On Thu, Jul 10, 2014 at 08:17:07AM +0300, Oron Peled wrote:
> On Thursday 10 July 2014 01:49:41 Lennart Poettering wrote:
> > Please understand that we are not duplicating "adduser" here. Already in
> > the name of the tool we wanted to make clear thtat this is abotu system
> > users, nothing else.
- Original Message -
> On Wed, Jul 9, 2014 at 12:25 PM, Miloslav Trmač wrote:
> >> On Wed, Jul 9, 2014, at 07:30 AM, Miloslav Trmač wrote:
> > On a typical system _no_ accounts are misssing from the shadow files, so
> > tools and admins’ scripts are not designed and rigorously tested to ha
On Wed, Jul 9, 2014 at 12:25 PM, Miloslav Trmač wrote:
> (This is all rather beside the point: fixing those particular things won’t
> eliminate any of the problems of triplicate implementations and splintered
> knowledge. But to spread the awareness of the area…)
>
> - Original Message
See also https://bugzilla.redhat.com/show_bug.cgi?id=1118907
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
On Fri, 2014-07-11 at 12:52 +0200, Lennart Poettering wrote:
> On Fri, 11.07.14 05:41, Simo Sorce (s...@redhat.com) wrote:
>
> > The reason why we *must* use a notification mechanism is that we
> > maintain a very fast cache as a mmapped database to avoid roundtrips
> > from applications, so we si
On Fri, 11.07.14 05:41, Simo Sorce (s...@redhat.com) wrote:
> The reason why we *must* use a notification mechanism is that we
> maintain a very fast cache as a mmapped database to avoid roundtrips
> from applications, so we simply *do not* know when someone looks up data
> there. This means we ne
On Thu, 2014-07-10 at 20:05 +0200, Lennart Poettering wrote:
> On Thu, 10.07.14 12:44, Simo Sorce (s...@redhat.com) wrote:
>
> > On Thu, 2014-07-10 at 17:18 +0200, Jakub Hrozek wrote:
> > > We /do/ plan on the syncing anyway, because some admins are
> > > still used to vipw their passwd databases
On Fri, Jul 11, 2014 at 09:05:29AM +0930, William wrote:
>
> Thank you both for your response. It's appreciated.
>
> > >
> > > * Files in systemd's sysusers configuration directory will be used as a
> > > data source to create /etc/passwd and /etc/shadow.
> >
> > Also, /etc/group and /etc/gsha
On Thu, 2014-07-10 at 08:35 -0700, Colin Walters wrote:
> On Thu, Jul 10, 2014, at 05:42 AM, Lennart Poettering wrote:
> >
> > > Two examples from the top of my head:
> > > * Some tftpd implementations use it as the base path (and chroot into it)
> > > * Some anonymous ftpd implementation have s
Thank you both for your response. It's appreciated.
> >
> > * Files in systemd's sysusers configuration directory will be used as a
> > data source to create /etc/passwd and /etc/shadow.
>
> Also, /etc/group and /etc/gshadow.
>
> > Under what conditions are these two files created / touched?
