shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-28 02:50:16 +03:00
Code

sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files

Browse Source 
systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group
from static definition files that take a lot of inspiration from
tmpfiles snippets. These snippets should carry information about system
users only. To make sure it is not misused for normal users these
snippets only allow configuring UID and gecos field for each user, but
do not allow configuration of the home directory or shell, which is
necessary for real login users.

The purpose of this tool is to enable state-less systems that can
populate /etc with the minimal files necessary, solely from static data
in /usr. systemd-sysuser is additive only, and will never override
existing users.

This tool will create these files directly, and not via some user
database abtsraction layer. This is appropriate as this tool is supposed
to run really early at boot, and is only useful for creating system
users, and system users cannot be stored in remote databases anyway.

The tool is also useful to be invoked from RPM scriptlets, instead of
useradd. This allows moving from imperative user descriptions in RPM to
declarative descriptions.

The UID/GID for a user/group to be created can either be chosen dynamic,
or fixed, or be read from the owner of a file in the file system, in
order to support reconstructing the correct IDs for files that shall be
owned by them.

This also adds a minimal user definition file, that should be
sufficient for most basic systems. Distributions are expected to patch
these files and augment the contents, for example with fixed UIDs for
the users where that's necessary.
This commit is contained in:
Lennart Poettering 2014-06-12 22:54:02 +02:00
parent 0138a2dcc5
commit 1b99214789
11 changed files with 1476 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -101,6 +101,7 @@
/systemd-socket-proxyd
/systemd-sysctl
/systemd-system-update-generator
/systemd-sysusers
/systemd-sysv-generator
/systemd-timedated
/systemd-timesyncd

24
Makefile.am
View File

@ -88,6 +88,7 @@ pkgsysconfdir=$(sysconfdir)/systemd
userunitdir=$(prefix)/lib/systemd/user
userpresetdir=$(prefix)/lib/systemd/user-preset
tmpfilesdir=$(prefix)/lib/tmpfiles.d
sysusersdir=$(prefix)/lib/sysusers.d
sysctldir=$(prefix)/lib/sysctl.d
networkdir=$(rootprefix)/lib/systemd/network
pkgincludedir=$(includedir)/systemd
@ -1756,6 +1757,28 @@ EXTRA_DIST += \
units/systemd-tmpfiles-setup.service.in \
units/systemd-tmpfiles-clean.service.in
# ------------------------------------------------------------------------------
if ENABLE_SYSUSERS
systemd_sysusers_SOURCES = \
src/sysusers/sysusers.c
systemd_sysusers_LDADD = \
libsystemd-units.la \
libsystemd-label.la \
libsystemd-capability.la \
libsystemd-internal.la \
libsystemd-shared.la
rootbin_PROGRAMS += \
systemd-sysusers
dist_sysusers_DATA = \
sysusers.d/systemd.conf
INSTALL_DIRS += \
$(sysusersdir)
endif
# ------------------------------------------------------------------------------
systemd_machine_id_setup_SOURCES = \
src/machine-id-setup/machine-id-setup-main.c \
@ -4879,6 +4902,7 @@ substitutions = \
'|udevrulesdir=$(udevrulesdir)|' \
'|catalogdir=$(catalogdir)|' \
'|tmpfilesdir=$(tmpfilesdir)|' \
'|sysusersdir=$(sysusersdir)|' \
'|sysctldir=$(sysctldir)|' \
'|systemgeneratordir=$(systemgeneratordir)|' \
'|usergeneratordir=$(usergeneratordir)|' \

9
configure.ac
View File

@ -722,6 +722,14 @@ if test "x$enable_tmpfiles" != "xno"; then
fi
AM_CONDITIONAL(ENABLE_TMPFILES, [test "$have_tmpfiles" = "yes"])
# ------------------------------------------------------------------------------
have_sysusers=no
AC_ARG_ENABLE(sysusers, AS_HELP_STRING([--disable-sysusers], [disable sysusers support]))
if test "x$enable_sysusers" != "xno"; then
have_sysusers=yes
fi
AM_CONDITIONAL(ENABLE_SYSUSERS, [test "$have_sysusers" = "yes"])
# ------------------------------------------------------------------------------
have_randomseed=no
AC_ARG_ENABLE(randomseed, AS_HELP_STRING([--disable-randomseed], [disable randomseed tools]))
@ -1166,6 +1174,7 @@ AC_MSG_RESULT([
bootchart: ${have_bootchart}
quotacheck: ${have_quotacheck}
tmpfiles: ${have_tmpfiles}
sysusers: ${have_sysusers}
randomseed: ${have_randomseed}
backlight: ${have_backlight}
rfkill: ${have_rfkill}

