<div dir="ltr"><div dir="ltr">Hi, Martin:<div><br></div><div>Thanks for reminding me that my patch isn't good enough.</div><div><br></div><div>My intension is indeed to keep uid/gid creation more explicitly.<br></div><div>So the script can handle other "exceptions" better (in the future).</div><div><br></div><div>I prefer to keep the logic instead of treating 65534 special.</div><div><br></div><div>Thanks.</div><div>-KM</div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Fri, Nov 16, 2018 at 9:32 AM Martin Pitt <<a href="mailto:mpitt@debian.org" target="_blank">mpitt@debian.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello Keh-Ming Luoh, hello Michael,<br>
<br>
sorry for the delay!<br>
<br>
Keh-Ming Luoh [2018-10-31 19:22 -0700]:<br>
> When I upgrade my systemd, I found there is a "nobody" group created<br>
> automatically.<br>
<br>
Thanks for tracking this down!<br>
<br>
> -awk -F: '{ i = ($3 == $4) ? $3 : $3":"$4; printf("u %-10s %-7s - %-20s %s\n", $1,i,$6,$7) }' < /usr/share/base-passwd/passwd.master<br>
> +awk -F: '{ i = $3":"$4; printf("u %-10s %-7s - %-20s %s\n", $1,i,$6,$7) }' < /usr/share/base-passwd/passwd.master<br>
<br>
This is not quite correct. If you specify the GID explicitly, then it needs to<br>
exist before, i. e. the script would also need to be changed to create groups<br>
like "sys:3" explicitly. I. e. the conditional<br>
<br>
# only take groups whose name+gid != the corresponding user in passwd.master<br>
<br>
part would need to become unconditional. This would work, but would make both<br>
the group and passwd list more unwieldy.<br>
<br>
As all static Debian users and groups *except* nobody:nogroup have the same<br>
name, I'd like to keep the "single ID" behaviour of systemd-sysusers, as it's<br>
generally the right thing to do and more robust. So instead I'd like to<br>
handle the "nogroup" special-case as such.<br>
<br>
With the attached patch I seem to get the correct behaviour. The effective diff<br>
of the generated sysusers.d is<br>
<br>
-u nobody 65534 - /nonexistent /usr/sbin/nologin<br>
+u nobody 65534:65534 - /nonexistent /usr/sbin/nologin<br>
<br>
and nothing else. With current 239-11:<br>
<br>
# systemd-sysusers<br>
Creating group nobody with gid 999.<br>
<br>
and with this patched /usr/lib/sysusers.d/basic.conf:<br>
<br>
# systemd-sysusers<br>
# grep nobody /etc/group<br>
#<br>
<br>
i. e. it stops creating the group.<br>
<br>
I also added some postinst cleanup with some reasonable defensiveness.<br>
(Double-checking it now)<br>
<br>
@Michael, does that seem ok to you?<br>
<br>
Thanks,<br>
<br>
Martin<br>
</blockquote></div>