diff --git a/generate-sysusers-fragments.sh b/generate-sysusers-fragments.sh deleted file mode 100755 index 6ff9470..0000000 --- a/generate-sysusers-fragments.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash -#SPDX-License-Identifier: 0BSD - -set -euo pipefail - -test -f etc/group -test -f etc/passwd - -mkdir -p sysusers.d - -while read -r line; do - groupname=$(echo "${line}" | cut -d: -f1) - gid=$(echo "${line}" | cut -d: -f3) - echo "g ${groupname} ${gid}" -done sysusers.d/20-setup-groups.conf - -while read -r line; do - username=$(echo "${line}" | cut -d: -f1) - uid=$(echo "${line}" | cut -d: -f3) - gid=$(echo "${line}" | cut -d: -f4) - gecos=$(echo "${line}" | cut -d: -f5) - homedir=$(echo "${line}" | cut -d: -f6) - if [ "${homedir}" == "/" ]; then - homedir="-" - fi - shell=$(echo "${line}" | cut -d: -f7) - if [ "${shell}" == "/usr/sbin/nologin" ]; then - shell="-" - fi - echo "u ${username} ${uid}:${gid} \"${gecos}\" ${homedir} ${shell}" -done sysusers.d/20-setup-users.conf diff --git a/group b/group deleted file mode 100644 index 7d81402..0000000 --- a/group +++ /dev/null @@ -1,29 +0,0 @@ -root:x:0: -bin:x:1: -daemon:x:2: -sys:x:3: -adm:x:4: -tty:x:5: -disk:x:6: -lp:x:7: -mem:x:8: -kmem:x:9: -wheel:x:10: -cdrom:x:11: -mail:x:12: -man:x:15: -dialout:x:18: -floppy:x:19: -games:x:20: -utmp:x:22: -tape:x:33: -kvm:x:36: -video:x:39: -ftp:x:50: -lock:x:54: -audio:x:63: -users:x:100: -input:x:104: -render:x:105: -sgx:x:106: -nobody:x:65534: diff --git a/passwd b/passwd deleted file mode 100644 index 14316c5..0000000 --- a/passwd +++ /dev/null @@ -1,13 +0,0 @@ -root:x:0:0:Super User:/root:/bin/bash -bin:x:1:1:bin:/bin:/usr/sbin/nologin -daemon:x:2:2:daemon:/sbin:/usr/sbin/nologin -adm:x:3:4:adm:/var/adm:/usr/sbin/nologin -lp:x:4:7:lp:/var/spool/lpd:/usr/sbin/nologin -sync:x:5:0:sync:/sbin:/bin/sync -shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown -halt:x:7:0:halt:/sbin:/sbin/halt -mail:x:8:12:mail:/var/spool/mail:/usr/sbin/nologin -operator:x:11:0:operator:/root:/usr/sbin/nologin -games:x:12:100:games:/usr/games:/usr/sbin/nologin -ftp:x:14:50:FTP User:/var/ftp:/usr/sbin/nologin -nobody:x:65534:65534:Kernel Overflow User:/:/usr/sbin/nologin diff --git a/profile b/profile index 6ce1347..8bcc0e8 100644 --- a/profile +++ b/profile @@ -9,6 +9,9 @@ # will prevent the need for merging in future updates. pathmunge () { + # If the path is a compat symlink, do nothing. + [ -h "$1" ] && return + case ":${PATH}:" in *:"$1":*) ;; diff --git a/protocols b/protocols index f5b950f..75e88ba 100644 --- a/protocols +++ b/protocols @@ -1,12 +1,12 @@ # /etc/protocols: -# $Id: protocols,v 1.12 2016/07/08 12:27 ovasik Exp $ +# $Id: protocols,v 1.13 2025/05/14 15:30 mosvald Exp $ # # Internet (IP) protocols # # from: @(#)protocols 5.1 (Berkeley) 4/17/89 # # Updated for NetBSD based on RFC 1340, Assigned Numbers (July 1992). -# Last