On Thu, 10.07.14 12:44, Simo Sorce (s...@redhat.com) wrote:
> On Thu, 2014-07-10 at 17:18 +0200, Jakub Hrozek wrote:
> > We /do/ plan on the syncing anyway, because some admins are
> > still used to vipw their passwd databases and there are legacy scripts
> > around, but still -- could we, when t
On Thu, Jul 10, 2014 at 12:44:29PM -0400, Simo Sorce wrote:
> On Thu, 2014-07-10 at 17:18 +0200, Jakub Hrozek wrote:
> > We /do/ plan on the syncing anyway, because some admins are
> > still used to vipw their passwd databases and there are legacy scripts
> > around, but still -- could we, when th
On Thu, 2014-07-10 at 17:18 +0200, Jakub Hrozek wrote:
> We /do/ plan on the syncing anyway, because some admins are
> still used to vipw their passwd databases and there are legacy scripts
> around, but still -- could we, when the SSSD interface is available,
> call out from systemd-sysusers to t
On Thu, Jul 10, 2014, at 05:42 AM, Lennart Poettering wrote:
>
> > Two examples from the top of my head:
> > * Some tftpd implementations use it as the base path (and chroot into it)
> > * Some anonymous ftpd implementation have similar use (chroot into ~ftp)
But these aren't really usable with
On Wed, Jul 09, 2014 at 10:30:27AM -0400, Miloslav Trmač wrote:
> - Original Message -
> > Hi, for Atomic I'd like to investigate the new systemd-sysusers, so I
> > wrote up a Change:
> >
> > https://fedoraproject.org/wiki/Changes/SystemdSysusers
>
> A move to something more declarative m
On Thu, 10.07.14 17:16, William (will...@firstyear.id.au) wrote:
> On Thu, 2014-07-10 at 08:17 +0300, Oron Peled wrote:
> > A non-API related question...
>
> >
> > Generally, I prefer the explicit systemd settings over home directory
> > with "magical" effects, but I wonder if anyone is aware of
On Thu, 10.07.14 08:17, Oron Peled (o...@actcom.co.il) wrote:
>
>
> A non-API related question...
>
> On Thursday 10 July 2014 01:49:41 Lennart Poettering wrote:
> > Please understand that we are not duplicating "adduser" here. Already in
> > the name of the tool we wanted to make clear thtat t
On Thu, Jul 10, 2014, at 12:46 AM, William wrote:
> Under what conditions are these two files created / touched?
When systemd-sysusers is run.
> When I install a package and add a file to this sysuser directory, is
> only that user added to passwd and shadow?
The answer to this is pretty simp
On Thu, 2014-07-10 at 08:17 +0300, Oron Peled wrote:
> A non-API related question...
>
> Generally, I prefer the explicit systemd settings over home directory
> with "magical" effects, but I wonder if anyone is aware of existing
> system users which carry more complex semantics.
Perhaps look at
Am 10.07.2014 09:37, schrieb Al Dunsmuir:
> On Wednesday, July 9, 2014, 1:24:12 PM, Reindl Harald wrote:
>> Am 09.07.2014 19:18, schrieb Chris Adams:
>>> Once upon a time, Lennart Poettering said:
>>> Please, no! As soon as you use disparate systems in a network
>>> environment, having differin
On Wednesday, July 9, 2014, 1:24:12 PM, Reindl Harald wrote:
> Am 09.07.2014 19:18, schrieb Chris Adams:
>> Once upon a time, Lennart Poettering said:
>> Please, no! As soon as you use disparate systems in a network
>> environment, having differing versions of UID_MIN (where recompilation
>> is r
A non-API related question...
On Thursday 10 July 2014 01:49:41 Lennart Poettering wrote:
> Please understand that we are not duplicating "adduser" here. Already in
> the name of the tool we wanted to make clear thtat this is abotu system
> users, nothing else. The file format we defined has been
On Wed, 09.07.14 13:47, Miloslav Trmač (m...@redhat.com) wrote:
> > Yeah, because we dodn't want to intrdocue any new API we have carefully
> > made sure that whenever we write pasword, group and shadow files we use
> > existing APIs from glibc, more specifically putpwent(), putgrent(),
> > putspe
- Original Message -
> On Wed, 09.07.14 12:25, Miloslav Trmač (m...@redhat.com) wrote:
> > > Can you be more specific about the name validation?
> >
> > The binding maximum length constraint is from the utmp format
> > (UT_NAMESIZE - 1); LOGIN_NAME_MAX is an upper bound but not binding,
> >
- Original Message -
> On Wed, 09.07.14 10:30, Miloslav Trmač (m...@redhat.com) wrote:
> > - Original Message -
> > A move to something more declarative makes sense (whether in systemd or
> > through some kind of long-expected declarative rpm facility doesn’t matter
> > to me much.)
