summaryrefslogtreecommitdiff
path: root/sysusers.d
Commit message (Collapse)AuthorAgeFilesLines
* meson: build systemd using mesonZbigniew Jędrzejewski-Szmek2017-04-231-0/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's crucial that we can build systemd using VS2010! ... er, wait, no, that's not the official reason. We need to shed old systems by requring python 3! Oh, no, it's something else. Maybe we need to throw out 345 years of knowlege accumulated in autotools? Whatever, this new thing is cool and shiny, let's use it. This is not complete, I'm throwing it out here for your amusement and critique. - rules for sd-boot are missing. Those might be quite complicated. - rules for tests are missing too. Those are probably quite simple and repetitive, but there's lots of them. - it's likely that I didn't get all the conditions right, I only tested "full" compilation where most deps are provided and nothing is disabled. - busname.target and all .busname units are skipped on purpose. Otherwise, installation into $DESTDIR has the same list of files and the autoconf install, except for .la files. It'd be great if people had a careful look at all the library linking options. I added stuff until things compiled, and in the end there's much less linking then in the old system. But it seems that there's still a lot of unnecessary deps. meson has a `shared_module` statement, which sounds like something appropriate for our nss and pam modules. Unfortunately, I couldn't get it to work. For the nss modules, we need an .so version of '2', but `shared_module` disallows the version argument. For the pam module, it also didn't work, I forgot the reason. The handling of .m4 and .in and .m4.in files is rather awkward. It's likely that this could be simplified. If make support is ever dropped, I think it'd make sense to switch to a different templating system so that two different languages and not required, which would make everything simpler yet. v2: - use get_pkgconfig_variable - use sh not bash - use add_project_arguments v3: - drop required:true and fix progs/prog typo v4: - use find_library('bz2') - add TTY_GID definition - define __SANE_USERSPACE_TYPES__ - use join_paths(prefix, ...) is used on all paths to make them all absolute v5: - replace all declare_dependency's with [] - add more conf.get guards around optional components v6: - drop -pipe, -Wall which are the default in meson - use compiler.has_function() and compiler.has_header_symbol instead of the hand-rolled checks. - fix duplication in 'liblibsystemd' library name - use the right .sym file for pam_systemd - rename 'compiler' to 'cc': shorter, and more idiomatic. v7: - use ENABLE_ENVIRONMENT_D not HAVE_ENVIRONMENT_D - rename prefix to prefixdir, rootprefix to rootprefixdir ("prefix" is too common of a name and too easy to overwrite by mistake) - wrap more stuff with conf.get('ENABLE...') == 1 - use rootprefix=='/' and rootbindir as install_dir, to fix paths under split-usr==true. v8: - use .split() also for src/coredump. Now everything is consistent ;) - add rootlibdir option and use it on the libraries that require it v9: - indentation v10: - fix check for qrencode and libaudit v11: - unify handling of executable paths, provide options for all progs This makes the meson build behave slightly differently than the autoconf-based one, because we always first try to find the executable in the filesystem, and fall back to the default. I think different handling of loadkeys, setfont, and telinit was just a historical accident. In addition to checking in $PATH, also check /usr/sbin/, /sbin for programs. In Fedora $PATH includes /usr/sbin, (and /sbin is is a symlink to /usr/sbin), but in Debian, those directories are not included in the path. C.f. https://github.com/mesonbuild/meson/issues/1576. - call all the options 'xxx-path' for clarity. - sort man/rules/meson.build properly so it's stable
* rules: add a rule to set /dev/kvm access mode and ownership (#5597)Zbigniew Jędrzejewski-Szmek2017-03-271-0/+1
| | | | | | | | | | | | | | | | | | Kernel default mode is 0600, but distributions change it to group kvm, mode either 0660 (e.g. Debian) or 0666 (e.g. Fedora). Both approaches have valid reasons (a stricter mode limits exposure to bugs in the kvm subsystem, a looser mode makes libvirt and other virtualization mechanisms work out of the box for unprivileged users over ssh). In Fedora the qemu package carries the relevant rule, but it's nicer to have it in systemd, so that the permissions are not dependent on the qemu package being installed. Use of packaged qemu binaries is not required to make use of /dev/kvm, e.g. it's possible to use a self-compiled qemu or some alternative. https://bugzilla.redhat.com/show_bug.cgi?id=1431876 To accomodate both approaches, add a rule to set the mode in 50-udev-default.rules, but allow the mode to be overridden with a --with-dev-kvm-mode configure rule. The default is 0660, as the (slightly) more secure option.
