summaryrefslogtreecommitdiff
path: root/sysusers.d
AgeCommit message (Collapse)AuthorFilesLines
2018-07-16sysusers,tmpfiles: re-create systemd-network, systemd-resolve and ↵Yu Watanabe1-0/+9
systemd-timesync This partially reverts d4e9e574ea0b5d23598a317e68399584d229568b, 0187368cadea183e18c6d575a9d6b7f491a402af, and 4240cb02fda90ba11dfc0114201e42691132c6a9. The services systemd-networkd, systemd-resolved, and systemd-timesyncd enable DynamicUsers= and have bus interfaces. Unfortunately, these has many problems now. Let us create the relevant users, at least, tentatively. Fixes #9503.
2018-06-14Drop my copyright headersZbigniew Jędrzejewski-Szmek1-2/+0
perl -i -0pe 's/\s*Copyright © .... Zbigniew Jędrzejewski.*?\n/\n/gms' man/*xml git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/(#\n)?# +Copyright © [0-9, -]+ Zbigniew Jędrzejewski.*?\n//gms' git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s*\/\*\*\*\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*?\s*\*\*\*\/\s*/\n\n/gms' git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*//gms'
2018-06-14tree-wide: beautify remaining copyright statementsLennart Poettering1-1/+1
Let's unify an beautify our remaining copyright statements, with a unicode ©. This means our copyright statements are now always formatted the same way. Yay.
2018-05-22network: set DynamicUser= to systemd-networkd.serviceYu Watanabe1-3/+0
2018-05-22resolve: enable DynamicUser= for systemd-resolved.serviceYu Watanabe1-3/+0
2018-05-07meson: generate m4 preprocessor from config.h (#8914)Yu Watanabe1-1/+1
2018-04-06tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek1-13/+0
Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
2017-12-07sysusers: use NOBODY_USER_NAMEYu Watanabe1-1/+1
2017-12-03sysusers: Provide meson argument to set gid for 'users' group (#7533)Ikey Doherty1-1/+1
To allow better integration with distributions requiring an explicitly set gid for the `users` group, provide the new `-Dusers-gid` option to set to a new numeric value. In the absence of a specified gid, we'll fallback to the default existing behaviour of `-` as the gid value, to automatically assign the next available gid on the system.
2017-11-20README,sysusers: complete and order list of default udev groups we needLennart Poettering1-2/+2
Let's make sure the list of default udev groups we need are ordered in README and in the sysusers.d snippet, and both are complete.
2017-11-19Add license headers and SPDX identifiers to meson.build filesZbigniew Jędrzejewski-Szmek1-0/+17
So far I avoided adding license headers to meson files, but they are pretty big and important and should carry license headers like everything else. I added my own copyright, even though other people modified those files too. But this is mostly symbolic, so I hope that's OK.
2017-11-08udev-rules: Permission changes for /dev/dri/renderD*Tom Stellard1-0/+1
- Remove the uaccess tag from /dev/dri/renderD*. - Change the owning group from video to render. - Change default mode to 0666. - Add an option to allow users to set the access mode for these devices at compile time.
2017-10-06sysusers: do not create unneeded usersYu Watanabe2-6/+0
2017-10-04build-sys: s/ENABLE_RESOLVED/ENABLE_RESOLVE/Zbigniew Jędrzejewski-Szmek1-1/+1
The configuration option was called -Dresolve, but the internal define was …RESOLVED. This options governs more than just resolved itself, so let's settle on the version without "d".
2017-10-04build-sys: use #if Y instead of #ifdef Y everywhereZbigniew Jędrzejewski-Szmek1-2/+2
The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-07-28units,sysusers: use DynamicUser= for journal-gatewayd and drop user ↵Yu Watanabe1-1/+0
systemd-journal-gateway from sysusers
2017-07-18build-sys: drop gitignore patterns for in-tree buildsZbigniew Jędrzejewski-Szmek1-3/+0
... and other autotools-generated files.
2017-07-18build-sys: drop automake supportZbigniew Jędrzejewski-Szmek1-1/+0
v2: - also mention m4
2017-06-22meson: do not use path separator for target name (#6177)Yu Watanabe1-1/+1
Fixes #6158.
