summaryrefslogtreecommitdiff
path: root/src/sysusers
Commit message (Collapse)AuthorAgeFilesLines
* uid-range: use size_t for array sizeLennart Poettering2022-04-011-1/+1
|
* strv: make iterator in STRV_FOREACH() declaread in the loopYu Watanabe2022-03-191-6/+0
| | | | This also avoids multiple evaluations in STRV_FOREACH_BACKWARDS()
* tree-wide: use strv_contains() in more placesZbigniew Jędrzejewski-Szmek2022-03-181-2/+2
|
* sysusers: use filename if /proc is not mountedYu Watanabe2021-12-311-1/+1
| | | | | | During system install, /proc may not be mounted yet. Fixes RHBZ#2036217 (https://bugzilla.redhat.com/show_bug.cgi?id=2036217).
* bootctl: write KERNEL_INSTALL_LAYOUT=bls and KERNEL_INSTALL_MACHINE_ID=…Zbigniew Jędrzejewski-Szmek2021-12-171-3/+3
| | | | | | | | | | | | | | | | This is a natural extension of d6bce6e224: if we are installing sd-boot, we want to use the sd-boot layout, so let's write the appropriate KERNEL_INSTALL_LAYOUT setting. Effectively, if we do 'booctl install', kernel-install will not autodetect the layout anymore. And 357376d0bb added support for KERNEL_INSTALL_MACHINE_ID. We need to support it here too. We both read it, so that we create the right directories, and also write it if it wasn't written yet and we created some directories using it, so that kernel-install that is executed later knows the machine-id that matches the directories we crated. The code is changed in some places to fail if we can't figure out the current status. When installing the boot loader it's probably better not to guess.
* sysusers: raise level of message about UID/GID being already usedZbigniew Jędrzejewski-Szmek2021-12-081-2/+2
| | | | | It can be quite important that a different value was used, so let's log this by default.
* sysusers: improve message about conflicting entriesZbigniew Jędrzejewski-Szmek2021-12-081-7/+23
| | | | | | | | | | | Without any markup, the sentence could be quite confusing: g user 55 g user 56 → "Two or more conflicting lines for user configured" It also wasn't clear which line is ignored. Inspired by https://github.com/systemd/systemd/pull/21156.
* sysusers: add --dry-runZbigniew Jędrzejewski-Szmek2021-12-081-4/+34
|
* sysusers: use ordered_hashmap_isempty()Zbigniew Jędrzejewski-Szmek2021-12-081-4/+4
|
* sysusers: use uppercase UID/GID consistently in messagesZbigniew Jędrzejewski-Szmek2021-12-081-26/+26
|
* tree-wide: use new RET_NERRNO() helper at various placesLennart Poettering2021-11-161-4/+1
|
* shared: split out UID allocation range stuff from user-record.hLennart Poettering2021-11-131-1/+1
| | | | | | | | user-record.[ch] are about the UserRecord JSON stuff, and the UID allocation range stuff (i.e. login.defs handling) is a very different thing, and complex enough on its own, let's give it its own c/h files. No code changes, just some splitting out of code.
* Make pager_open() return voidZbigniew Jędrzejewski-Szmek2021-11-031-1/+1
|
* Avoid passing NULL to underlying fprintf() in sysusers (#20974)(GalaxyMaster)2021-10-111-1/+1
|
* basic: split out sync() family of calls from fs-util.[ch] into new c/h fileLennart Poettering2021-10-051-0/+1
| | | | No changes in code, just some splitting out.
* Drop the text argument from assert_not_reached()Zbigniew Jędrzejewski-Szmek2021-08-031-2/+2
| | | | | | | | | | | | | | | | | In general we almost never hit those asserts in production code, so users see them very rarely, if ever. But either way, we just need something that users can pass to the developers. We have quite a few of those asserts, and some have fairly nice messages, but many are like "WTF?" or "???" or "unexpected something". The error that is printed includes the file location, and function name. In almost all functions there's at most one assert, so the function name alone is enough to identify the failure for a developer. So we don't get much extra from the message, and we might just as well drop them. Dropping them makes our code a tiny bit smaller, and most importantly, improves development experience by making it easy to insert such an assert in the code without thinking how to phrase the argument.
* tree-wide: "a" -> "an"Yu Watanabe2021-06-301-1/+1
|
* tree-wide: make specifier expansion --root= awareLennart Poettering2021-06-241-5/+5
| | | | | | | | | | | | | | | | | | | | | | This fixes repart's, systemctl's, sysusers' and tmpfiles' specifier expansion to honour the root dir specified with --root=. This is relevant for specifiers such as %m, %o, … which are directly sourced from files on disk. This doesn't try to be overly smart: specifiers referring to runtime concepts (i.e. boot ID, architecture, hostname) rather than files on the medium are left as is. There's certainly a point to be made that they should fail in case --root= is specified, but I am not entirely convinced about that, and it's certainly something we can look into later if there's reason to. I wondered for a while how to hook this up best, but given that quite a large number of specifiers resolve to data from files on disks, and most of our tools needs this, I ultimately decided to make the root dir a first class parameter to specifier_printf(). Replaces: #16187 Fixes: #16183
* tree-wide: add missing whitespace at the end of commentsYu Watanabe2021-06-151-1/+1
|
* tree-wide: always drop unnecessary dot in pathYu Watanabe2021-05-281-2/+2
|
* sysusers: add a generic specifier table for common casesLennart Poettering2021-05-261-11/+5
| | | | | | | This moves the definition of the specifier table consisting only of system and /tmp specifiers into generic code so that we can share it. This patch only adds one user of it for now. Follow-up patches will add more.