* remove bus-proxydDaniel Mack2016-02-121-1/+0
| | | | | | | | | | As kdbus won't land in the anticipated way, the bus-proxy is not needed in its current form. It can be resurrected at any time thanks to the history, but for now, let's remove it from the sources. If we'll have a similar tool in the future, it will look quite differently anyway. Note that stdio-bridge is still available. It was restored from a version prior to f252ff17, and refactored to make use of the current APIs.
* coredump: dump priviliges when processing system coredumpsLennart Poettering2016-02-101-0/+3
| | | | | | | | Let's add an extra-safety net and change UID/GID to the "systemd-coredump" user when processing coredumps from system user. For coredumps of normal users we keep the current logic of processing the coredumps from the user id the coredump was created under. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=87354
* tmpfiles: drop /run/lock/lockdevMartin Pitt2016-02-011-1/+0
| | | | | | | | Hardly any software uses that any more, and better locking mechanisms like flock() have been available for many years. Also drop the corresponding "lock" group from sysusers.d/basic.conf.in, as nothing else is using this.
* build: fix systemd-journal-upload installationEvgeny Vereshchagin2015-12-092-0/+5
| | | | | | | | | | | | Fixes: $ ./configure ... --disable-microhttpd --enable-libcurl --enable-sysusers $ make && make install DESTDIR=$(pwd)/INST $ ls INST/usr/lib/sysusers.d/ basic.conf systemd.conf There is no a file with `systemd-journald-upload`
* turn kdbus support into a runtime optionKay Sievers2015-06-171-2/+0
| | | | | | | | | | | | | ./configure --enable/disable-kdbus can be used to set the default behavior regarding kdbus. If no kdbus kernel support is available, dbus-dameon will be used. With --enable-kdbus, the kernel command line option "kdbus=0" can be used to disable kdbus. With --disable-kdbus, the kernel command line option "kdbus=1" is required to enable kdbus support.
* build-sys: configure the list of system users, files and directoriesŁukasz Stelmach2014-11-302-0/+9
| | | | | | Choose which system users defined in sysusers.d/systemd.conf and files or directories in tmpfiles.d/systemd.conf, should be provided depending on comile-time configuration.
* sysusers: realign sysusers snippetsLennart Poettering2014-08-192-8/+8
|
* sysusers: set home directory for root to /rootLennart Poettering2014-08-191-17/+17
|
* sysusers: split users for remote into separate fileZbigniew Jędrzejewski-Szmek2014-07-312-2/+10
| | | | This mirrors the setup for tmpfiles.d done in ad95fd1d2b9.
* journal: add systemd-journal-remote to sysusersKay Sievers2014-07-161-0/+1
|
* sysusers: split up default sysusers snippetLennart Poettering2014-06-293-9/+14
| | | | | This ways, distributions have an easier way to replace the OS specific generic groups/users while keeping systemd's own.
* sysusers.d - fix typo in user definition fileJonathan Boulle2014-06-201-1/+1
|
* sysusers: hide generate .conf fileLennart Poettering2014-06-131-0/+1
|
* sysuser: generate default snippet incorporating TTY_GID properlyLennart Poettering2014-06-121-1/+1
| | | | | When the user specifies --with-tty-gid= then we should honour that and write it to the snippet, too.
* sysusers: add new input group to default snippetLennart Poettering2014-06-121-0/+1
|
* sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from ↵Lennart Poettering2014-06-122-0/+45
static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.