diff --git a/generate-sysusers-fragments.sh b/generate-sysusers-fragments.sh new file mode 100755 index 0000000..6ff9470 --- /dev/null +++ b/generate-sysusers-fragments.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash +#SPDX-License-Identifier: 0BSD + +set -euo pipefail + +test -f etc/group +test -f etc/passwd + +mkdir -p sysusers.d + +while read -r line; do + groupname=$(echo "${line}" | cut -d: -f1) + gid=$(echo "${line}" | cut -d: -f3) + echo "g ${groupname} ${gid}" +done sysusers.d/20-setup-groups.conf + +while read -r line; do + username=$(echo "${line}" | cut -d: -f1) + uid=$(echo "${line}" | cut -d: -f3) + gid=$(echo "${line}" | cut -d: -f4) + gecos=$(echo "${line}" | cut -d: -f5) + homedir=$(echo "${line}" | cut -d: -f6) + if [ "${homedir}" == "/" ]; then + homedir="-" + fi + shell=$(echo "${line}" | cut -d: -f7) + if [ "${shell}" == "/usr/sbin/nologin" ]; then + shell="-" + fi + echo "u ${username} ${uid}:${gid} \"${gecos}\" ${homedir} ${shell}" +done sysusers.d/20-setup-users.conf diff --git a/group b/group new file mode 100644 index 0000000..7d81402 --- /dev/null +++ b/group @@ -0,0 +1,29 @@ +root:x:0: +bin:x:1: +daemon:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mem:x:8: +kmem:x:9: +wheel:x:10: +cdrom:x:11: +mail:x:12: +man:x:15: +dialout:x:18: +floppy:x:19: +games:x:20: +utmp:x:22: +tape:x:33: +kvm:x:36: +video:x:39: +ftp:x:50: +lock:x:54: +audio:x:63: +users:x:100: +input:x:104: +render:x:105: +sgx:x:106: +nobody:x:65534: diff --git a/passwd b/passwd new file mode 100644 index 0000000..14316c5 --- /dev/null +++ b/passwd @@ -0,0 +1,13 @@ +root:x:0:0:Super User:/root:/bin/bash +bin:x:1:1:bin:/bin:/usr/sbin/nologin +daemon:x:2:2:daemon:/sbin:/usr/sbin/nologin +adm:x:3:4:adm:/var/adm:/usr/sbin/nologin +lp:x:4:7:lp:/var/spool/lpd:/usr/sbin/nologin +sync:x:5:0:sync:/sbin:/bin/sync +shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown +halt:x:7:0:halt:/sbin:/sbin/halt +mail:x:8:12:mail:/var/spool/mail:/usr/sbin/nologin +operator:x:11:0:operator:/root:/usr/sbin/nologin +games:x:12:100:games:/usr/games:/usr/sbin/nologin +ftp:x:14:50:FTP User:/var/ftp:/usr/sbin/nologin +nobody:x:65534:65534:Kernel Overflow User:/:/usr/sbin/nologin diff --git a/profile b/profile index 8bcc0e8..6ce1347 100644 --- a/profile +++ b/profile @@ -9,9 +9,6 @@ # will prevent the need for merging in future updates. pathmunge () { - # If the path is a compat symlink, do nothing. - [ -h "$1" ] && return - case ":${PATH}:" in *:"$1":*) ;; diff --git a/protocols b/protocols index 75e88ba..f5b950f 100644 --- a/protocols +++ b/protocols @@ -1,12 +1,12 @@ # /etc/protocols: -# $Id: protocols,v 1.13 2025/05/14 15:30 mosvald Exp $ +# $Id: protocols,v 1.12 2016/07/08 12:27 ovasik Exp $ # # Internet (IP) protocols # # from: @(#)protocols 5.1 (Berkeley) 4/17/89 # # Updated for NetBSD based on RFC 1340, Assigned Numbers (July 1992). -# Last IANA update included dated 2025-01-08 +# Last IANA update included dated 2011-05-03 # # See also http://www.iana.org/assignments/protocol-numbers @@ -66,7 +66,7 @@ ipv6-crypt 50 IPv6-Crypt # Encryption Header for IPv6 (not in official list) ah 51 AH # Authentication Header ipv6-auth 51 IPv6-Auth # Authentication Header for IPv6 (not in official list) i-nlsp 52 I-NLSP # Integrated Net Layer Security TUBA -swipe 53 SWIPE # IP with Encryption (deprecated) +swipe 53 SWIPE # IP with Encryption narp 54 NARP # NBMA Address Resolution Protocol mobile 55 MOBILE # IP Mobility tlsp 56 TLSP # Transport Layer Security Protocol @@ -108,7 +108,7 @@ larp 91 LARP # Locus Address Resolution Protocol mtp 92 MTP # Multicast Transport Protocol ax.25 93 AX.25 # AX.25 Frames ipip 94 IPIP # Yet Another IP encapsulation -micp 95 MICP # Mobile Internetworking Control Pro. (deprecated) +micp 95 MICP # Mobile Internetworking Control Pro. scc-sp 96 SCC-SP # Semaphore Communications Sec. Pro. etherip 97 ETHERIP # Ethernet-within-IP Encapsulation encap 98 ENCAP # Yet Another IP encapsulation @@ -156,12 +156,7 @@ hip 139 HIP # Host Identity Protocol shim6 140 Shim6 # Shim6 Protocol wesp 141 WESP # Wrapped Encapsulating Security Payload rohc 142 ROHC # Robust Header Compression -ethernet 143 Ethernet # Ethernet encapsulation for SRv6 -aggfrag 144 AGGFRAG # AGGFRAG encapsulation payload for ESP -nsh 145 NSH # Network Service Header -homa 146 Homa # Homa -bit-emu 147 BIT-EMU # Bit-stream Emulation -# 148-252 Unassigned [IANA] +# 143-252 Unassigned [IANA] # 253 Use for experimentation and testing [RFC3692] # 254 Use for experimentation and testing [RFC3692] # 255 Reserved [IANA] diff --git a/setup.spec b/setup.spec index ceee55e..7067aeb 100644 --- a/setup.spec +++ b/setup.spec @@ -12,22 +12,24 @@ Source0003: csh.cshrc Source0004: csh.login Source0005: ethertypes Source0006: filesystems -Source0007: host.conf -Source0008: hosts -Source0009: inputrc -Source0010: networks -Source0011: printcap -Source0012: profile -Source0013: protocols -Source0014: services -Source0015: shells +Source0007: group +Source0008: host.conf +Source0009: hosts +Source0010: inputrc +Source0011: networks +Source0012: passwd +Source0013: printcap +Source0014: profile +Source0015: protocols +Source0016: services +Source0017: shells Source0021: lang.csh Source0022: lang.sh Source0031: COPYING Source0032: uidgid -Source0033: setup.sysusers.conf +Source0033: generate-sysusers-fragments.sh Source0034: uidgidlint Source0035: serviceslint @@ -35,7 +37,6 @@ BuildArch: noarch BuildRequires: bash BuildRequires: tcsh BuildRequires: perl-interpreter -BuildRequires: /usr/bin/systemd-sysusers #systemd-rpm-macros: required to use _sysusersdir and _tmpfilesdir macro BuildRequires: systemd-rpm-macros #require system release for saner dependency order @@ -47,18 +48,21 @@ setup files, such as passwd, group, and profile. %prep mkdir -p etc/profile.d -cp %{lua: for i=1,15 do print(sources[i]..' ') end} etc/ +cp %{lua: for i=1,17 do print(sources[i]..' ') end} etc/ cp %SOURCE21 %SOURCE22 etc/profile.d/ -touch etc/{exports,motd,subgid,subuid,environment,fstab} +touch etc/{exports,motd,subgid,subuid} mkdir -p docs cp %SOURCE31 %SOURCE32 docs/ +bash %SOURCE33 + %build -# This produces ./etc/{passwd,group,shadow,gshadow} -systemd-sysusers --root=./ %SOURCE33 -# Allow the user to copy the file -chmod 0400 ./etc/{shadow,gshadow} +#make prototype for /etc/shadow +sed -e "s/:.