1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 06:25:37 +03:00
Commit Graph

13 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
94b84a0703 Use descriptive name for nobody
This matches the changes pushed to Fedora [1,2].

[1] https://fedoraproject.org/wiki/Changes/RenameNobodyUser
[2] https://pagure.io/setup/c/f6fdb5ffc87fc8f1acc211867fef4e3f0856edfc
2022-05-27 22:09:24 +01:00
Rasmus Villemoes
4ced52595f sysusers: avoid creating spurious "nobody" group
On distros using Debian's base-passwd, the name of the group with gid 65534 is
nogroup. Currently, systemd-sysusers creates a spurious "nobody" group

  systemd-sysusers[243]: Creating group nobody with gid 996

That's both confusing and redundant, as the nobody user still has primary group
65534 aka nogroup, and the nobody group simply goes completely unused.

So explicitly specify the primary group of the nobody user, and add a line
ensuring that that group exists.

This is not a problem for Debian (or Ubuntu) itself, as they add their own
version of basic.conf in their systemd build logic. But it appears on for
example Yocto/OpenEmbedded.
2021-11-30 16:16:25 +01:00
Zbigniew Jędrzejewski-Szmek
9a797ddc41 meson: allow "soft-static" allocations for uids and gids in the initrd
The general idea with users and groups created through sysusers is that an
appropriate number is picked when the allocation is made. The number that is
selected will be different on each system based on the order of creation of
users, installed packages, etc. Since system users and groups are not shared
between installations, this generally is not an issue. But it becomes a problem
for initrd: some file systems are shared between the initrd and the host (/run
and /dev are probably the only ones that matter). If the allocations are
different in the host and the initrd, and files survive switch-root, they will
have wrong ownership.

This makes the gids build-time-configurable for all groups and users where
state may survive the switch from initrd to the host.

In particular, all "hardware access" groups are like this: files in /dev will
be owned by them.  Eventually the new udev would change ownership, but there
would be a momemnt where the files were owned by the wrong group. The
allocations are "soft-static" in the language of Fedora packaging guidelines:
the uid/gid will be used if possible, but we'll fall back to a different
one. TTY_GID is the exception, because the number is used directly.

Similarly, the possibility to configure "soft-static" uids is added for daemons
which may usefully run in the initramfs: systemd-network (lease information and
interface state is serialized to /run), systemd-resolve (stub files and
interface state), systemd-timesync (/run/systemd/timesync).

Journal files are owned by the group systemd-journal, and acls are granted
for wheel and adm.

systemd-oom and systemd-coredump are excluded from this patch: I assume that
oomd is not useful in the initrd, and coredump leaves no state (it only creates
a pipe in /run?).

The defaults are not changed: if nothing is configured, dynamic allocation will
be used. I looked at a Debian system, and the numbers are all different than
on Fedora.

For Fedora, see the list of uids and gids at https://pagure.io/setup/blob/master/f/uidgid.
In particular, systemd-network and systemd-resolve got soft-static numbers to
make it easy to transition from a non-host-specific initrd to a host system
already a few years back (https://bugzilla.redhat.com/show_bug.cgi?id=1102002).

I also requested static allocations for sgx, input, render in
https://pagure.io/packaging-committee/issue/1078,
https://pagure.io/setup/pull-request/27.
2021-06-17 09:48:28 +02:00
Zbigniew Jędrzejewski-Szmek
6b1aac3ccf meson: replace some m4 templates with jinja2
m4 was nice in '85, but the syntax feels a bit dated. Since we use python for
meson, let's use a popular python templating engine to replace some m4 usage.

A little nicety is that typos are caught:

FAILED: sysusers.d/systemd-remote.conf
/usr/bin/meson --internal exe --capture sysusers.d/systemd-remote.conf -- /home/zbyszek/src/systemd/tools/meson-render-jinja2.py config.h ../sysusers.d/systemd-remote.conf.j2
Traceback (most recent call last):
  File "/home/zbyszek/src/systemd/tools/meson-render-jinja2.py", line 28, in <module>
    print(render(sys.argv[2], defines))
  File "/home/zbyszek/src/systemd/tools/meson-render-jinja2.py", line 24, in render
    return template.render(defines)
  File "/usr/lib/python3.9/site-packages/jinja2/environment.py", line 1090, in render
    self.environment.handle_exception()
  File "/usr/lib/python3.9/site-packages/jinja2/environment.py", line 832, in handle_exception
    reraise(*rewrite_traceback_stack(source=source))
  File "/usr/lib/python3.9/site-packages/jinja2/_compat.py", line 28, in reraise
    raise value.with_traceback(tb)
  File "<template>", line 8, in top-level template code
jinja2.exceptions.UndefinedError: 'HAVE_MICROHTTP' is undefined

