What | Removed | Added |
---|---|---|
Assignee | yast-internal@suse.de | schubi@suse.com |
(In reply to Yan nix from comment #10) > Oh I see. In the meantime, I recompiled the shadow RPM package and set it so > it won't overwrite my /etc/login.defs from my DUD. The RPM postscripts that > call useradd/groupadd creates system user/group entries within my desired > uid/gid now. You could also try AutoYaST scripts. See https://susedoc.github.io/doc-sle/develop/SLES-autoyast/html/configuration.html#createprofile.scripts for more information (you can, e.g., change /etc/login.defs after installing packages). I'd probably start with 4.30.3 Chroot Environment Scripts > However, I ran into an issue with systemd and specifically sysusers part of > it. After a lot of testing and reading, I find out to my chagrin that > systemd has taken some user/group creation and apparently is too special as > to ignore values from /etc/login.defs (at least uid/gid values). It looks > like its uid/gid values is set at compile time and there's no concept of > minimum, only a maximum. FWIW, the value for Leap 15 is 499 for both > systemuidmax and systemgidmax. Thanks, this is very useful. Could you, please, open another bugreport just systemd? It's a different package, different team, different bug. > I am just reporting back to point out that moving the security module to > first stage might only fix the ones that uses /etc/login.defs and will still > be broken for systemd created users. Hopefully as a reference too in case > someone runs into the same issue. See /usr/lib/sysusers.d/basic.conf and /usr/lib/sysusers.d/systemd.conf > I am still hoping there's a systemd runtime setting I haven't found yet as I > really don't want to get into recompiling systemd. Thanks Systemd users are created using %sysusers_create macro (e.g. at, https://build.opensuse.org/package/view_file/openSUSE:Factory/systemd/systemd.spec?expand=1) but that just calls `/usr/bin/systemd-sysusers` Try `man systemd-sysusers` And see https://github.com/systemd/systemd/blob/ad16158c10dfc3258831a9ff2f1a988214f51653/man/sysusers.d.xml#L78-L89 -> you can define IDs in those config files and the code is here https://github.com/systemd/systemd/blob/master/src/sysusers/sysusers.c#L1589-L1610