IANA update included dated 2011-05-03 +# Last IANA update included dated 2025-01-08 # # See also http://www.iana.org/assignments/protocol-numbers @@ -66,7 +66,7 @@ ipv6-crypt 50 IPv6-Crypt # Encryption Header for IPv6 (not in official list) ah 51 AH # Authentication Header ipv6-auth 51 IPv6-Auth # Authentication Header for IPv6 (not in official list) i-nlsp 52 I-NLSP # Integrated Net Layer Security TUBA -swipe 53 SWIPE # IP with Encryption +swipe 53 SWIPE # IP with Encryption (deprecated) narp 54 NARP # NBMA Address Resolution Protocol mobile 55 MOBILE # IP Mobility tlsp 56 TLSP # Transport Layer Security Protocol @@ -108,7 +108,7 @@ larp 91 LARP # Locus Address Resolution Protocol mtp 92 MTP # Multicast Transport Protocol ax.25 93 AX.25 # AX.25 Frames ipip 94 IPIP # Yet Another IP encapsulation -micp 95 MICP # Mobile Internetworking Control Pro. +micp 95 MICP # Mobile Internetworking Control Pro. (deprecated) scc-sp 96 SCC-SP # Semaphore Communications Sec. Pro. etherip 97 ETHERIP # Ethernet-within-IP Encapsulation encap 98 ENCAP # Yet Another IP encapsulation @@ -156,7 +156,12 @@ hip 139 HIP # Host Identity Protocol shim6 140 Shim6 # Shim6 Protocol wesp 141 WESP # Wrapped Encapsulating Security Payload rohc 142 ROHC # Robust Header Compression -# 143-252 Unassigned [IANA] +ethernet 143 Ethernet # Ethernet encapsulation for SRv6 +aggfrag 144 AGGFRAG # AGGFRAG encapsulation payload for ESP +nsh 145 NSH # Network Service Header +homa 146 Homa # Homa +bit-emu 147 BIT-EMU # Bit-stream Emulation +# 148-252 Unassigned [IANA] # 253 Use for experimentation and testing [RFC3692] # 254 Use for experimentation and testing [RFC3692] # 255 Reserved [IANA] diff --git a/setup.spec b/setup.spec index 7067aeb..ceee55e 100644 --- a/setup.spec +++ b/setup.spec @@ -12,24 +12,22 @@ Source0003: csh.cshrc Source0004: csh.login Source0005: ethertypes Source0006: filesystems -Source0007: group -Source0008: host.conf -Source0009: hosts -Source0010: inputrc -Source0011: networks -Source0012: passwd -Source0013: printcap -Source0014: profile -Source0015: protocols -Source0016: services -Source0017: shells +Source0007: host.conf +Source0008: hosts +Source0009: inputrc +Source0010: networks +Source0011: printcap +Source0012: profile +Source0013: protocols +Source0014: services +Source0015: shells Source0021: lang.csh Source0022: lang.sh Source0031: COPYING Source0032: uidgid -Source0033: generate-sysusers-fragments.sh +Source0033: setup.sysusers.conf Source0034: uidgidlint Source0035: serviceslint @@ -37,6 +35,7 @@ BuildArch: noarch BuildRequires: bash BuildRequires: tcsh BuildRequires: perl-interpreter +BuildRequires: /usr/bin/systemd-sysusers #systemd-rpm-macros: required to use _sysusersdir and _tmpfilesdir macro BuildRequires: systemd-rpm-macros #require system release for saner dependency order @@ -48,21 +47,18 @@ setup files, such as passwd, group, and profile. %prep mkdir -p etc/profile.d -cp %{lua: for i=1,17 do print(sources[i]..' ') end} etc/ +cp %{lua: for i=1,15 do print(sources[i]..' ') end} etc/ cp %SOURCE21 %SOURCE22 etc/profile.d/ -touch etc/{exports,motd,subgid,subuid} +touch etc/{exports,motd,subgid,subuid,environment,fstab} mkdir -p docs cp %SOURCE31 %SOURCE32 docs/ -bash %SOURCE33 - %build -#make prototype for /etc/shadow -sed -e "s/:.