This checking mirrors what 349cc4a507 did for C defines.
2021-05-19 10:24:43 +09:00
Zbigniew Jędrzejewski-Szmek
c9c4899f44 udev: add default group for sgx enclave access
Closes #18669.

This creates a "well known" for sgx_enclave ownership. By doing this here we
avoid the risk that various projects making use of the device will provide
similar-but-slightly-incompatible installation instructions, in particular
using different group names.

ACLs are actually a better approach to grant access to users, but not in all
cases, so we want to provide a standard group anyway.

Mode is 0o660, not 0o666 because this is very new code and distributions are
likely to not want to give full access to all users. This might change in the
future, but being conservative is a good default in the beginning.

Rules for /dev/sgx_provision will be provided by libsg-ae-pce:
https://github.com/intel/linux-sgx/issues/678.
2021-03-10 23:05:48 +01:00
Yu Watanabe
6071202165 sysusers: use NOBODY_USER_NAME 2017-12-07 17:12:13 +09:00
Ikey Doherty
84786b8e32 sysusers: Provide meson argument to set gid for 'users' group (#7533)
To allow better integration with distributions requiring an explicitly
set gid for the `users` group, provide the new `-Dusers-gid` option to
set to a new numeric value.

In the absence of a specified gid, we'll fallback to the default existing
behaviour of `-` as the gid value, to automatically assign the next available
gid on the system.
2017-12-03 13:28:23 +01:00
Lennart Poettering
2422bd21c8 README,sysusers: complete and order list of default udev groups we need
Let's make sure the list of default udev groups we need are ordered in
README and in the sysusers.d snippet, and both are complete.
2017-11-20 12:34:28 +01:00
Tom Stellard
4e15a7343c udev-rules: Permission changes for /dev/dri/renderD*
- Remove the uaccess tag from /dev/dri/renderD*.
- Change the owning group from video to render.
- Change default mode to 0666.
- Add an option to allow users to set the access mode for these devices at
compile time.
2017-11-08 08:21:31 -08:00
Zbigniew Jędrzejewski-Szmek
5a664ca10f rules: add a rule to set /dev/kvm access mode and ownership (#5597)
Kernel default mode is 0600, but distributions change it to group kvm, mode
either 0660 (e.g. Debian) or 0666 (e.g. Fedora). Both approaches have valid
reasons (a stricter mode limits exposure to bugs in the kvm subsystem, a looser
mode makes libvirt and other virtualization mechanisms work out of the box for
unprivileged users over ssh).

In Fedora the qemu package carries the relevant rule, but it's nicer to have it
in systemd, so that the permissions are not dependent on the qemu package being
installed. Use of packaged qemu binaries is not required to make use of
/dev/kvm, e.g. it's possible to use a self-compiled qemu or some alternative.

https://bugzilla.redhat.com/show_bug.cgi?id=1431876

To accomodate both approaches, add a rule to set the mode in 50-udev-default.rules,
but allow the mode to be overridden with a --with-dev-kvm-mode configure rule.
The default is 0660, as the (slightly) more secure option.
2017-03-27 12:34:24 +02:00
Martin Pitt
61f32bff61 tmpfiles: drop /run/lock/lockdev
Hardly any software uses that any more, and better locking mechanisms like
flock() have been available for many years.

Also drop the corresponding "lock" group from sysusers.d/basic.conf.in, as
nothing else is using this.
2016-02-01 12:16:24 +01:00
Lennart Poettering
20fcf3aba5 sysusers: set home directory for root to /root 2014-08-19 16:47:52 +02:00
Lennart Poettering
94655a1670 sysusers: split up default sysusers snippet
This ways, distributions have an easier way to replace the OS specific
generic groups/users while keeping systemd's own.
2014-06-29 22:27:07 +02:00