Vincent Untz wrote:
What was wrong with the minimum UID checking?
https://bugs.freedesktop.org/show_bug.cgi?id=44408 for the discussion about the change.
Was it hardcoded in accountservice instead of being read from /etc/login.defs?
No, it was reading /etc/login.defs. But the man page says:
UID_MIN (number) Min user ID value for automatic uid selection in useradd
This means this setting can be ignored when creating a user and is not safe to use for filtering.
I guess Fedora noticed it as they only recently increased the minimum uid? :-)
As the bugzilla thread mentions a hardcoded list of accounts that are filtered, you could just add the two above accounts to this list.
Right, that was one of the options I was suggesting.
What about the ftp, games and man users? Is it safe to change their login shell in aaa_base on upgrades? Or should we also just blacklist them?
I'm not sure a package should change the shell on update. We could try to fix it for new installs though. I fear it could break some old cron jobs or SuSEconfig scripts that use su with those accounts though. So I'd blacklist them.