On Thu, Jul 10, 2014 at 08:17:07AM +0300, Oron Peled wrote:
On Thursday 10 July 2014 01:49:41 Lennart Poettering wrote:
> Please understand that we are not duplicating "adduser" here. Already in
> the name of the tool we wanted to make clear thtat this is abotu system
> users, nothing else. The file format we defined has been reduced to the
> minimum possible, in order to make it difficult for people to use it for
> anything else than this.
There are cases where a home directory of system users carry some semantics.
Two examples from the top of my head:
* Some tftpd implementations use it as the base path (and chroot into it)
* Some anonymous ftpd implementation have similar use (chroot into ~ftp)
Another interesting use case is gitolite: it's a system user that needs:
- a shell (/bin/sh in Fedora) -- otherwise sshd won't allow login
(/sbin/nologin) or login fails (/sbin/login)
- a home directory (/var/lib/gitolite in Fedora) -- so sshd can use
~/.ssh/authorized_keys to work out who's allowed to use the service &
what they're allowed to do
sshd prevents users from ever getting the default shell due to the
configuration of authorized_keys. However, it doesn't need/want a
password allowing standard login (though the admin will do "su -
gitolite" from root for initial setup or version migration).
See
http://gitolite.com/gitolite/how.html for more details on how
gitolite's ssh authentication works.
--
Scott Schmit