Bug#888126: [patch] Please enable systemd-sysusers unit

[Martin Pitt]

Hello Michael, all,

Michael Vogt [2018-01-23 16:15 +0100]:
> There is no downside (AFAICS), the unit is conditiional on
> ConditionNeedsUpdate=/etc so it will never run on default Debian
> systems.

Agreed. It will mostly be dead weight in the systemd packages, but the new tool
isn't too big, and most importantly, it doesn't drag in a new dependency.

> I also looked into providing debian specific basic.conf that would
> re-generate the base-passwd passwd.master (and group) file.  However it looks
> like the systemd-sysusers file format is not expressive enough for this
> (which is slightly unfortunate). I.e. we have entries like

Felipe and I also looked at this some years ago, and stumbled over the same
issues. I can't find the discussion on the ML or bugs.d.o now, though. But this
was the reason why we never enabled it, as it couldn't faithfully replicate
Debian's static system users.

>     sync:*:4:65534:sync:/bin:/bin/sync
> 
> which cannot be represented because you cannot specify a different
> primary gid in the sysusers file (or a login shell). So extra work is
> required for this but (personally) I would love to this is.

Since you freshly looked at this, was this the only problem? I figure the sync
group is mostly unused anyway, and completely irrelevant for containers - but
does this also affect static groups which are actually important? I. e. which
static groups cannot be replicated with sysusers?

IMHO if we enable this, we should also provide a reasonably correct static
sysusers so that the program actually works as intended. It doesn't need to
(and can't right now) be perfect, but at least not completely break your
system.

Thanks,

Martin