mirror of
https://github.com/systemd/systemd
synced 2024-07-09 04:26:06 +00:00
9a797ddc41
The general idea with users and groups created through sysusers is that an appropriate number is picked when the allocation is made. The number that is selected will be different on each system based on the order of creation of users, installed packages, etc. Since system users and groups are not shared between installations, this generally is not an issue. But it becomes a problem for initrd: some file systems are shared between the initrd and the host (/run and /dev are probably the only ones that matter). If the allocations are different in the host and the initrd, and files survive switch-root, they will have wrong ownership. This makes the gids build-time-configurable for all groups and users where state may survive the switch from initrd to the host. In particular, all "hardware access" groups are like this: files in /dev will be owned by them. Eventually the new udev would change ownership, but there would be a momemnt where the files were owned by the wrong group. The allocations are "soft-static" in the language of Fedora packaging guidelines: the uid/gid will be used if possible, but we'll fall back to a different one. TTY_GID is the exception, because the number is used directly. Similarly, the possibility to configure "soft-static" uids is added for daemons which may usefully run in the initramfs: systemd-network (lease information and interface state is serialized to /run), systemd-resolve (stub files and interface state), systemd-timesync (/run/systemd/timesync). Journal files are owned by the group systemd-journal, and acls are granted for wheel and adm. systemd-oom and systemd-coredump are excluded from this patch: I assume that oomd is not useful in the initrd, and coredump leaves no state (it only creates a pipe in /run?). The defaults are not changed: if nothing is configured, dynamic allocation will be used. I looked at a Debian system, and the numbers are all different than on Fedora. For Fedora, see the list of uids and gids at https://pagure.io/setup/blob/master/f/uidgid. In particular, systemd-network and systemd-resolve got soft-static numbers to make it easy to transition from a non-host-specific initrd to a host system already a few years back (https://bugzilla.redhat.com/show_bug.cgi?id=1102002). I also requested static allocations for sgx, input, render in https://pagure.io/packaging-committee/issue/1078, https://pagure.io/setup/pull-request/27. |
||
|---|---|---|
| .. | ||
| basic.conf.in | ||
| meson.build | ||
| README | ||
| systemd-remote.conf.in | ||
| systemd.conf.in | ||
Files in this directory contain configuration for systemd-sysusers, a program to allocate system users and groups. See man:sysusers.d(5) for explanation of the configuration file format, and man:systemd-sysusers(8) for a description of when and how this configuration is applied. Use 'systemd-analyze cat-config sysusers.d' to display the effective config.