|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
From e65cf4e9d68dd4526524b33709bd16afb95f374a Mon Sep 17 00:00:00 2001
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
Date: Thu, 10 Jul 2014 08:50:32 -0400
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
Subject: [PATCH] sysusers: allow overrides in /etc and /run
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
An administrator might want to block a certain sysusers config file from
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
being executed, e.g. to block the creation of a certain user.
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
Only a relatively short description is added in the man page, since
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
overrides should be relatively rare.
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
(cherry picked from commit 938a560b7608e8906134ed7d717c3f5aa459a760)
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
---
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
man/sysusers.d.xml | 63 ++++++++++++++++++++++++++++++++++---------------
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
src/sysusers/sysusers.c | 2 ++
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
2 files changed, 46 insertions(+), 19 deletions(-)
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
diff --git a/man/sysusers.d.xml b/man/sysusers.d.xml
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
index 40f8715bc0..00eb7ec942 100644
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
--- a/man/sysusers.d.xml
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+++ b/man/sysusers.d.xml
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
@@ -53,32 +53,28 @@
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
<title>Description</title>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
<para><command>systemd-sysusers</command> uses the
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
- files from <filename>/usr/lib/sysusers.d/</filename>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ files from <filename>sysusers.d</filename> directory
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
to create system users and groups at package
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
- installation or boot time. This tool may be used for
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
- allocating system users and groups only, it is not
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ installation or boot time. This tool may be used to
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ allocate system users and groups only, it is not
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
useful for creating non-system users and groups, as it
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
- accessed <filename>/etc/passwd</filename> and
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ accesses <filename>/etc/passwd</filename> and
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
<filename>/etc/group</filename> directly, bypassing
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
- any more complex user database, for example any
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ any more complex user databases, for example any
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
database involving NIS or LDAP.</para>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
-
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
</refsect1>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
<refsect1>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
- <title>File Format</title>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
-
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
- <para>Each file shall be named in the style of
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
- <filename><replaceable>package</replaceable>.conf</filename>.</para>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ <title>Configuration Format</title>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
- <para>All files are sorted by their filename in
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
- lexicographic order, regardless of which of the
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
- directories they reside in. If multiple files specify
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
- the same user or group, the entry in the file with the
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
- lexicographically earliest name will be applied, all
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
- all other conflicting entries will be logged as
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
- errors. Users and groups are
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
- processed in the order they are listed.</para>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ <para>Each configuration file shall be named in the
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ style of
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ <filename><replaceable>package</replaceable>.conf</filename>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ or
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ <filename><replaceable>package</replaceable>-<replaceable>part</replaceable>.conf</filename>.
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ The second variant should be used when it is desirable
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ to make it easy to override just this part of
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ configuration.</para>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
<para>The file format is one line per user or group
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
containing name, ID and GECOS field description:</para>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
@@ -193,10 +189,39 @@ m authd input</programlisting>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
</refsect1>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
<refsect1>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ <title>Overriding vendor configuration</title>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ <para>Note that <command>systemd-sysusers</command>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ will do nothing if the specified users or groups
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ already exist, so normally there no reason to override
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ <filename>sysusers.d</filename> vendor configuration,
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ except to block certain users or groups from being
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ created.</para>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ <para>Files in <filename>/etc/sysusers.d</filename>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ override files with the same name in
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ <filename>/usr/lib/sysusers.d</filename> and
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ <filename>/run/sysusers.d</filename>. Files in
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ <filename>/run/sysusers.d</filename> override files
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ with the same name in
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ <filename>/usr/lib/sysusers.d</filename>. The scheme is the same as for
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ except for the directory name.</para>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ <para>If the administrator wants to disable a
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ configuration file supplied by the vendor, the
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ recommended way is to place a symlink to
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ <filename>/dev/null</filename> in
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ <filename>/etc/sysusers.d/</filename> bearing the
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ same filename.</para>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ </refsect1>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ <refsect1>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
<title>See Also</title>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
<para>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
- <citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ <citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
</para>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
</refsect1>
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
index 16ea0c9c57..61c9bb5efb 100644
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
--- a/src/sysusers/sysusers.c
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+++ b/src/sysusers/sysusers.c
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
@@ -62,6 +62,8 @@ typedef struct Item {
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
static char *arg_root = NULL;
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
static const char conf_file_dirs[] =
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ "/etc/sysusers.d\0"
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
+ "/run/sysusers.d\0"
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
"/usr/local/lib/sysusers.d\0"
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
"/usr/lib/sysusers.d\0"
|
|
Zbigniew Jędrzejewski-Szmek |
43ff24 |
#ifdef HAVE_SPLIT_USR
|