Lukas Ocilka changed bug 1112769
What Removed Added
Assignee yast-internal@suse.de schubi@suse.com

Comment # 11 on bug 1112769 from 
(In reply to Yan nix from comment #10)
> Oh I see. In the meantime, I recompiled the shadow RPM package and set it so
> it won't overwrite my /etc/login.defs from my DUD. The RPM postscripts that
> call useradd/groupadd creates system user/group entries within my desired
> uid/gid now. 

You could also try AutoYaST scripts. See
https://susedoc.github.io/doc-sle/develop/SLES-autoyast/html/configuration.html#createprofile.scripts
for more information (you can, e.g., change /etc/login.defs after installing
packages). I'd probably start with 4.30.3 Chroot Environment Scripts

> However, I ran into an issue with systemd and specifically sysusers part of
> it. After a lot of testing and reading, I find out to my chagrin that
> systemd has taken some user/group creation and apparently is too special as
> to ignore values from /etc/login.defs (at least uid/gid values). It looks
> like its uid/gid values is set at compile time and there's no concept of
> minimum, only a maximum. FWIW, the value for Leap 15 is 499 for both
> systemuidmax and systemgidmax. 

Thanks, this is very useful. Could you, please, open another bugreport
just systemd? It's a different package, different team, different bug.

> I am just reporting back to point out that moving the security module to
> first stage might only fix the ones that uses /etc/login.defs and will still
> be broken for systemd created users. Hopefully as a reference too in case
> someone runs into the same issue. 

See /usr/lib/sysusers.d/basic.conf and /usr/lib/sysusers.d/systemd.conf

> I am still hoping there's a systemd runtime setting I haven't found yet as I
> really don't want to get into recompiling systemd. Thanks

Systemd users are created using %sysusers_create macro
(e.g. at,
https://build.opensuse.org/package/view_file/openSUSE:Factory/systemd/systemd.spec?expand=1)
but that just calls `/usr/bin/systemd-sysusers`

Try `man systemd-sysusers`

And see
https://github.com/systemd/systemd/blob/ad16158c10dfc3258831a9ff2f1a988214f51653/man/sysusers.d.xml#L78-L89
-> you can define IDs in those config files and the code is here
https://github.com/systemd/systemd/blob/master/src/sysusers/sysusers.c#L1589-L1610

You are receiving this mail because: