Package: debian-edu-config Version: 2.12.5 Severity: normal Hi,the Debian Edu site setup configures adduser to start adding local non-system users with UID number 500.
UID number 1000 and upwards is/are used for LDAP users.In a standard Debian system, local user ID numbers normally start at 1000, so /etc/adduser.conf is tweaked accordingly on all Debian Edu setups:
# cat /etc/adduser.conf | grep 500 FIRST_UID=500 FIRST_GID=500However, when I look at UID and GID ranges in /etc/login.defs, I see this on a fresh Debian Edu 11 installation:
# cat /etc/login.defs | grep UID UID_MIN 1000 UID_MAX 60000 #SYS_UID_MIN 100 #SYS_UID_MAX 999 # cat /etc/login.defs | grep GID GID_MIN 1000 GID_MAX 60000 #SYS_GID_MIN 100 #SYS_GID_MAX 999To my understanding, with the deviating FIRST_UID/FIRST_GID settings in Debian Edu and with LDAP users starting at UID number (and GID number) 1000, the /etc/login.defs file should be adjusted to the following values, probably via cfengine3:
# cat /etc/login.defs | grep UID UID_MIN 500 UID_MAX 999 SYS_UID_MIN 100 SYS_UID_MAX 499 # cat /etc/login.defs | grep GID GID_MIN 500 GID_MAX 999 SYS_GID_MIN 100 SYS_GID_MAX 499 Interestingly, systemd adds this to /etc/passwd and /etc/group: systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin systemd-coredump:x:999:So, question is where in the installation process we need to inject the above change to enforce systemd-coredump:499:499:... Or if we can simply ignore that and configure /etc/login.defs for all following local user / local system user acconts.
I stumbled over this while looking and LTSP's init process and esp. the pwmmerge tool which relies on correct settings in /etc/login.defs on the LTSP client.
Comments? Feedback? Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
Attachment:
pgpmelEUpid9y.pgp
Description: Digitale PGP-Signatur