On Wed, 09.07.14 12:25, Miloslav Trmač (m...@redhat.com) wrote:
> > Can you be more specific about the name validation?
>
> The binding maximum length constraint is from the utmp format
> (UT_NAMESIZE - 1); LOGIN_NAME_MAX is an upper bound but not binding,
> and this has already ended up in system
Am 09.07.2014 19:18, schrieb Chris Adams:
> Once upon a time, Lennart Poettering said:
>> On Wed, 09.07.14 10:30, Miloslav Trmač (m...@redhat.com) wrote:
>>> * breaks the configurable [UG]ID_MIN logic
>>> (http://fedoraproject.org/wiki/Features/1000SystemAccounts, and yes,
>>> that is actually u
Once upon a time, Lennart Poettering said:
> On Wed, 09.07.14 10:30, Miloslav Trmač (m...@redhat.com) wrote:
> > * breaks the configurable [UG]ID_MIN logic
> > (http://fedoraproject.org/wiki/Features/1000SystemAccounts, and yes,
> > that is actually used and needed)
>
> Well, this is something I
On Wed, 09.07.14 10:30, Miloslav Trmač (m...@redhat.com) wrote:
> - Original Message -
> > Hi, for Atomic I'd like to investigate the new systemd-sysusers, so I
> > wrote up a Change:
> >
> > https://fedoraproject.org/wiki/Changes/SystemdSysusers
>
> A move to something more declarative
On Wed, 09.07.14 06:19, Colin Walters (walt...@verbum.org) wrote:
> Hi, for Atomic I'd like to investigate the new systemd-sysusers, so I
> wrote up a Change:
>
> https://fedoraproject.org/wiki/Changes/SystemdSysusers
>
> Note: for Fedora 22.
>
> The main motivation for me is it would allow Ato
(This is all rather beside the point: fixing those particular things won’t
eliminate any of the problems of triplicate implementations and splintered
knowledge. But to spread the awareness of the area…)
- Original Message -
> On Wed, Jul 9, 2014, at 07:30 AM, Miloslav Trmač wrote:
>
>
On Wed, Jul 9, 2014, at 07:30 AM, Miloslav Trmač wrote:
> * validates names incorrectly
We're talking about the equivalent of lu_name_allowed() from libuser?
Something like the
/* Allow trailing $ for samba machine accounts. */
?
But the usernames specified here are only for system users, they'
On Wed, Jul 9, 2014, at 06:34 AM, Matthew Miller wrote:
> Colin, we're _really_ hoping to make Atomic a flagship feature for Fedora
> Cloud in F21. If I work on getting the shadow-utils patch landed, does
> that
> _conflict_ with the new approach?
It doesn't conflict, no. Let's discuss this in t
- Original Message -
> Hi, for Atomic I'd like to investigate the new systemd-sysusers, so I
> wrote up a Change:
>
> https://fedoraproject.org/wiki/Changes/SystemdSysusers
A move to something more declarative makes sense (whether in systemd or through
some kind of long-expected declarat
On Wed, Jul 09, 2014 at 06:19:19AM -0700, Colin Walters wrote:
> Hi, for Atomic I'd like to investigate the new systemd-sysusers, so I
> wrote up a Change:
>
> https://fedoraproject.org/wiki/Changes/SystemdSysusers
>
> Note: for Fedora 22.
>
> The main motivation for me is it would allow Atomic
Hi, for Atomic I'd like to investigate the new systemd-sysusers, so I
wrote up a Change:
https://fedoraproject.org/wiki/Changes/SystemdSysusers
Note: for Fedora 22.
The main motivation for me is it would allow Atomic to not be a Remix
due to the not-in-Fedora shadow-utils patch[1] Further, it w
36 matches
Mail list logo
