http://bugzilla.suse.com/show_bug.cgi?id=1112769
http://bugzilla.suse.com/show_bug.cgi?id=1112769#c11
Lukas Ocilka
Oh I see. In the meantime, I recompiled the shadow RPM package and set it so it won't overwrite my /etc/login.defs from my DUD. The RPM postscripts that call useradd/groupadd creates system user/group entries within my desired uid/gid now.
You could also try AutoYaST scripts. See https://susedoc.github.io/doc-sle/develop/SLES-autoyast/html/configuration.h... for more information (you can, e.g., change /etc/login.defs after installing packages). I'd probably start with 4.30.3 Chroot Environment Scripts
However, I ran into an issue with systemd and specifically sysusers part of it. After a lot of testing and reading, I find out to my chagrin that systemd has taken some user/group creation and apparently is too special as to ignore values from /etc/login.defs (at least uid/gid values). It looks like its uid/gid values is set at compile time and there's no concept of minimum, only a maximum. FWIW, the value for Leap 15 is 499 for both systemuidmax and systemgidmax.
Thanks, this is very useful. Could you, please, open another bugreport just systemd? It's a different package, different team, different bug.
I am just reporting back to point out that moving the security module to first stage might only fix the ones that uses /etc/login.defs and will still be broken for systemd created users. Hopefully as a reference too in case someone runs into the same issue.
See /usr/lib/sysusers.d/basic.conf and /usr/lib/sysusers.d/systemd.conf
I am still hoping there's a systemd runtime setting I haven't found yet as I really don't want to get into recompiling systemd. Thanks
Systemd users are created using %sysusers_create macro (e.g. at, https://build.opensuse.org/package/view_file/openSUSE:Factory/systemd/system...) but that just calls `/usr/bin/systemd-sysusers` Try `man systemd-sysusers` And see https://github.com/systemd/systemd/blob/ad16158c10dfc3258831a9ff2f1a988214f5... -> you can define IDs in those config files and the code is here https://github.com/systemd/systemd/blob/master/src/sysusers/sysusers.c#L1589... -- You are receiving this mail because: You are on the CC list for the bug.