*/:*:`expr $(date +%s) / 86400`:0:99999:7:::/" etc/passwd >etc/shadow + +#make prototype for /etc/gshadow +sed -e 's/:[0-9]\+:/::/g; s/:x:/::/' etc/group >etc/gshadow %check # Sanity checking selected files.... @@ -66,17 +70,19 @@ bash -n etc/bashrc bash -n etc/profile tcsh -f etc/csh.cshrc tcsh -f etc/csh.login -bash %SOURCE34 docs/uidgid +(cd etc && bash %SOURCE34 ./uidgid) (cd etc && perl %SOURCE35 ./services) %install mkdir -p %{buildroot}/etc cp -ar etc/* %{buildroot}/etc/ -install -D -m0644 %SOURCE33 %{buildroot}%{_sysusersdir}/setup.conf +mkdir -p %{buildroot}%{_sysusersdir} +cp sysusers.d/* %{buildroot}%{_sysusersdir}/ mkdir -p %{buildroot}/var/log touch %{buildroot}/etc/environment +chmod 0400 %{buildroot}/etc/{shadow,gshadow} touch %{buildroot}/etc/fstab echo "#Add any required envvar overrides to this file, it is sourced from /etc/profile" >%{buildroot}/etc/profile.d/sh.local echo "#Add any required envvar overrides to this file, it is sourced from /etc/csh.login" >%{buildroot}/etc/profile.d/csh.local @@ -100,15 +106,13 @@ cat >%{buildroot}/usr/share/dnf5/libdnf.conf.d/protect-setup.conf <= 4.20) but fallback to forking if not %post -p --- Throw away useless and dangerous update stuff until rpm will be able to --- handle it. See: http://rpm.org/ticket/6 for i, name in ipairs({"passwd", "shadow", "group", "gshadow"}) do os.remove("/etc/"..name..".rpmnew") end --- Use rpm.spawn() if available (in >= 4.20) but fallback to forking if not. --- --- Initialize or update /etc/alias.db from /etc/aliases for sendmail, etc. if posix.access("/usr/bin/newaliases", "x") then if rpm.spawn ~= nil then rpm.spawn({'/usr/bin/newaliases'}, {stdout='/dev/null'}) @@ -122,20 +126,6 @@ if posix.access("/usr/bin/newaliases", "x") then end end end --- Ensure pre-allocated tmpfiles are created immediately on upgrades. -if posix.access("/usr/bin/systemd-tmpfiles", "x") then - if rpm.spawn ~= nil then - rpm.spawn({"/usr/bin/systemd-tmpfiles", "--create"}, {stderr='/dev/null'}) - else - local pid = posix.fork() - if pid == 0 then - posix.redirect2null(2) - posix.exec("/usr/bin/systemd-tmpfiles", "--create") - elseif pid > 0 then - posix.wait(pid) - end - end -end %files %license docs/COPYING @@ -175,7 +165,8 @@ end %config(noreplace) %verify(not md5 size mtime) /etc/shells %ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/fstab %{_tmpfilesdir}/%{name}.conf -%{_sysusersdir}/setup.conf +%{_sysusersdir}/20-setup-groups.conf +%{_sysusersdir}/20-setup-users.conf /etc/dnf/protected.d/%{name}.conf %dir /usr/share/dnf5 %dir /usr/share/dnf5/libdnf.conf.d diff --git a/setup.sysusers.conf b/setup.sysusers.conf deleted file mode 100644 index 82be285..0000000 --- a/setup.sysusers.conf +++ /dev/null @@ -1,41 +0,0 @@ -u root 0:0 "Super User" /root /bin/bash -u bin 