts, but we don't do info but man pages, and we make them properly clickable on terminal supporting that, because awesome. I think it's generally advisable to link up our (brief) --help texts and our (more comprehensive) man pages a bit, so this should be an easy and straight-forward way to do it.
2018-08-09 10:32:31 +02:00
return help();
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
case ARG_VERSION:
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
return version();
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
case ARG_CAT_CONFIG:
arg_cat_config = true;
break;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
case ARG_ROOT:
path-util: unify how we process paths specified on the command line Let's introduce a common function that makes relative paths absolute and warns about any errors while doing so.
2015-10-22 19:54:29 +02:00
r = parse_path_argument_and_warn(optarg, true, &arg_root);
util-lib: get_current_dir_name() can return errors other than ENOMEM get_current_dir_name() can return a variety of errors, not just ENOMEM, hence don't blindly turn its errors to ENOMEM, but return correct errors in path_make_absolute_cwd(). This trickles down into a couple of other functions, some of which receive unrelated minor fixes too with this commit.
2015-10-22 19:28:31 +02:00
if (r < 0)
path-util: unify how we process paths specified on the command line Let's introduce a common function that makes relative paths absolute and warns about any errors while doing so.
2015-10-22 19:54:29 +02:00
return r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
break;
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
case ARG_REPLACE:
if (!path_is_absolute(optarg) ||
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
!endswith(optarg, ".conf"))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"The argument to --replace= must an absolute path to a config file");
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
arg_replace = optarg;
break;
sysusers: take configuration as positional arguments If the configuration is included in a script, this is more convient. I thought it would be possible to use this for rpm scriptlets with '%pre -p systemd-sysuser "..."', but apparently there is no way to pass arguments to the executable ($1 is used for the package installation count). But this functionality seems generally useful, e.g. for testing and one-off scripts, so let's keep it. There's a slight change in behaviour when files are given on the command line: if we cannot parse them, error out instead of ignoring the failure. When trying to parse all configuration files, we don't want to fail even if some config files are broken, but when parsing a list of items specified explicitly, we should. v2: - rename --direct to --inline
2018-01-29 14:47:01 +01:00
case ARG_INLINE:
arg_inline = true;
break;
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands The output of these commands is really long, and already enriched with color. Let's add auto-paging to make this easier to digest.
2018-06-12 15:37:53 +02:00
case ARG_NO_PAGER:
basic/pager: convert the pager options to a flags argument Pretty much everything uses just the first argument, and this doesn't make this common pattern more complicated, but makes it simpler to pass multiple options.
2018-11-11 12:56:29 +01:00
arg_pager_flags |= PAGER_DISABLE;
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands The output of these commands is really long, and already enriched with color. Let's add auto-paging to make this easier to digest.
2018-06-12 15:37:53 +02:00
break;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
case '?':
return -EINVAL;
default:
assert_not_reached("Unhandled option");
}
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
if (arg_replace && arg_cat_config)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Option --replace= is not supported with --cat-config");
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
if (arg_replace && optind >= argc)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"When --replace= is given, some configuration items must be specified");
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
return 1;
}
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
static int parse_arguments(char **args) {
char **arg;
unsigned pos = 1;
int r;
STRV_FOREACH(arg, args) {
if (arg_inline)
/* Use (argument):n, where n==1 for the first positional arg */
r = parse_line("(argument)", pos, *arg);
else
r = read_config_file(*arg, false);
if (r < 0)
return r;
pos++;
}
return 0;
}
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
static int read_config_files(char **args) {
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
_cleanup_strv_free_ char **files = NULL;
_cleanup_free_ char *p = NULL;
char **f;
int r;
Eliminate config_dirs vars which hold a static strv
2018-04-27 18:20:17 +02:00
r = conf_files_list_with_replacement(arg_root, CONF_PATHS_STRV("sysusers.d"), arg_replace, &files, &p);
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
if (r < 0)
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
return r;
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
STRV_FOREACH(f, files)
if (p && path_equal(*f, p)) {
log_debug("Parsing arguments at position \"%s\"", *f);
r = parse_arguments(args);
if (r < 0)
return r;
} else {
log_debug("Reading config file \"%s\"", *f);
/* Just warn, ignore result otherwise */
(void) read_config_file(*f, true);
}
return 0;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
int main(int argc, char *argv[]) {
_cleanup_close_ int lock = -1;
Iterator iterator;
sysusers: use ordered_hashmap_steal_first_key_and_value()
2018-11-22 21:04:32 +01:00
char *n, **v;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
Item *i;
sysusers: use ordered_hashmap_steal_first_key_and_value()
2018-11-22 21:04:32 +01:00
int r;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
r = parse_argv(argc, argv);
if (r <= 0)
goto finish;
log: introduce new helper call log_setup_service() Let's reduce the common boilerplate and have a single setup function used by all service code to setup logging.
