fedora-atomic discussion point: /usr/lib/passwd

Tomasz Torcz tomek at pipebreaker.pl
Mon Apr 28 16:45:10 UTC 2014


On Mon, Apr 28, 2014 at 11:52:20AM -0400, Simo Sorce wrote:
> On Mon, 2014-04-28 at 15:32 +0000, Colin Walters wrote:
> > On Fri, Apr 11, 2014 at 2:33 AM, Colin Walters <walters at verbum.org> 
> > wrote:
> > > For the fedora-atomic work, the only not-in-Fedora package is 
> > > shadow-utils because it requires a patch, that still lives in my 
> > > walters/rpm-ostree COPR.
> > 
> > I attempted to capture some of this discussion here:
> > https://bugzilla.gnome.org/show_bug.cgi?id=729118
> > 
> > If anyone has more thoughts/ideas please feel free to follow up here, 
> > and I can update the bug, or comment on the bug directly.
> 
> I am still not convinced it is a good idea to split passwd in multiple
> files, besides potentially affecting applications and backup tools and
> custom scripts.
> - How do you deal with conflicts ?
> - What happen when an admin legitimately just use vipw and adds a system
> user in /etc/passwd instead of one of the other 2 you mention ?
> - How do you propose to resolve users from multiple files ?
> - Are you going to introduce new nss modules ?
> - Are you going to change pam_unix to lookup from all there files in
> different ways ?

  Risking being totally offtopic, but would TCB solve all most of this issues?
www.openwall.com/tcb/  or http://www.openwall.com/presentations/Owl/mgp00020.html

  It splits passwd into per-user files. It was discussed here few years ago:
https://lists.fedoraproject.org/pipermail/devel/2006-August/089224.html

  Maybe it's time to revisit?

-- 
Tomasz Torcz                 Morality must always be based on practicality.
xmpp: zdzichubg at chrome.pl                -- Baron Vladimir Harkonnen



More information about the devel mailing list