kickstart vs. /etc/login.defs
Michael Hennebry
hennebry at web.cs.ndsu.nodak.edu
Thu Jan 26 14:12:36 UTC 2012
On Thu, 26 Jan 2012, Moray Henderson wrote:
> Ah, so I was right to have some of my own programs check login.defs rather
> than relying on a hard-wired 500 everywhere! That's useful to know.
>
> What fake users are created by the install? I would expect only system
> accounts to be created at that point, which are supposed to have uid's
> outside the range of normal users.
I don't know.
My current install has 38 fake users, including 0..8, 493..499 and 65534.
With UID_MIN=1000, I'd expect to get some in the range 500..999.
Just changing UID_MIN in %post would put them in the normal user range.
As noted, getting the fixup right would be tricky.
> It would be tricky to do what you want. /etc/login.defs is part of the
> shadow-utils package. You would need to create an rpm that would be
> installed onto the system after shadow-utils and before whichever packages
> create the users you are concerned about.
Nyet.
I can barely use an rpm, much less write one.
> In %post, though, you could modify the login.defs file - it will be
> /mnt/sysimage/etc/login.defs while the %post script is running, and use
Something else I didn't know and would have tripped over.
> usermod to change the uid of any user you are particularly concerned about.
> Note: users with explicitly-assigned uids should not be changed. The --uid
Also, not all fake users have groups IDs the same as the UIDs.
Hard as it would be to get it all right,
knowing that I got it right would be even harder.
> If you're freshly installing a system though, I would really recommend
> leaving the defaults the way they are.
It's looking like I won't have much choice.
There would be too many hills to climb at once.
>From http://docs.fedoraproject.org/en-US/Fedora/16/html/Release_Notes/sect-Release_Notes-Changes_for_Sysadmin.html#id3021598
"If you need to install a new system from scratch, while starting user
accounts from 500 (to connect the system to a network with
globally-defined UIDs), install using a kickstart script that places
/etc/login.defs on the file system before package installation starts."
Yeah right.
BTW hennebry at web.cs.ndsu.NoDak.edu (not my computer) is user 362.
UID_MIN is 1000.
GID_MIN is 100.
--
Michael hennebry at web.cs.ndsu.NoDak.edu
"On Monday, I'm gonna have to tell my kindergarten class,
whom I teach not to run with scissors,
that my fiance ran me through with a broadsword." -- Lily
More information about the Kickstart-list
mailing list