* sysusers: make sysusers work with dnf --installrootZbigniew Jędrzejewski-Szmek2021-05-241-4/+8
| | | | | | | | | | | | | | | | | This is not very pretty, but the code in fs-util.c already provisions for missing /proc. We ourselves are careful to set up /proc, but not everybody is and it is important for sysusers to also work where shadow-utils would: I would like to replace calls to useradd and groupadd in Fedora systemd rpm scriptlets with a call to sysusers. It has a number of advantages: - dogfooding - we don't need to manually duplicate the information from our sysusers files to scriptlets - a dependency on shadow-utils is dropped, which transitively drops dependencies on setup and fedora-repos and bunch of other stuff. We could try to get 'dnf' and 'rpm --root' and such to be reworked, but not in any reasonable timeframe. And even if this was done, we'd still want to support older rpm/dnf versions.
* sysusers: add debug lines to failing getent/putent operationsZbigniew Jędrzejewski-Szmek2021-05-241-47/+65
| | | | | | | | | | | | | | | | | | | | | | | | I'm trying to use systemd-sysusers for systemd.rpm itself, and the invocation in dnf chroot is failing like this: ... Creating group input with gid 999. Creating group kvm with gid 36. Creating group render with gid 998. Creating group sgx with gid 997. Creating group systemd-journal with gid 190. Creating group systemd-network with gid 192. Creating user systemd-network (systemd Network Management) with uid 192 and gid 192. Creating group systemd-oom with gid 996. Creating user systemd-oom (systemd Userspace OOM Killer) with uid 996 and gid 996. Creating group systemd-resolve with gid 193. Creating user systemd-resolve (systemd Resolver) with uid 193 and gid 193. Creating group systemd-timesync with gid 995. Creating user systemd-timesync (systemd Time Synchronization) with uid 995 and gid 995. Creating group systemd-coredump with gid 994. Creating user systemd-coredump (systemd Core Dumper) with uid 994 and gid 994. Failed to write files: Function not implemented Let's add more info to make such failures easier to debug.
* sysusers: reduce scope of variables and drop unnecessary initializationsZbigniew Jędrzejewski-Szmek2021-05-241-10/+11
|
* tree-wide: refuse too long strings earlier in specifier_printf()Yu Watanabe2021-05-121-5/+5
| | | | | | | | | | | | We usually call specifier_printf() and then check the validity of the result. In many cases, validity checkers, e.g. path_is_valid(), refuse too long strings. This makes specifier_printf() refuse such long results earlier. Moreover, unit_full_string() and description field in sysuser now refuse results longer than LONG_LINE_MAX. config_parse() already refuses the line longer than LONG_LINE_MAX. Hence, it should be ok to set the same value as the maximum length of the resolved string.
* fileio: optionally, return discovered path of file in search_and_fopen()Lennart Poettering2021-05-071-1/+3
|
* Merge pull request #19391 from poettering/dissect-growZbigniew Jędrzejewski-Szmek2021-05-071-1/+2
|\ | | | | optionally, grow file systems to partition size when mounting them via GPT auto-discovery
| * tree-wide: enable automatic growing of file systems in images in various ↵Lennart Poettering2021-04-231-1/+2
| | | | | | | | | | | | | | | | | | | | tools that deal with OS images Let's enable this in all tools that intend to write to the OS images. It's not conditionalized for now, as there already is conditionalization in the existance or absence of the flag in the GPT partition table (and it's opt-in), hence it should be OK to just enable this by default for now if the flag is set.
* | user-util: add generic definition for special password hash values in ↵Lennart Poettering2021-05-061-4/+4
|/ | | | | | | | | | | | | | /etc/passwd + /etc/shadow Let's add three defines for the 3 special cases of passwords. Some of our tools used different values for the "locked"/"invalid" case, let's settle on using "!*" which means the password is both locked *and* invalid. Other tools like to use "!!" for this case, which however is less than ideal I think, since the this could also be a considered an entry with an empty password, that can be enabled again by unlocking it twice.
* Merge pull request #18971 from poettering/sysusers-credsLennart Poettering2021-03-311-0/+47
|\ | | | | let's read LoadCredentials=/SetCredentials= style cred in sysusers/firstboot and when asking for passwords
| * sysusers: read passwords from the credentials logicLennart Poettering2021-03-261-0/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Let's make use of our own credentials infrastructure in our tools: let's hook up systemd-sysusers with the credentials logic, so that the root password can be provisioned this way. This is really useful when working with stateless systems, in particular nspawn's "--volatile=yes" switch, as this works now: # systemd-nspawn -i foo.raw --volatile=yes --set-credential=passwd.plaintext-password:foo For the first time we have a nice, non-interactive way to provision the root password for a fully stateless system from the container manager. Yay!
