On Thu, Mar 29, 2012 at 08:55:21AM +0200, Vincent Untz wrote:
accountsservice is the service used in GNOME to get info about accounts on the system. The latest release change the way user filtering works. See https://bugs.freedesktop.org/show_bug.cgi?id=44408
- before 0.16.6: we were filtering out users based on UID (do not show users if uid < UID_MIN, where UID_MIN icomes from /etc/login.defs)
- now: we're filtering out users based on the shell (nologin & false are hidden)
On top of that, we have a blacklist of users to never show.
That sounds reasonable except that now I see users in gdm, while they should be filtered out. Those are:
ftp:x:40:49:FTP account:/srv/ftp:/bin/bash games:x:12:100:Games account:/var/games:/bin/bash man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash suse-ncc:x:106:108:Novell Customer Center User:/var/lib/YaST2/suse-ncc-fakehome:/bin/bash beagleindex:x:108:111:User for Beagle indexing:/var/cache/beagle:/bin/bash
I guess ftp, games and man are provided by some base package. Is there any reason those are using bash as shell instead of nologin? Can we fix this? Or should we just blacklist them?
It's harder for suse-ncc and beagleindex as, as far as I know, those are purely historical users from older versions of openSUSE that are still there after upgrading. So I wonder what the right fix is: should we just blacklist them, or would it be acceptable to change their shell in %post of accountsservice? That last solution sounds wrong to me, but it also might fix other issues in the long term...
Absolutely do NOT change shells of other system users.
What was wrong with the minimum UID checking?