[arch-dev-public] systemd 216 coming soon to testing
Daniel Micay
danielmicay at gmail.com
Sun Aug 24 17:24:21 EDT 2014
On 24/08/14 04:54 PM, Sébastien Luttringer wrote:
> On 20/08/2014 20:25, Dave Reisner wrote:
>> For packagers:
>> - systemd-sysusers is now a reasonable thing as it now reads and writes
>> to /etc/shadow and /etc/gshadow. This means that we can simplify the
>> filesystem package immensely, and packages which want to ship their
>> own runtime users can switch to this as well. Note that new IDs are
>> allocated semi-arbitrarily starting from 999 and counting down. Please
>> be aware of the implications of using this if your package ships files
>> owned by the user you're going to create! There's still no way of
>> removing users via sysusers.d, but I think this is fine (Fedora
>> actually never removes users or groups).
> I'm enthused by this feature and systemd-sysusers can offer a more
> standard way for managing system users across distro. Nevertheless, It
> would be nice if we do not fall into the shortcut of not removing users
> bound to a package when we remove it.
> That avoid manual removing and I don't see a drawback for doing this.
>
> Do you know why they don't implement the same logic (--create, --clean)
> as systemd-tmpfiles in systemd-sysusers?
There will often be files left behind owned by that uid/gid, and
deleting the user/group will free up the id to be consumed by the next
user/group. There's a potential to leak sensitive information like
passwords. Fedora and systemd choose to ignore the ickiness of having
dead system users/groups to avoid that issue.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20140824/35b789be/attachment.asc>
More information about the arch-dev-public
mailing list