From 938a560b7608e8906134ed7d717c3f5aa459a760 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 10 Jul 2014 08:50:32 -0400 Subject: [PATCH] sysusers: allow overrides in /etc and /run An administrator might want to block a certain sysusers config file from being executed, e.g. to block the creation of a certain user. Only a relatively short description is added in the man page, since overrides should be relatively rare. --- man/sysusers.d.xml | 63 ++++++++++++++++++++++++++++------------- src/sysusers/sysusers.c | 2 ++ 2 files changed, 46 insertions(+), 19 deletions(-) diff --git a/man/sysusers.d.xml b/man/sysusers.d.xml index 40f8715bc..00eb7ec94 100644 --- a/man/sysusers.d.xml +++ b/man/sysusers.d.xml @@ -53,32 +53,28 @@ Description systemd-sysusers uses the - files from /usr/lib/sysusers.d/ + files from sysusers.d directory to create system users and groups at package - installation or boot time. This tool may be used for - allocating system users and groups only, it is not + installation or boot time. This tool may be used to + allocate system users and groups only, it is not useful for creating non-system users and groups, as it - accessed /etc/passwd and + accesses /etc/passwd and /etc/group directly, bypassing - any more complex user database, for example any + any more complex user databases, for example any database involving NIS or LDAP. - - File Format - - Each file shall be named in the style of - package.conf. + Configuration Format - All files are sorted by their filename in - lexicographic order, regardless of which of the - directories they reside in. If multiple files specify - the same user or group, the entry in the file with the - lexicographically earliest name will be applied, all - all other conflicting entries will be logged as - errors. Users and groups are - processed in the order they are listed. + Each configuration file shall be named in the + style of + package.conf + or + package-part.conf. + The second variant should be used when it is desirable + to make it easy to override just this part of + configuration. The file format is one line per user or group containing name, ID and GECOS field description: @@ -192,11 +188,40 @@ m authd input + + Overriding vendor configuration + + Note that systemd-sysusers + will do nothing if the specified users or groups + already exist, so normally there no reason to override + sysusers.d vendor configuration, + except to block certain users or groups from being + created. + + Files in /etc/sysusers.d + override files with the same name in + /usr/lib/sysusers.d and + /run/sysusers.d. Files in + /run/sysusers.d override files + with the same name in + /usr/lib/sysusers.d. The scheme is the same as for + tmpfiles.d5, + except for the directory name. + + If the administrator wants to disable a + configuration file supplied by the vendor, the + recommended way is to place a symlink to + /dev/null in + /etc/sysusers.d/ bearing the + same filename. + + See Also systemd1, - systemd-sysusers8 + systemd-sysusers8, + tmpfiles.d5 diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c index 129493a1e..68c552d24 100644 --- a/src/sysusers/sysusers.c +++ b/src/sysusers/sysusers.c @@ -62,6 +62,8 @@ typedef struct Item { static char *arg_root = NULL; static const char conf_file_dirs[] = + "/etc/sysusers.d\0" + "/run/sysusers.d\0" "/usr/local/lib/sysusers.d\0" "/usr/lib/sysusers.d\0" #ifdef HAVE_SPLIT_USR -- 2.30.2