New Fedora 22 Change proposal: systemd-sysusers
Miloslav Trmač
mitr at redhat.com
Mon Jul 14 17:09:38 UTC 2014
----- Original Message -----
> On Wed, Jul 9, 2014 at 12:25 PM, Miloslav Trmač <mitr at redhat.com> wrote:
> >> On Wed, Jul 9, 2014, at 07:30 AM, Miloslav Trmač wrote:
> > On a typical system _no_ accounts are misssing from the shadow files, so
> > tools and admins’ scripts are not designed and rigorously tested to handle
> > this. (Early in its history, system-config-users had a _lot_ of problems
> > with shadow/non-shadow mismatches.)
>
> Until you introduce NIS, NIS+, LDAP, or Samba. style LDAP.
FWIW ordinary LDAP does support all of the shadow fields (and more), and at least libuser does populate them.
> > Note also that if a tool needs to edit _one_ field within the shadow file,
> > it needs to add some values for all the other fields (or at least the
> > mandatory ones), and it’s not always obvious what value to use. So it’s
> > actually much clearer for the system tools, which already know the default
> > values of the fields based on their own configuration, to pre-create the
> > shadow entries with the correct default values. (Though this applies
> > especially to real users rather than passwordless system accounts.)
>
> If any modern tool is not using 'usermod' or 'lusermod' directly, to
> avoid problems with atomic operations by other tools, than I certainly
> don't want to see it current Fedora relases.
usermod nor lusermod process the defaults used by useradd/luseradd.
Mirek
More information about the devel
mailing list