*/:*:`expr $(date +%s) / 86400`:0:99999:7:::/" etc/passwd >etc/shadow - -#make prototype for /etc/gshadow -sed -e 's/:[0-9]\+:/::/g; s/:x:/::/' etc/group >etc/gshadow +# This produces ./etc/{passwd,group,shadow,gshadow} +systemd-sysusers --root=./ %SOURCE33 +# Allow the user to copy the file +chmod 0400 ./etc/{shadow,gshadow} %check # Sanity checking selected files.... @@ -70,19 +66,17 @@ bash -n etc/bashrc bash -n etc/profile tcsh -f etc/csh.cshrc tcsh -f etc/csh.login -(cd etc && bash %SOURCE34 ./uidgid) +bash %SOURCE34 docs/uidgid (cd etc && perl %SOURCE35 ./services) %install mkdir -p %{buildroot}/etc cp -ar etc/* %{buildroot}/etc/ -mkdir -p %{buildroot}%{_sysusersdir} -cp sysusers.d/* %{buildroot}%{_sysusersdir}/ +install -D -m0644 %SOURCE33 %{buildroot}%{_sysusersdir}/setup.conf mkdir -p %{buildroot}/var/log touch %{buildroot}/etc/environment -chmod 0400 %{buildroot}/etc/{shadow,gshadow} touch %{buildroot}/etc/fstab echo "#Add any required envvar overrides to this file, it is sourced from /etc/profile" >%{buildroot}/etc/profile.d/sh.local echo "#Add any required envvar overrides to this file, it is sourced from /etc/csh.login" >%{buildroot}/etc/profile.d/csh.local @@ -106,13 +100,15 @@ cat >%{buildroot}/usr/share/dnf5/libdnf.conf.d/protect-setup.conf <= 4.20) but fallback to forking if not %post -p +-- Throw away useless and dangerous update stuff until rpm will be able to +-- handle it. See: http://rpm.org/ticket/6 for i, name in ipairs({"passwd", "shadow", "group", "gshadow"}) do os.remove("/etc/"..name..".rpmnew") end +-- Use rpm.spawn() if available (in >= 4.20) but fallback to forking if not. +-- +-- Initialize or update /etc/alias.db from /etc/aliases for sendmail, etc. if posix.access("/usr/bin/newaliases", "x") then if rpm.spawn ~= nil then rpm.spawn({'/usr/bin/newaliases'}, {stdout='/dev/null'}) @@ -126,6 +122,20 @@ if posix.access("/usr/bin/newaliases", "x") then end end end +-- Ensure pre-allocated tmpfiles are created immediately on upgrades. +if posix.access("/usr/bin/systemd-tmpfiles", "x") then + if rpm.spawn ~= nil then + rpm.spawn({"/usr/bin/systemd-tmpfiles", "--create"}, {stderr='/dev/null'}) + else + local pid = posix.fork() + if pid == 0 then + posix.redirect2null(2) + posix.exec("/usr/bin/systemd-tmpfiles", "--create") + elseif pid > 0 then + posix.wait(pid) + end + end +end %files %license docs/COPYING @@ -165,8 +175,7 @@ end %config(noreplace) %verify(not md5 size mtime) /etc/shells %ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/fstab %{_tmpfilesdir}/%{name}.conf -%{_sysusersdir}/20-setup-groups.conf -%{_sysusersdir}/20-setup-users.conf +%{_sysusersdir}/setup.conf /etc/dnf/protected.d/%{name}.conf %dir /usr/share/dnf5 %dir /usr/share/dnf5/libdnf.conf.d diff --git a/setup.sysusers.conf b/setup.sysusers.conf new file mode 100644 index 0000000..82be285 --- /dev/null +++ b/setup.sysusers.conf @@ -0,0 +1,41 @@ +u root 0:0 "Super User" /root /bin/bash +u bin 1 "bin" /bin - +u daemon 2 "daemon" /sbin - +u adm 3:4 "adm" /var/adm - +u lp 4:7 "lp" /var/spool/lpd - +u sync 5:0 "sync" /sbin /bin/sync +u shutdown 6:0 "shutdown" /sbin /sbin/shutdown +u halt 7:0 "halt" /sbin /sbin/halt +u mail 8:12 "mail" /var/spool/mail - +u operator 11:0 "operator" /root - +u games 12:100 "games" /usr/games - +u ftp 14:50 "FTP User" /var/ftp - +u nobody 65534:65534 "Kernel Overflow User" - - +g root 0 +g sys 3 +g adm 4 +g tty 5 +g disk 6 +g lp 7 +g mem 8 +g kmem 9 +g wheel 10 +g cdrom 11 +g mail 12 +g man 15 +g dialout 18 +g floppy 19 +g games 20 +g utmp 22 +g tape 33 +g kvm 36 +g video 39 +g ftp 50 +g lock 54 +g audio 63 +g users 100 +g clock 103 +g input 104 +g render 105 +g sgx 106 +g nobody 65534 diff --git a/uidgid b/uidgid index 1d9d378..a1759fd 100644 --- a/uidgid +++ b/uidgid @@ -19,29 +19,35 @@ news 9 13 /var/spool/news /usr/sbin/nologin inn uucp 10 14 /var/spool/uucp /usr/sbin/nologin uucp operator 11 (0) /root /usr/sbin/nologin setup games 12 (100) /usr/games /usr/sbin/nologin setup -# Not created by default anymore. -gopher 13 30 /var/gopher /usr/sbin/nologin - +# Removed in 2013 (#918206, #1667231), can be reused if necessary later +# gopher 13 30 /var/gopher /usr/sbin/nologin - ftp 14 50 /var/ftp /usr/sbin/nologin setup man - 15 - - setup -oprofile 16 16 /var/lib/oprofile /usr/sbin/nologin oprofile -pkiuser 17 17 /usr/share/pki /usr/sbin/nologin pki-ca,rhpki-ca +# Retired in 2018 (https://src.fedoraproject.org/rpms/oprofile/c/80fe828c879b1f67a109998cdd42a1bd8513bc3c) +# oprofile 16 16 /var/lib/oprofile /usr/sbin/nologin oprofile +# Retired sometime between 2011 and 2014 (https://src.fedoraproject.org/rpms/pki-ca/c/4ca1ce11a6e090099b36493653808cfe380911e1) +# pkiuser 17 17 /usr/share/pki /usr/sbin/nologin pki-ca,rhpki-ca dialout - 18 - - setup floppy - 19 - - setup games - 20 - - setup -slocate - 21 - - slocate +# mlocate retired in 2024 (https://src.fedoraproject.org/rpms/mlocate/c/7277dd5f59db126d1046a6aa5c4077a597dddddc) +# slocate - 21 - - slocate utmp - 22 - - initscripts,libutempter squid 23 23 /var/spool/squid /dev/null squid -pvm 24 24 /usr/share/pvm3 /bin/bash pvm +# Retired in 2015 (https://src.fedoraproject.org/rpms/pvm/c/eb6972917befbed00aff622c2c428d18439efe27) +# pvm 24 24 /usr/share/pvm3 /bin/bash pvm named 25 25 /var/named /bin/false bind postgres 26 26 /var/lib/pgsql /bin/bash postgresql-server -mysql 27 27 /var/lib/mysql /bin/bash mysql +mysql 27 27 /var/lib/mysql /usr/sbin/nologin mysql nscd 28 28 / /bin/false nscd rpcuser 29 29 /var/lib/nfs /bin/false nfs-utils -console - 31 - - dev +# Present in https://pagure.io/setup/c/08258e0f748c4f372fcbf1dd7947c132ee0b8a12, probably already unused in 2008 +# console - 31 - - dev rpc 32 32 /var/lib/rpcbind /usr/sbin/nologin portmap amandabackup 33 (6) /var/lib/amanda /bin/false amanda tape - 33 - - setup -netdump 34 34 /var/crash /bin/bash netdump-client, netdump-server +# Retired in 2021 (https://src.fedoraproject.org/rpms/netdump-server/c/9bbe604e20c113eaa7c897b9b12a705a36afb109) +# netdump 34 34 /var/crash /bin/bash netdump-client, netdump-server utempter - 35 - - libutempter kvm - 36 - - kvm, vdsm, libvirt vdsm 36 (36) / /bin/bash kvm, vdsm @@ -51,73 +57,92 @@ video - 39 - - setup dip - 40 - - ppp mailman 41 41 /usr/lib/mailman /usr/sbin/nologin mailman gdm 42 42 /var/lib/gdm /usr/sbin/nologin gdm -xfs 43 43 /etc/X11/fs /bin/false XFree86-xfs +# Retired in 2022 (https://src.fedoraproject.org/rpms/xorg-x11-xfs/c/3e273d8a939cf5f08bd4eea4f594fedd508dabcf) +# xfs 43 43 /etc/X11/fs /bin/false XFree86-xfs pppusers - 44 - - linuxconf popusers - 45 - - linuxconf slipusers - 46 - - linuxconf mailnull 47 47 /var/spool/mqueue /dev/null sendmail apache 48 48 /usr/share/httpd /bin/false httpd -wnn 49 49 /var/lib/wnn /usr/sbin/nologin FreeWnn +# Retired sometime before 2008 (https://src.fedoraproject.org/rpms/FreeWnn/c/8f9ac4e26531c704a26057be48261fb3d1ebea8e) +# wnn 49 49 /var/lib/wnn /usr/sbin/nologin FreeWnn smmsp 51 51 /var/spool/mqueue /dev/null sendmail puppet 52 52 /var/lib/puppet /usr/sbin/nologin puppet tomcat 53 53 /var/lib/tomcat /usr/sbin/nologin tomcat lock - 54 - - setup ldap 55 55 /var/lib/ldap /bin/false openldap-servers -frontpage 56 56 /var/www /bin/false mod_frontpage +# Last references on the web appear around 2007… +# frontpage 56 56 /var/www /bin/false mod_frontpage nut 57 57 /var/lib/ups /bin/false nut -beagleindex 58 58 /var/cache/beagle /bin/false beagle +# Retired in 2011 (https://src.fedoraproject.org/rpms/beagle/c/5721c9577eebdc7a0f6566f3efd955b3f4427a0e) +# beagleindex 58 58 /var/cache/beagle /bin/false beagle tss 59 59 - /usr/sbin/nologin trousers -piranha 60 60 /etc/sysconfig/ha /dev/null piranha -prelude-manager 61 61 - /usr/sbin/nologin prelude-manager -snortd 62 62 - /usr/sbin/nologin snortd +# Retired in 2012 (https://src.fedoraproject.org/rpms/piranha/c/15262075b63d48e2ee236ffb87d2db0a4aef1c42) +# piranha 60 60 /etc/sysconfig/ha /dev/null piranha +# Retired in 2025 (https://src.fedoraproject.org/rpms/prelude-manager/c/68cce28aa0e1788d857791155812e1f20d35036e) +# prelude-manager 61 61 - /usr/sbin/nologin prelude-manager +# Retired in 2011 (https://src.fedoraproject.org/rpms/snort/c/e2e149974cb3b56b70ed158339a3cb931497dfa2) +# snortd 62 62 - /usr/sbin/nologin snortd audio - 63 - - setup condor 64 64 /var/lib/condor /usr/sbin/nologin condord nslcd 65 (55) / /usr/sbin/nologin nslcd wine - 66 - - wine pegasus 66 65 /var/lib/Pegasus /usr/sbin/nologin tog-pegasus webalizer 67 67 /var/www/usage /usr/sbin/nologin webalizer -haldaemon 68 68 / /usr/sbin/nologin hal -vcsa 69 69 - /usr/sbin/nologin dev,MAKEDEV +# Retired in 2011 (https://src.fedoraproject.org/rpms/hal/c/e6690cd150b5e1c13e7779de1ce32ded0bc22bc1) +# haldaemon 68 68 / /usr/sbin/nologin hal +# Present in https://pagure.io/setup/c/08258e0f748c4f372fcbf1dd7947c132ee0b8a12, probably already unused in 2008 +# vcsa 69 69 - /usr/sbin/nologin dev,MAKEDEV avahi 70 70 /var/run/avahi-daemon /usr/sbin/nologin avahi -realtime - 71 - - - +# Present in https://pagure.io/setup/c/08258e0f748c4f372fcbf1dd7947c132ee0b8a12, probably already unused in 2008 +# realtime - 71 - - - tcpdump 72 72 / /usr/sbin/nologin tcpdump privoxy 73 73 /etc/privoxy /bin/bash privoxy sshd 74 74 /var/empty/sshd /usr/sbin/nologin openssh-server radvd 75 75 / /bin/false radvd cyrus 76 (12) /var/imap /bin/bash cyrus-imapd saslauth - 76 - - cyrus-sasl, cyrus-imap -# Dynamic on new systems, removed Dec2023, can be freed if necessary later +# Dynamic on new systems, removed Dec2023, can be reused if necessary later #arpwatch 77 77 /var/lib/arpwatch /usr/sbin/nologin arpwatch fax 78 78 /var/spool/fax /usr/sbin/nologin mgetty -nocpulse 79 79 /etc/sysconfig/nocpulse /bin/bash nocpulse +# Retired in 2014 (https://src.fedoraproject.org/rpms/nocpulse-common/c/2ee190601831472ca3ae9857311cfbd31c129c0e) +# nocpulse 79 79 /etc/sysconfig/nocpulse /bin/bash nocpulse desktop 80 80 - /usr/sbin/nologin desktop-file-utils dbus 81 81 / /usr/sbin/nologin dbus -jonas 82 82 /var/lib/jonas /usr/sbin/nologin jonas +# References to JOnAS in FC3 around 2005… +# jonas 82 82 /var/lib/jonas /usr/sbin/nologin jonas clamav 83 83 /tmp /usr/sbin/nologin clamav screen - 84 - - screen -quaggavt - 85 - - quagga -sabayon 86 86 - /usr/sbin/nologin sabayon +# Retired in 2021 (https://src.fedoraproject.org/rpms/quagga/c/42d57331ac98fcc4c7103854cb1ce0ddfc4bbbc2) +# quaggavt - 85 - - quagga +# Retired in 2014 (https://src.fedoraproject.org/rpms/sabayon/c/e1c4c886227e8123e55fd3fad93dc966d512b9b9) +# sabayon 86 86 - /usr/sbin/nologin sabayon polkituser 87 87 / /usr/sbin/nologin PolicyKit wbpriv - 88 - - samba-common postfix 89 89 /var/spool/postfix /bin/true postfix postdrop - 90 - - postfix -majordomo 91 91 /usr/lib/majordomo /bin/bash majordomo -quagga 92 92 / /usr/sbin/nologin quagga +# https://en.wikipedia.org/wiki/Majordomo_(software) says final release was 19 January 2000 +# majordomo 91 91 /usr/lib/majordomo /bin/bash majordomo +# Retired in 2021 (https://src.fedoraproject.org/rpms/quagga/c/42d57331ac98fcc4c7103854cb1ce0ddfc4bbbc2) +# quagga 92 92 / /usr/sbin/nologin quagga exim 93 93 /var/spool/exim /usr/sbin/nologin