2018-11-20 11:18:22 +01:00
log_setup_service();
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
if (arg_cat_config) {
r = cat_config();
goto finish;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
umask(0022);
selinux: always try to load the full selinux db https://github.com/systemd/systemd/pull/2508#issuecomment-190901170 Maybe fixes https://bugzilla.redhat.com/show_bug.cgi?id=1308771.
2016-03-02 02:35:55 +01:00
r = mac_selinux_init();
sysusers: fix selinux context of backup files Also, fix fopen_temporary_label to set proper context. By chance, all users so far used the same context, so the error didn't matter. Also, check return value from label_init(). https://bugzilla.redhat.com/show_bug.cgi?id=1121806
2014-07-22 02:41:19 +02:00
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_error_errno(r, "SELinux setup failed: %m");
sysusers: fix selinux context of backup files Also, fix fopen_temporary_label to set proper context. By chance, all users so far used the same context, so the error didn't matter. Also, check return value from label_init(). https://bugzilla.redhat.com/show_bug.cgi?id=1121806
2014-07-22 02:41:19 +02:00
goto finish;
}
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
/* If command line arguments are specified along with --replace, read all
* configuration files and insert the positional arguments at the specified
* place. Otherwise, if command line arguments are specified, execute just
* them, and finally, without --replace= or any positional arguments, just
* read configuration and execute it.
*/
if (arg_replace || optind >= argc)
sysusers: add --cat-config
2018-04-26 20:38:39 +02:00
r = read_config_files(argv + optind);
sysusers: allow admin/runtime overrides to command-line config When used in a package installation script, we want to invoke systemd-sysusers before that package is installed (so it can contain files owned by the newly created user), so the configuration to use is specified on the command line. This should be a copy of the configuration that will be installed as /usr/lib/sysusers.d/package.conf. We still want to obey any overrides in /etc/sysusers.d or /run/sysusers.d in the usual fashion. Otherwise, we'd get a different result when systemd-sysusers is run with a copy of the new config on the command line and when systemd-sysusers is run at boot after package instalation. In the second case any files in /etc or /run have higher priority, so the same should happen when the configuration is given on the command line. More generally, we want the behaviour in this special case to be as close to the case where the file is finally on disk as possible, so we have to read all configuration files, since they all might contain overrides and additional configuration that matters. Even files that have lower priority might specify additional groups for the user we are creating. Thus, we need to read all configuration, but insert our new configuration somewhere with the right priority. If --target=/path/to/file.conf is given on the command line, we gather the list of files, and pretend that the command-line config is read from /path/to/file.conf (doesn't matter if the file on disk actually exists or not). All package scripts should use this option to obtain consistent and idempotent behaviour. The corner case when --target= is specified and there are no positional arguments is disallowed. v1: - version with --config-name= v2: - disallow --config-name= and no positional args v3: - remove --config-name= v4: - add --target= and rework the code completely v5: - fix argcounting bug and add example in man page v6: - rename --target to --replace
2018-01-31 15:37:02 +01:00
else
r = parse_arguments(argv + optind);
if (r < 0)
goto finish;
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
nss-systemd,sysusers: make sure sysusers doesn't get confused by nss-systemd (#6812) In nss-systemd we synthesize user entries for "nobody" and "root", as fallback if we boot up with an entirely empty /etc. This is supposed to be a fallback only though, and it's intended that both users exists regularly in /etc/passwd + /etc/group. Before this patch systemd-sysusers would never create the entries however as it notices the synthetic entries. Let's add a way how systemd-sysusers can tell nss-systemd not to synthesize the entries for itself. Fixes: #6808
2017-09-14 06:20:39 +02:00
/* Let's tell nss-systemd not to synthesize the "root" and "nobody" entries for it, so that our detection
* whether the names or UID/GID area already used otherwise doesn't get confused. After all, even though
* nss-systemd synthesizes these users/groups, they should still appear in /etc/passwd and /etc/group, as the
* synthesizing logic is merely supposed to be fallback for cases where we run with a completely unpopulated
* /etc. */
if (setenv("SYSTEMD_NSS_BYPASS_SYNTHETIC", "1", 1) < 0) {
r = log_error_errno(errno, "Failed to set SYSTEMD_NSS_BYPASS_SYNTHETIC environment variable: %m");
goto finish;
}
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
if (!uid_range) {
sysusers: allow force reusing existing user/group IDs (#8037) On Debian/Ubuntu systems the default passwd/group files use a slightly strange mapping. E.g. in passwd: ``` man:x:6:12::/var/cache/man:/sbin/nologin ``` and in group: ``` disk:x:6: man:x:12: ``` This is not supported in systemd-sysusers right now because sysusers will not re-use an existing uid/gid in its normal mode of operation. Unfortunately this reuse is needed to replicate the default Debian/Ubuntu users/groups. This commit enforces reuse when the "uid:gid" syntax is used to fix this. I also added a test that replicates the Debian base-passwd passwd/group file to ensure things are ok.