2017-05-02meson: use booleans for conf.set and drop unecessary conditionalsZbigniew Jędrzejewski-Szmek1-2/+2
Using conf.set() with a boolean argument does the right thing: either #ifdef or #undef. This means that conf.set can be used unconditionally. Previously I used '1' as the placeholder value, and that needs to be changed to 'true' for consistency (under meson 1 cannot be used in boolean context). All checks need to be adjusted.
2017-04-23meson: reindent all files with 8 spacesZbigniew Jędrzejewski-Szmek1-19/+17
The indentation for emacs'es meson-mode is added .dir-locals. All files are reindented automatically, using the lasest meson-mode from git. Indentation should now be fairly consistent.
2017-04-23meson: build systemd using mesonZbigniew Jędrzejewski-Szmek1-0/+33
It's crucial that we can build systemd using VS2010! ... er, wait, no, that's not the official reason. We need to shed old systems by requring python 3! Oh, no, it's something else. Maybe we need to throw out 345 years of knowlege accumulated in autotools? Whatever, this new thing is cool and shiny, let's use it. This is not complete, I'm throwing it out here for your amusement and critique. - rules for sd-boot are missing. Those might be quite complicated. - rules for tests are missing too. Those are probably quite simple and repetitive, but there's lots of them. - it's likely that I didn't get all the conditions right, I only tested "full" compilation where most deps are provided and nothing is disabled. - busname.target and all .busname units are skipped on purpose. Otherwise, installation into $DESTDIR has the same list of files and the autoconf install, except for .la files. It'd be great if people had a careful look at all the library linking options. I added stuff until things compiled, and in the end there's much less linking then in the old system. But it seems that there's still a lot of unnecessary deps. meson has a `shared_module` statement, which sounds like something appropriate for our nss and pam modules. Unfortunately, I couldn't get it to work. For the nss modules, we need an .so version of '2', but `shared_module` disallows the version argument. For the pam module, it also didn't work, I forgot the reason. The handling of .m4 and .in and .m4.in files is rather awkward. It's likely that this could be simplified. If make support is ever dropped, I think it'd make sense to switch to a different templating system so that two different languages and not required, which would make everything simpler yet. v2: - use get_pkgconfig_variable - use sh not bash - use add_project_arguments v3: - drop required:true and fix progs/prog typo v4: - use find_library('bz2') - add TTY_GID definition - define __SANE_USERSPACE_TYPES__ - use join_paths(prefix, ...) is used on all paths to make them all absolute v5: - replace all declare_dependency's with [] - add more conf.get guards around optional components v6: - drop -pipe, -Wall which are the default in meson - use compiler.has_function() and compiler.has_header_symbol instead of the hand-rolled checks. - fix duplication in 'liblibsystemd' library name - use the right .sym file for pam_systemd - rename 'compiler' to 'cc': shorter, and more idiomatic. v7: - use ENABLE_ENVIRONMENT_D not HAVE_ENVIRONMENT_D - rename prefix to prefixdir, rootprefix to rootprefixdir ("prefix" is too common of a name and too easy to overwrite by mistake) - wrap more stuff with conf.get('ENABLE...') == 1 - use rootprefix=='/' and rootbindir as install_dir, to fix paths under split-usr==true. v8: - use .split() also for src/coredump. Now everything is consistent ;) - add rootlibdir option and use it on the libraries that require it v9: - indentation v10: - fix check for qrencode and libaudit v11: - unify handling of executable paths, provide options for all progs This makes the meson build behave slightly differently than the autoconf-based one, because we always first try to find the executable in the filesystem, and fall back to the default. I think different handling of loadkeys, setfont, and telinit was just a historical accident. In addition to checking in $PATH, also check /usr/sbin/, /sbin for programs. In Fedora $PATH includes /usr/sbin, (and /sbin is is a symlink to /usr/sbin), but in Debian, those directories are not included in the path. C.f. https://github.com/mesonbuild/meson/issues/1576. - call all the options 'xxx-path' for clarity. - sort man/rules/meson.build properly so it's stable
2017-03-27rules: add a rule to set /dev/kvm access mode and ownership (#5597)Zbigniew Jędrzejewski-Szmek1-0/+1
Kernel default mode is 0600, but distributions change it to group kvm, mode either 0660 (e.g. Debian) or 0666 (e.g. Fedora). Both approaches have valid reasons (a stricter mode limits exposure to bugs in the kvm subsystem, a looser mode makes libvirt and other virtualization mechanisms work out of the box for unprivileged users over ssh). In Fedora the qemu package carries the relevant rule, but it's nicer to have it in systemd, so that the permissions are not dependent on the qemu package being installed. Use of packaged qemu binaries is not required to make use of /dev/kvm, e.g. it's possible to use a self-compiled qemu or some alternative. https://bugzilla.redhat.com/show_bug.cgi?id=1431876 To accomodate both approaches, add a rule to set the mode in 50-udev-default.rules, but allow the mode to be overridden with a --with-dev-kvm-mode configure rule. The default is 0660, as the (slightly) more secure option.