exim distcache 94 94 / /usr/sbin/nologin distcache radiusd 95 95 / /bin/false freeradius -hsqldb 96 96 /var/lib/hsqldb /usr/sbin/nologin hsqldb +# Retired in 2021 (https://src.fedoraproject.org/rpms/hsqldb/c/54def1d22548601a91ccf6a92c17645a1c5d7cdf) +# hsqldb 96 96 /var/lib/hsqldb /usr/sbin/nologin hsqldb dovecot 97 97 /usr/libexec/dovecot /usr/sbin/nologin dovecot ident 98 98 / /usr/sbin/nologin ident # Note: 99 used to be the old uid for nobody, now moved to 65534, do not reuse users - 100 - - setup ssh_keys - 101 - - openssh +clock - 103 - - systemd input - 104 - - systemd render - 105 - - systemd sgx - 106 - - systemd qemu 107 107 / /usr/sbin/nologin libvirt ovirt 108 108 / /usr/sbin/nologin libvirt -rhevm 109 109 /home/rhevm /usr/sbin/nologin vdsm-reg +# Retired in 2019 (https://src.fedoraproject.org/rpms/vdsm/c/6f1df621f648aa3b65edfcf3389649a6d13df5d4) +# rhevm 109 109 /home/rhevm /usr/sbin/nologin vdsm-reg jetty 110 110 /usr/share/jetty /usr/sbin/nologin jetty saned 111 111 / /usr/sbin/nologin sane-backends vhostmd 112 112 /usr/share/vhostmd /usr/sbin/nologin vhostmd @@ -126,10 +151,13 @@ polkitd 114 114 / /usr/sbin/nologin polkit bacula 133 133 /var/spool/bacula /usr/sbin/nologin bacula cimsrvr 134 134 / /usr/sbin/nologin tog-pegasus-libs mock - 135 / - mock -ricci 140 140 /var/lib/ricci /usr/sbin/nologin ricci -luci 141 141 /var/lib/luci /usr/sbin/nologin luci +# Retired in 2012 (https://src.fedoraproject.org/rpms/ricci/c/02a86812383253577ce309d633a400c9c6353ecd, +# https://fedoraproject.org/wiki/Features/Cluster) +# ricci 140 140 /var/lib/ricci /usr/sbin/nologin ricci +# luci 141 141 /var/lib/luci /usr/sbin/nologin luci activemq 142 142 /usr/share/activemq /usr/sbin/nologin activemq -cassandra 143 143 /var/lib/cassandra /usr/sbin/nologin cassandra +# Retired in 2019 (https://src.fedoraproject.org/rpms/cassandra/c/8fcb780b616a034aa5d787d04d631ac1f815f694) +# cassandra 143 143 /var/lib/cassandra /usr/sbin/nologin cassandra stap-server 155 155 /var/lib/stap-server /usr/sbin/nologin systemtap stapusr - 156 / - systemtap-runtime stapsys - 157 / - systemtap-runtime @@ -144,7 +172,8 @@ ceilometer 166 166 /var/lib/ceilometer /usr/sbin/nologin openstack-ceilometer ceph 167 167 /var/lib/ceph /usr/sbin/nologin ceph-common avahi-autoipd 170 170 /var/lib/avahi-autoipd /usr/sbin/nologin avahi pulse 171 171 /var/run/pulse /usr/sbin/nologin pulseaudio -rtkit 172 172 /proc /usr/sbin/nologin rtkit +# Dynamic on new systems, removed Mar2025, can be reused if necessary later +# rtkit 172 172 /proc /usr/sbin/nologin rtkit abrt 173 173 /etc/abrt /usr/sbin/nologin abrt retrace 174 174 /usr/share/retrace-server /usr/sbin/nologin retrace-server ovirtagent 175 175 / /usr/sbin/nologin ovirt-guest-agent @@ -152,9 +181,11 @@ ats 176 176 / /usr/sbin/nologin trafficserver dhcpd 177 177 / /usr/sbin/nologin dhcp myproxy 178 178 /var/lib/myproxy /usr/sbin/nologin myproxy-server sanlock 179 179 /var/run/sanlock /usr/sbin/nologin sanlock -aeolus 180 180 /var/aeolus /usr/sbin/nologin aeolus-configure -wallaby 181 181 /var/lib/wallaby /usr/sbin/nologin wallaby -# Not used anymore, removed Jun2021, can be freed if necessary later +# Retired in 2012 (https://src.fedoraproject.org/rpms/aeolus-all/c/4b303d259fb530130e413be462e032390595714d) +# aeolus 180 180 /var/aeolus /usr/sbin/nologin aeolus-configure +# Retired in 2015 (https://src.fedoraproject.org/rpms/wallaby/c/93d5de780d22a378db988a8b72d3d30ebf628930) +# wallaby 181 181 /var/lib/wallaby /usr/sbin/nologin wallaby +# Not used anymore, removed Jun2021, can be reused if necessary later #katello 182 182 /usr/share/katello /usr/sbin/nologin katello-common elasticsearch 183 183 /usr/share/java/elasticsearch /usr/sbin/nologin elasticsearch mongodb 184 184 /var/lib/mongodb /usr/sbin/nologin mongodb @@ -167,10 +198,11 @@ haproxy 188 188 /var/lib/haproxy /usr/sbin/nologin haproxy haclient - 189 - - pacemaker hacluster 189 (189) / /usr/sbin/nologin pacemaker systemd-journal - 190 - - systemd -# Dynamic on new systems, removed Dec2014, can be freed if necessary later +# Dynamic on new systems, removed Dec2014, can be reused if necessary later #systemd-journal-gateway 191 191 / /usr/sbin/nologin systemd systemd-network 192 192 / /usr/sbin/nologin systemd systemd-resolve 193 193 / /usr/sbin/nologin systemd +xrootd 194 194 /var/spool/xrootd - xrootd-server #gnats ? ? ? ? gnats, gnats-db #listar ? ? ? ? listar nobody 65534 65534 / /usr/sbin/nologin setup diff --git a/uidgidlint b/uidgidlint index 902f55e..997cc43 100755 --- a/uidgidlint +++ b/uidgidlint @@ -1,23 +1,26 @@ -#!/bin/sh +#!/bin/bash +set -eu +set -o pipefail + # We need a file to look at. if [ -z "$*" ] ; then - echo Usage: `basename $0` uidgid + echo "Usage: $0 uidgid" exit 1 fi error=0 # The format of the file is (currently) for infile in "$@" ; do - uidlist=`grep -v '^#' "$infile" | awk '{print $2}' | grep -v -e - | sort -nu` - gidlist=`grep -v '^#' "$infile" | awk '{print $3}' | grep -v -e - | sort -nu` - for uid in $uidlist ; do - if test `grep -v '^#' "$infile" | awk '{print $2}' | grep '^'"$uid"'$' | wc -l` -ne 1 ; then - echo Duplicate UID: $uid + uidlist=$(grep -v '^#' "$infile" | awk '{print $2}' | grep -v -e - | sort -nu) + gidlist=$(grep -v '^#' "$infile" | awk '{print $3}' | grep -v -e - | sort -nu) + for uid in $uidlist; do + if test "$(grep -v '^#' "$infile" | awk '{print $2}' | grep -c '^'"$uid"'$')" -ne 1 ; then + echo "Duplicate UID: $uid" error=1 fi done - for gid in $gidlist ; do - if test `grep -v '^#' "$infile" | awk '{print $3}' | grep '^'"$gid"'$' | wc -l` -ne 1 ; then - echo Duplicate GID: $gid + for gid in $gidlist; do + if test "$(grep -v '^#' "$infile" | awk '{print $3}' | grep -c '^'"$gid"'$')" -ne 1 ; then + echo "Duplicate GID: $gid" error=1 fi done