kickstart vs. /etc/login.defs

Tim Mooney Tim.Mooney at ndsu.edu
Thu Jan 26 01:54:50 UTC 2012 

In regard to: Re: kickstart vs. /etc/login.defs, Michael Hennebry said (at...:

>> 	ks=http://your.web.host.here/url/path/to/ks.cfg
>
> I think I can do that.  I'm pretty sure that I can use my web site for it.
> Right, Tim?

Yes, you should be able to just drop it into your personal web space and
have anaconda read it, providing you give it the correct URL to the file.

> By default, Fedora 16 has UID_MIN=GID_MIN=1000.
> My Fedora 14 (EOL) has UID_MIN=GID=500.
> These values are stored in /etc/login.defs .
> I want to install (not uppgrade) Fedora 16 and retain the 500.

So, in your %post

- use whatever tool you want to modify /etc/login.defs, changing the
   values.
- find all the system accounts that have already been created with uids
   in the 500-999 range, and modify them to be in whatever range you
   want them to be in.  If you use shell for %post, something like

 	for u in `cut -d : -f 3 /etc/passwd`
 	do
 		if test $u -ge 500 && test $u -le 999 ; then
 			user=`grep "^[^:]*:[^:]*:$u:" /etc/passwd | cut -d : -f 1`
 			new_uid=`expr $u + 1000`
 			# remove the echo when you're satisfied the code is correct
 			echo usermod -u $new_uid $user
 		fi
 	done

   If you know perl or python better, the same can be coded for the post,
   you just need to tell %post to use a different interpreter.

   Note: usermod only fixes file ownership of stuff in their home dir, if
   these system users already own files outside of their home, you'll need
   to find them and modify them too.

- proceed with whatever other post tasks you need

You're already talking about installing FC16 in a way that's not
recommended, so modifying the accounts is no worse.

You should think carefully before you proceed down this path.  It may
not be worth the effort.

> Fedora claims that a kickstart file is the way to keep the 500.

I'm not following how using *just* a kickstart file allows you to avoid the
issue, but perhaps there's some clever bit I'm not seeing.  Making a
re-spin of FC16 with your own custom version of the package that owns
/etc/login.defs (probably shadow-utils) would.

Tim
-- 
Tim Mooney                                             Tim.Mooney at ndsu.edu
Enterprise Computing & Infrastructure                  701-231-1076 (Voice)
Room 242-J6, IACC Building                             701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

More information about the Kickstart-list mailing list