2016-02-12remove bus-proxydDaniel Mack1-1/+0
As kdbus won't land in the anticipated way, the bus-proxy is not needed in its current form. It can be resurrected at any time thanks to the history, but for now, let's remove it from the sources. If we'll have a similar tool in the future, it will look quite differently anyway. Note that stdio-bridge is still available. It was restored from a version prior to f252ff17, and refactored to make use of the current APIs.
2016-02-10coredump: dump priviliges when processing system coredumpsLennart Poettering1-0/+3
Let's add an extra-safety net and change UID/GID to the "systemd-coredump" user when processing coredumps from system user. For coredumps of normal users we keep the current logic of processing the coredumps from the user id the coredump was created under. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=87354
2016-02-01tmpfiles: drop /run/lock/lockdevMartin Pitt1-1/+0
Hardly any software uses that any more, and better locking mechanisms like flock() have been available for many years. Also drop the corresponding "lock" group from sysusers.d/basic.conf.in, as nothing else is using this.
2015-12-09build: fix systemd-journal-upload installationEvgeny Vereshchagin2-0/+5
Fixes: $ ./configure ... --disable-microhttpd --enable-libcurl --enable-sysusers $ make && make install DESTDIR=$(pwd)/INST $ ls INST/usr/lib/sysusers.d/ basic.conf systemd.conf There is no a file with `systemd-journald-upload`
2015-06-17turn kdbus support into a runtime optionKay Sievers1-2/+0
./configure --enable/disable-kdbus can be used to set the default behavior regarding kdbus. If no kdbus kernel support is available, dbus-dameon will be used. With --enable-kdbus, the kernel command line option "kdbus=0" can be used to disable kdbus. With --disable-kdbus, the kernel command line option "kdbus=1" is required to enable kdbus support.
2014-11-30build-sys: configure the list of system users, files and directoriesŁukasz Stelmach2-0/+9
Choose which system users defined in sysusers.d/systemd.conf and files or directories in tmpfiles.d/systemd.conf, should be provided depending on comile-time configuration.
2014-08-19sysusers: realign sysusers snippetsLennart Poettering2-8/+8
2014-08-19sysusers: set home directory for root to /rootLennart Poettering1-17/+17
2014-07-31sysusers: split users for remote into separate fileZbigniew Jędrzejewski-Szmek2-2/+10
This mirrors the setup for tmpfiles.d done in ad95fd1d2b9.
2014-07-16journal: add systemd-journal-remote to sysusersKay Sievers1-0/+1
2014-06-29sysusers: split up default sysusers snippetLennart Poettering3-9/+14
This ways, distributions have an easier way to replace the OS specific generic groups/users while keeping systemd's own.
2014-06-20sysusers.d - fix typo in user definition fileJonathan Boulle1-1/+1
2014-06-13sysusers: hide generate .conf fileLennart Poettering1-0/+1
2014-06-12sysuser: generate default snippet incorporating TTY_GID properlyLennart Poettering1-1/+1
When the user specifies --with-tty-gid= then we should honour that and write it to the snippet, too.
2014-06-12sysusers: add new input group to default snippetLennart Poettering1-0/+1
2014-06-12sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from ↵Lennart Poettering2-0/+45
static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.