2018-02-01 05:47:50 +01:00
/* Default to default range of 1..SYSTEM_UID_MAX */
tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19 19:05:11 +02:00
r = uid_range_add(&uid_range, &n_uid_range, 1, SYSTEM_UID_MAX);
if (r < 0) {
log_oom();
goto finish;
}
}
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
r = add_implicit();
if (r < 0)
goto finish;
util-lib: move take_password_lock() to user-util.[ch] Also, rename it take_etc_passwd_lock(), in order to make it more expressive.
2015-10-26 19:08:09 +01:00
lock = take_etc_passwd_lock(arg_root);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
if (lock < 0) {
sysusers: emit a bit more info at debug level when locking fails This is the first error message when running unprivileged, and the message is unspecific, so let's at least add some logging at debug level to make this less confusing.
2018-01-29 14:23:31 +01:00
log_error_errno(lock, "Failed to take /etc/passwd lock: %m");
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
goto finish;
}
r = load_user_database();
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_error_errno(r, "Failed to load user database: %m");
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
goto finish;
}
r = load_group_database();
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_error_errno(r, "Failed to read group database: %m");
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
goto finish;
}
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
ORDERED_HASHMAP_FOREACH(i, groups, iterator)
sysusers: clarify that we knowingly ignore process_items() return values
2018-04-18 17:59:22 +02:00
(void) process_item(i);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
ORDERED_HASHMAP_FOREACH(i, users, iterator)
sysusers: clarify that we knowingly ignore process_items() return values
2018-04-18 17:59:22 +02:00
(void) process_item(i);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
r = write_files();
if (r < 0)
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_error_errno(r, "Failed to write files: %m");
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
finish:
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands The output of these commands is really long, and already enriched with color. Let's add auto-paging to make this easier to digest.
2018-06-12 15:37:53 +02:00
pager_close();
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
ordered_hashmap_free_with_destructor(groups, item_free);
ordered_hashmap_free_with_destructor(users, item_free);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
sysusers: use ordered_hashmap_steal_first_key_and_value()
2018-11-22 21:04:32 +01:00
while ((v = ordered_hashmap_steal_first_key_and_value(members, (void **) &n))) {
strv_free(v);
sysusers: add new line type "m" to add users as members to groups
2014-07-03 19:54:46 +02:00
free(n);
}
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
ordered_hashmap_free(members);
Add set/hashmap helpers for non-trivial freeing and use where straighforward A macro is needed because otherwise we couldn't ensure type safety. Some simple tests are included. No functional change intended.
2017-11-28 12:35:49 +01:00
sysuser: use OrderedHashmap This means we have more predicable behavior for "u foo uid:gid" lines and also makes the generated files appear in the same order as the inputs. So e.g. ``` u root 0 - /root u daemon 1 - /usr/sbin u games 5:60 - /usr/games ``` will generate ``` root:x:0:0::/root:/bin/sh daemon:x:1:1::/usr/sbin:/sbin/nologin games:x:5:60::/usr/games:/sbin/nologin ```
2018-01-24 09:26:51 +01:00
ordered_hashmap_free(todo_uids);
ordered_hashmap_free(todo_gids);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
free_database(database_user, database_uid);
free_database(database_group, database_gid);
sysusers: fix minor memory leak
2018-04-18 17:59:35 +02:00
free(uid_range);
sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-12 22:54:02 +02:00
free(arg_root);
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}
Reference in a new issue Copy permalink