1 "bin" /bin - -u daemon 2 "daemon" /sbin - -u adm 3:4 "adm" /var/adm - -u lp 4:7 "lp" /var/spool/lpd - -u sync 5:0 "sync" /sbin /bin/sync -u shutdown 6:0 "shutdown" /sbin /sbin/shutdown -u halt 7:0 "halt" /sbin /sbin/halt -u mail 8:12 "mail" /var/spool/mail - -u operator 11:0 "operator" /root - -u games 12:100 "games" /usr/games - -u ftp 14:50 "FTP User" /var/ftp - -u nobody 65534:65534 "Kernel Overflow User" - - -g root 0 -g sys 3 -g adm 4 -g tty 5 -g disk 6 -g lp 7 -g mem 8 -g kmem 9 -g wheel 10 -g cdrom 11 -g mail 12 -g man 15 -g dialout 18 -g floppy 19 -g games 20 -g utmp 22 -g tape 33 -g kvm 36 -g video 39 -g ftp 50 -g lock 54 -g audio 63 -g users 100 -g clock 103 -g input 104 -g render 105 -g sgx 106 -g nobody 65534 diff --git a/uidgid b/uidgid index a1759fd..1d9d378 100644 --- a/uidgid +++ b/uidgid @@ -19,35 +19,29 @@ news 9 13 /var/spool/news /usr/sbin/nologin inn uucp 10 14 /var/spool/uucp /usr/sbin/nologin uucp operator 11 (0) /root /usr/sbin/nologin setup games 12 (100) /usr/games /usr/sbin/nologin setup -# Removed in 2013 (#918206, #1667231), can be reused if necessary later -# gopher 13 30 /var/gopher /usr/sbin/nologin - +# Not created by default anymore. +gopher 13 30 /var/gopher /usr/sbin/nologin - ftp 14 50 /var/ftp /usr/sbin/nologin setup man - 15 - - setup -# Retired in 2018 (https://src.fedoraproject.org/rpms/oprofile/c/80fe828c879b1f67a109998cdd42a1bd8513bc3c) -# oprofile 16 16 /var/lib/oprofile /usr/sbin/nologin oprofile -# Retired sometime between 2011 and 2014 (https://src.fedoraproject.org/rpms/pki-ca/c/4ca1ce11a6e090099b36493653808cfe380911e1) -# pkiuser 17 17 /usr/share/pki /usr/sbin/nologin pki-ca,rhpki-ca +oprofile 16 16 /var/lib/oprofile /usr/sbin/nologin oprofile +pkiuser 17 17 /usr/share/pki /usr/sbin/nologin pki-ca,rhpki-ca dialout - 18 - - setup floppy - 19 - - setup games - 20 - - setup -# mlocate retired in 2024 (https://src.fedoraproject.org/rpms/mlocate/c/7277dd5f59db126d1046a6aa5c4077a597dddddc) -# slocate - 21 - - slocate +slocate - 21 - - slocate utmp - 22 - - initscripts,libutempter squid 23 23 /var/spool/squid /dev/null squid -# Retired in 2015 (https://src.fedoraproject.org/rpms/pvm/c/eb6972917befbed00aff622c2c428d18439efe27) -# pvm 24 24 /usr/share/pvm3 /bin/bash pvm +pvm 24 24 /usr/share/pvm3 /bin/bash pvm named 25 25 /var/named /bin/false bind postgres 26 26 /var/lib/pgsql /bin/bash postgresql-server -mysql 27 27 /var/lib/mysql /usr/sbin/nologin mysql +mysql 27 27 /var/lib/mysql /bin/bash mysql nscd 28 28 / /bin/false nscd rpcuser 29 29 /var/lib/nfs /bin/false nfs-utils -# Present in https://pagure.io/setup/c/08258e0f748c4f372fcbf1dd7947c132ee0b8a12, probably already unused in 2008 -# console - 31 - - dev +console - 31 - - dev rpc 32 32 /var/lib/rpcbind /usr/sbin/nologin portmap amandabackup 33 (6) /var/lib/amanda /bin/false amanda tape - 33 - - setup -# Retired in 2021 (https://src.fedoraproject.org/rpms/netdump-server/c/9bbe604e20c113eaa7c897b9b12a705a36afb109) -# netdump 34 34 /var/crash /bin/bash netdump-client, netdump-server +netdump 34 34 /var/crash /bin/bash netdump-client, netdump-server utempter - 35 - - libutempter kvm - 36 - - kvm, vdsm, libvirt vdsm 36 (36) / /bin/bash kvm, vdsm @@ -57,92 +51,73 @@ video - 39 - - setup dip - 40 - - ppp mailman 41 41 /usr/lib/mailman /usr/sbin/nologin mailman gdm 42 42 /var/lib/gdm /usr/sbin/nologin gdm -# Retired in 2022 (https://src.fedoraproject.org/rpms/xorg-x11-xfs/c/3e273d8a939cf5f08bd4eea4f594fedd508dabcf) -# xfs 43 43 /etc/X11/fs /bin/false XFree86-xfs +xfs 43 43 /etc/X11/fs /bin/false XFree86-xfs pppusers - 44 - - linuxconf popusers - 45 - - linuxconf slipusers - 46 - - linuxconf mailnull 47 47 /var/spool/mqueue /dev/null sendmail apache 48 48 /usr/share/httpd /bin/false httpd -# Retired sometime before 2008 (https://src.fedoraproject.org/rpms/FreeWnn/c/8f9ac4e26531c704a26057be48261fb3d1ebea8e) -# wnn 49 49 /var/lib/wnn /usr/sbin/nologin FreeWnn +wnn 49 49 /var/lib/wnn /usr/sbin/nologin FreeWnn smmsp 51 51 /var/spool/mqueue /dev/null sendmail puppet 52 52 /var/lib/puppet /usr/sbin/nologin puppet tomcat 53 53 /var/lib/tomcat /usr/sbin/nologin tomcat lock - 54 - - setup ldap 55 55 /var/lib/ldap /bin/false openldap-servers -# Last references on the web appear around 2007… -# frontpage 56 56 /var/www /bin/false mod_frontpage +frontpage 56 56 /var/www /bin/false mod_frontpage nut 57 57 /var/lib/ups /bin/false nut -# Retired in 2011 (https://src.fedoraproject.org/rpms/beagle/c/5721c9577eebdc7a0f6566f3efd955b3f4427a0e) -# beagleindex 58 58 /var/cache/beagle /bin/false beagle +beagleindex 58 58 /var/cache/beagle /bin/false beagle tss 59 59 - /usr/sbin/nologin trousers -# Retired in 2012 (https://src.fedoraproject.org/rpms/piranha/c/15262075b63d48e2ee236ffb87d2db0a4aef1c42) -# piranha 60 60 /etc/sysconfig/ha /dev/null piranha -# Retired in 2025 (https://src.fedoraproject.org/rpms/prelude-manager/c/68cce28aa0e1788d857791155812e1f20d35036e) -# prelude-manager 61 61 - /usr/sbin/nologin prelude-manager -# Retired in 2011 (https://src.fedoraproject.org/rpms/snort/c/e2e149974cb3b56b70ed158339a3cb931497dfa2) -# snortd 62 62 - /usr/sbin/nologin snortd +piranha 60 60 /etc/sysconfig/ha /dev/null piranha +prelude-manager 61 61 - /usr/sbin/nologin prelude-manager +snortd 62 62 - /usr/sbin/nologin snortd audio - 63 - - setup condor 64 64 /var/lib/condor /usr/sbin/nologin condord nslcd 65 (55) / /usr/sbin/nologin nslcd wine - 66 - - wine pegasus 66 65 /var/lib/Pegasus /usr/sbin/nologin tog-pegasus webalizer 67 67 /var/www/usage /usr/sbin/nologin webalizer -# Retired in 2011 (https://src.fedoraproject.org/rpms/hal/c/e6690cd150b5e1c13e7779de1ce32ded0bc22bc1) -# haldaemon 68 68 / /usr/sbin/nologin hal -# Present in https://pagure.io/setup/c/08258e0f748c4f372fcbf1dd7947c132ee0b8a12, probably already unused in 2008 -# vcsa 69 69 - /usr/sbin/nologin dev,MAKEDEV +haldaemon 68 68 / /usr/sbin/nologin hal +vcsa 69 69 - /usr/sbin/nologin dev,MAKEDEV avahi 70 70 /var/run/avahi-daemon /usr/sbin/nologin avahi -# Present in https://pagure.io/setup/c/08258e0f748c4f372fcbf1dd7947c132ee0b8a12, probably