[arch-dev-public] systemd 216 coming soon to testing

Daniel Micay danielmicay at gmail.com
Sun Aug 24 17:24:21 EDT 2014

On 24/08/14 04:54 PM, Sébastien Luttringer wrote:
> On 20/08/2014 20:25, Dave Reisner wrote:
>> For packagers:
>> - systemd-sysusers is now a reasonable thing as it now reads and writes
>>   to /etc/shadow and /etc/gshadow. This means that we can simplify the
>>   filesystem package immensely, and packages which want to ship their
>>   own runtime users can switch to this as well. Note that new IDs are
>>   allocated semi-arbitrarily starting from 999 and counting down. Please
>>   be aware of the implications of using this if your package ships files
>>   owned by the user you're going to create! There's still no way of
>>   removing users via sysusers.d, but I think this is fine (Fedora
>>   actually never removes users or groups).
> I'm enthused by this feature and systemd-sysusers can offer a more
> standard way for managing system users across distro. Nevertheless, It
> would be nice if we do not fall into the shortcut of not removing users
> bound to a package when we remove it.
> That avoid manual removing and I don't see a drawback for doing this.
> Do you know why they don't implement the same logic (--create, --clean)
> as systemd-tmpfiles in systemd-sysusers?

There will often be files left behind owned by that uid/gid, and
deleting the user/group will free up the id to be consumed by the next
user/group. There's a potential to leak sensitive information like
passwords. Fedora and systemd choose to ignore the ickiness of having
dead system users/groups to avoid that issue.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20140824/35b789be/attachment.asc>

More information about the arch-dev-public mailing list