[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1003192: debian-edu-config: /etc/login.defs not adjusted for Debian Edu like /etc/adduser.conf

Package: debian-edu-config
Version: 2.12.5
Severity: normal


the Debian Edu site setup configures adduser to start adding local non-system users with UID number 500.

UID number 1000 and upwards is/are used for LDAP users.

In a standard Debian system, local user ID numbers normally start at 1000, so /etc/adduser.conf is tweaked accordingly on all Debian Edu setups:

# cat /etc/adduser.conf | grep 500

However, when I look at UID and GID ranges in /etc/login.defs, I see this on a fresh Debian Edu 11 installation:

# cat /etc/login.defs | grep UID
UID_MIN			 1000
UID_MAX			60000
#SYS_UID_MIN		  100
#SYS_UID_MAX		  999

# cat /etc/login.defs | grep GID
GID_MIN			 1000
GID_MAX			60000
#SYS_GID_MIN		  100
#SYS_GID_MAX		  999

To my understanding, with the deviating FIRST_UID/FIRST_GID settings in Debian Edu and with LDAP users starting at UID number (and GID number) 1000, the /etc/login.defs file should be adjusted to the following values, probably via cfengine3:

# cat /etc/login.defs | grep UID
UID_MIN			  500
UID_MAX			  999
SYS_UID_MIN		  100
SYS_UID_MAX		  499

# cat /etc/login.defs | grep GID
GID_MIN			  500
GID_MAX			  999
SYS_GID_MIN		  100
SYS_GID_MAX		  499

Interestingly, systemd adds this to /etc/passwd and /etc/group:

systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin

So, question is where in the installation process we need to inject the above change to enforce systemd-coredump:499:499:... Or if we can simply ignore that and configure /etc/login.defs for all following local user / local system user acconts.

I stumbled over this while looking and LTSP's init process and esp. the pwmmerge tool which relies on correct settings in /etc/login.defs on the LTSP client.

Comments? Feedback?



c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

Attachment: pgpmelEUpid9y.pgp
Description: Digitale PGP-Signatur

Reply to: