fedora-atomic discussion point: /usr/lib/passwd
tomek at pipebreaker.pl
Mon Apr 28 16:45:10 UTC 2014
On Mon, Apr 28, 2014 at 11:52:20AM -0400, Simo Sorce wrote:
> On Mon, 2014-04-28 at 15:32 +0000, Colin Walters wrote:
> > On Fri, Apr 11, 2014 at 2:33 AM, Colin Walters <walters at verbum.org>
> > wrote:
> > > For the fedora-atomic work, the only not-in-Fedora package is
> > > shadow-utils because it requires a patch, that still lives in my
> > > walters/rpm-ostree COPR.
> > I attempted to capture some of this discussion here:
> > https://bugzilla.gnome.org/show_bug.cgi?id=729118
> > If anyone has more thoughts/ideas please feel free to follow up here,
> > and I can update the bug, or comment on the bug directly.
> I am still not convinced it is a good idea to split passwd in multiple
> files, besides potentially affecting applications and backup tools and
> custom scripts.
> - How do you deal with conflicts ?
> - What happen when an admin legitimately just use vipw and adds a system
> user in /etc/passwd instead of one of the other 2 you mention ?
> - How do you propose to resolve users from multiple files ?
> - Are you going to introduce new nss modules ?
> - Are you going to change pam_unix to lookup from all there files in
> different ways ?
Risking being totally offtopic, but would TCB solve all most of this issues?
www.openwall.com/tcb/ or http://www.openwall.com/presentations/Owl/mgp00020.html
It splits passwd into per-user files. It was discussed here few years ago:
Maybe it's time to revisit?
Tomasz Torcz Morality must always be based on practicality.
xmpp: zdzichubg at chrome.pl -- Baron Vladimir Harkonnen
More information about the devel