* | dissect-image: split DISSECT_IMAGE_REQUIRE_ROOT in twoLennart Poettering2021-03-161-1/+5
|/ | | | | | | | | | | | Previously, the flag did two things at once: enable support for using generic partitions as root fs if there were only one/allow use of partition-table-less images as root fs. And secondly, insist that there was a rootfs, and fail if not. Let's split these two in two separate options so that they can be used independently of each other. There are cases where one wants to use one without the other (i.e. when inspecting things with systemd-dissect tool it should be OK to do so even if image has no root fs), and it's cleaner anyway.
* Merge pull request #18852 from yuwata/tree-wide-use-UINT64_MAXZbigniew Jędrzejewski-Szmek2021-03-051-2/+2
|\ | | | | tree-wide: use UINT64_MAX or friends
| * tree-wide: use UINT64_MAX or friendsYu Watanabe2021-03-051-2/+2
| |
* | copy: move sync_rights() to copy.c and rename copy_rights()Lennart Poettering2021-03-041-4/+4
|/ | | | | | | It's so similar to copy_access(), hence let's move it over and rename it in similar style to the rest of the functions. No change in behaviour, just moving things over.
* Move and rename parse_path_argument() functionZbigniew Jędrzejewski-Szmek2021-02-151-2/+3
| | | | | This fits better in shared/, and the new parse-argument.c file is a good home for it.
* tree-wide: enable colorized logging for daemons when run in consoleYu Watanabe2021-02-011-1/+1
| | | | It may be useful when debugging daemons.
* tree-wide: Drop custom formatting for print() help messagesDaan De Meyer2021-01-311-4/+3
| | | | | | | | | | | | I think this formatting was originally used because it simplified adding new options to the help messages. However, these days, most tools their help message end with "\nSee the %s for details.\n" so the final line almost never has to be edited which eliminates the benefit of the custom formatting used for printf() help messages. Let's make things more consistent and use the same formatting for printf() help messages that we use everywhere else. Prompted by https://github.com/systemd/systemd/pull/18355#discussion_r567241580
* sysusers: flush nscd's caches whenever /etc/{passwd,group} are modifiedFranck Bui2021-01-261-0/+7
|
* Merge pull request #18294 from ssahani/net-2Yu Watanabe2021-01-191-10/+12
|\ | | | | tree wide use ensure_put
| * sysusers: use ordered_hashmap_ensure_putSusant Sahani2021-01-191-10/+12
| |
* | sysusers: use ordered_hashmap_ensure_putSusant Sahani2021-01-181-14/+10
|/
* specifiers: introduce common macros for generating specifier tablesLennart Poettering2020-11-251-12/+2
| | | | | | | | | | | | | In many cases the tables are largely the same, hence define a common set of macros to generate the common parts. This adds in a couple of missing specifiers here and there, so is more thant just refactoring: it actually fixes accidental omissions. Note that some entries that look like they could be unified under these macros can't really be unified, since they are slightly different. For example in the DNSSD service logic we want to use the DNSSD hostname for %H rather than the unmodified kernel one.
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* tmpfiles,sysusers: disable --image= support in standalone versionsZbigniew Jędrzejewski-Szmek2020-10-091-0/+11
| | | | Fixes #17278.
* Merge pull request #17172 from keszybz/read-login-defsLennart Poettering2020-10-021-3/+46
|\ | | | | Read /etc/login.defs
| * sysusers: emit warnings about login.defs overrides on first user or group ↵Zbigniew Jędrzejewski-Szmek2020-10-011-5/+32
| | | | | | | | | | | | | | | | creation *** Running /home/zbyszek/src/systemd-work/test/test-sysusers/test-14.input (with login.defs symlinked) login.defs specifies UID allocation range 401–555 that is different than the built-in defaults (201–998) login.defs specifies GID allocation range 405–666 that is different than the built-in defaults (201–990)
| * sysusers: look at login.defs when setting the default range to allocate usersZbigniew Jędrzejewski-Szmek2020-10-011-3/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | Also, even if login.defs are not present, don't start allocating at 1, but at SYSTEM_UID_MIN. Fixes #9769. The test is adjusted. Actually, it was busted before, because sysusers would never use SYSTEM_GID_MIN, so if SYSTEM_GID_MIN was different than SYSTEM_UID_MIN, the tests would fail. On all "normal" systems the two are equal, so we didn't notice. Since sysusers now always uses the minimum of the two, we only need to substitute one value.
* | sysusers: use "!*" instead of "!!" as an invalid group passwordnl67202020-09-301-1/+1
|/ | | | | | This basically implements fc58c0c7bf7e4f525b916e3e5be0de2307fef04e for gshadow. gpasswd may not have a lock/unlock that behaves the same as passwd, but according to gshadow(5) the logic of the password field is the same.
* sysusers: modernize file backup logic a bitLennart Poettering2020-09-231-24/+21
| | | | | Let's use _cleanup_ magic to clean up files, let's fully operate by fds whenever we can.
View Lorry Controller Status