6
src/shared/copy.c
View File

@ -22,7 +22,7 @@
#include "util.h"
#include "copy.h"
static int stream_bytes(int fdf, int fdt) {
int copy_bytes(int fdf, int fdt) {
assert(fdf >= 0);
assert(fdt >= 0);
@ -92,7 +92,7 @@ static int fd_copy_regular(int df, const char *from, const struct stat *st, int
return -errno;
}
r = stream_bytes(fdf, fdt);
r = copy_bytes(fdf, fdt);
if (r < 0) {
unlinkat(dt, to, 0);
return r;
@ -273,7 +273,7 @@ int copy_file(const char *from, const char *to, int flags, mode_t mode) {
if (fdt < 0)
return -errno;
r = stream_bytes(fdf, fdt);
r = copy_bytes(fdf, fdt);
if (r < 0) {
unlink(to);
return r;

1
src/shared/copy.h
View File

@ -23,3 +23,4 @@
int copy_file(const char *from, const char *to, int flags, mode_t mode);
int copy_tree(const char *from, const char *to);
int copy_bytes(int fdf, int fdt);

21
src/shared/util.c
View File

@ -4007,24 +4007,16 @@ int fd_wait_for_event(int fd, int event, usec_t t) {
int fopen_temporary(const char *path, FILE **_f, char **_temp_path) {
FILE *f;
char *t;
const char *fn;
size_t k;
int fd;
assert(path);
assert(_f);
assert(_temp_path);
t = new(char, strlen(path) + 1 + 6 + 1);
t = strappend(path, ".XXXXXX");
if (!t)
return -ENOMEM;
fn = basename(path);
k = fn - path;
memcpy(t, path, k);
t[k] = '.';
stpcpy(stpcpy(t+k+1, fn), "XXXXXX");
fd = mkostemp_safe(t, O_WRONLY|O_CLOEXEC);
if (fd < 0) {
free(t);
@ -6665,3 +6657,14 @@ int bind_remount_recursive(const char *prefix, bool ro) {
}
}
}
int fflush_and_check(FILE *f) {
errno = 0;
fflush(f);
if (ferror(f))
return errno ? -errno : -EIO;
return 0;
}

2
src/shared/util.h
View File

@ -946,3 +946,5 @@ int update_reboot_param_file(const char *param);
int umount_recursive(const char *target, int flags);
int bind_remount_recursive(const char *prefix, bool ro);
int fflush_and_check(FILE *f);

1
src/sysusers/Makefile Symbolic link
View File

@ -0,0 +1 @@
../Makefile

1378
src/sysusers/sysusers.c Normal file
View File

File diff suppressed because it is too large Load Diff

1
sysusers.d/Makefile Symbolic link
View File

@ -0,0 +1 @@
../src/Makefile

44
sysusers.d/systemd.conf Normal file
View File

@ -0,0 +1,44 @@
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# The superuser
u root 0 "Super User"
# The nobody use for NFS file systems
u nobody 65534 "Nobody"
# Administrator group: can *see* more than normal users
g adm - -
# Administrator group: can *do* more than normal users
g wheel - -
# Access to certain kernel and userspace facilities
g kmem - -
g lock - -
g tty 5 -
g utmp - -
# Hardware access groups
g audio - -
g cdrom - -
g dialout - -
g disk - -
g lp - -
g tape - -
g video - -
# Default group for normal users
g users - -
# Users and groups for specific systemd subsystems
g systemd-journal - -
u systemd-journal-gateway - "systemd Journal Gateway"
u systemd-bus-proxy - "systemd Bus Proxy"
u systemd-network - "systemd Network Management"
u systemd-resolve - "systemd Resolver"
u systemd-timesync - "systemd Time Synchronization"