already unused in 2008 -# realtime - 71 - - - +realtime - 71 - - - tcpdump 72 72 / /usr/sbin/nologin tcpdump privoxy 73 73 /etc/privoxy /bin/bash privoxy sshd 74 74 /var/empty/sshd /usr/sbin/nologin openssh-server radvd 75 75 / /bin/false radvd cyrus 76 (12) /var/imap /bin/bash cyrus-imapd saslauth - 76 - - cyrus-sasl, cyrus-imap -# Dynamic on new systems, removed Dec2023, can be reused if necessary later +# Dynamic on new systems, removed Dec2023, can be freed if necessary later #arpwatch 77 77 /var/lib/arpwatch /usr/sbin/nologin arpwatch fax 78 78 /var/spool/fax /usr/sbin/nologin mgetty -# Retired in 2014 (https://src.fedoraproject.org/rpms/nocpulse-common/c/2ee190601831472ca3ae9857311cfbd31c129c0e) -# nocpulse 79 79 /etc/sysconfig/nocpulse /bin/bash nocpulse +nocpulse 79 79 /etc/sysconfig/nocpulse /bin/bash nocpulse desktop 80 80 - /usr/sbin/nologin desktop-file-utils dbus 81 81 / /usr/sbin/nologin dbus -# References to JOnAS in FC3 around 2005… -# jonas 82 82 /var/lib/jonas /usr/sbin/nologin jonas +jonas 82 82 /var/lib/jonas /usr/sbin/nologin jonas clamav 83 83 /tmp /usr/sbin/nologin clamav screen - 84 - - screen -# Retired in 2021 (https://src.fedoraproject.org/rpms/quagga/c/42d57331ac98fcc4c7103854cb1ce0ddfc4bbbc2) -# quaggavt - 85 - - quagga -# Retired in 2014 (https://src.fedoraproject.org/rpms/sabayon/c/e1c4c886227e8123e55fd3fad93dc966d512b9b9) -# sabayon 86 86 - /usr/sbin/nologin sabayon +quaggavt - 85 - - quagga +sabayon 86 86 - /usr/sbin/nologin sabayon polkituser 87 87 / /usr/sbin/nologin PolicyKit wbpriv - 88 - - samba-common postfix 89 89 /var/spool/postfix /bin/true postfix postdrop - 90 - - postfix -# https://en.wikipedia.org/wiki/Majordomo_(software) says final release was 19 January 2000 -# majordomo 91 91 /usr/lib/majordomo /bin/bash majordomo -# Retired in 2021 (https://src.fedoraproject.org/rpms/quagga/c/42d57331ac98fcc4c7103854cb1ce0ddfc4bbbc2) -# quagga 92 92 / /usr/sbin/nologin quagga +majordomo 91 91 /usr/lib/majordomo /bin/bash majordomo +quagga 92 92 / /usr/sbin/nologin quagga exim 93 93 /var/spool/exim /usr/sbin/nologin exim distcache 94 94 / /usr/sbin/nologin distcache radiusd 95 95 / /bin/false freeradius -# Retired in 2021 (https://src.fedoraproject.org/rpms/hsqldb/c/54def1d22548601a91ccf6a92c17645a1c5d7cdf) -# hsqldb 96 96 /var/lib/hsqldb /usr/sbin/nologin hsqldb +hsqldb 96 96 /var/lib/hsqldb /usr/sbin/nologin hsqldb dovecot 97 97 /usr/libexec/dovecot /usr/sbin/nologin dovecot ident 98 98 / /usr/sbin/nologin ident # Note: 99 used to be the old uid for nobody, now moved to 65534, do not reuse users - 100 - - setup ssh_keys - 101 - - openssh -clock - 103 - - systemd input - 104 - - systemd render - 105 - - systemd sgx - 106 - - systemd qemu 107 107 / /usr/sbin/nologin libvirt ovirt 108 108 / /usr/sbin/nologin libvirt -# Retired in 2019 (https://src.fedoraproject.org/rpms/vdsm/c/6f1df621f648aa3b65edfcf3389649a6d13df5d4) -# rhevm 109 109 /home/rhevm /usr/sbin/nologin vdsm-reg +rhevm 109 109 /home/rhevm /usr/sbin/nologin vdsm-reg jetty 110 110 /usr/share/jetty /usr/sbin/nologin jetty saned 111 111 / /usr/sbin/nologin sane-backends vhostmd 112 112 /usr/share/vhostmd /usr/sbin/nologin vhostmd @@ -151,13 +126,10 @@ polkitd 114 114 / /usr/sbin/nologin polkit bacula 133 133 /var/spool/bacula /usr/sbin/nologin bacula cimsrvr 134 134 / /usr/sbin/nologin tog-pegasus-libs mock - 135 / - mock -# Retired in 2012 (https://src.fedoraproject.org/rpms/ricci/c/02a86812383253577ce309d633a400c9c6353ecd, -# https://fedoraproject.org/wiki/Features/Cluster) -# ricci 140 140 /var/lib/ricci /usr/sbin/nologin ricci -# luci 141 141 /var/lib/luci /usr/sbin/nologin luci +ricci 140 140 /var/lib/ricci /usr/sbin/nologin ricci +luci 141 141 /var/lib/luci /usr/sbin/nologin luci activemq 142 142 /usr/share/activemq /usr/sbin/nologin activemq -# Retired in 2019 (https://src.fedoraproject.org/rpms/cassandra/c/8fcb780b616a034aa5d787d04d631ac1f815f694) -# cassandra 143 143 /var/lib/cassandra /usr/sbin/nologin cassandra +cassandra 143 143 /var/lib/cassandra /usr/sbin/nologin cassandra stap-server 155 155 /var/lib/stap-server /usr/sbin/nologin systemtap stapusr - 156 / - systemtap-runtime stapsys - 157 / - systemtap-runtime @@ -172,8 +144,7 @@ ceilometer 166 166 /var/lib/ceilometer /usr/sbin/nologin openstack-ceilometer ceph 167 167 /var/lib/ceph /usr/sbin/nologin ceph-common avahi-autoipd 170 170 /var/lib/avahi-autoipd /usr/sbin/nologin avahi pulse 171 171 /var/run/pulse /usr/sbin/nologin pulseaudio -# Dynamic on new systems, removed Mar2025, can be reused if necessary later -# rtkit 172 172 /proc /usr/sbin/nologin rtkit +rtkit 172 172 /proc /usr/sbin/nologin rtkit abrt 173 173 /etc/abrt /usr/sbin/nologin abrt retrace 174 174 /usr/share/retrace-server /usr/sbin/nologin retrace-server ovirtagent 175 175 / /usr/sbin/nologin ovirt-guest-agent @@ -181,11 +152,9 @@ ats 176 176 / /usr/sbin/nologin trafficserver dhcpd 177 177 / /usr/sbin/nologin dhcp myproxy 178 178 /var/lib/myproxy /usr/sbin/nologin myproxy-server sanlock 179 179 /var/run/sanlock /usr/sbin/nologin sanlock -# Retired in 2012 (https://src.fedoraproject.org/rpms/aeolus-all/c/4b303d259fb530130e413be462e032390595714d) -# aeolus 180 180 /var/aeolus /usr/sbin/nologin aeolus-configure -# Retired in 2015 (https://src.fedoraproject.org/rpms/wallaby/c/93d5de780d22a378db988a8b72d3d30ebf628930) -# wallaby 181 181 /var/lib/wallaby /usr/sbin/nologin wallaby -# Not used anymore, removed Jun2021, can be reused if necessary later +aeolus 180 180 /var/aeolus /usr/sbin/nologin aeolus-configure +wallaby 181 181 /var/lib/wallaby /usr/sbin/nologin wallaby +# Not used anymore, removed Jun2021, can be freed if necessary later #katello 182 182 /usr/share/katello /usr/sbin/nologin katello-common elasticsearch 183 183 /usr/share/java/elasticsearch /usr/sbin/nologin elasticsearch mongodb 184 184 /var/lib/mongodb /usr/sbin/nologin mongodb @@ -198,11 +167,10 @@ haproxy 188 188 /var/lib/haproxy /usr/sbin/nologin haproxy haclient - 189 - - pacemaker hacluster 189 (189) / /usr/sbin/nologin pacemaker systemd-journal - 190 - - systemd -# Dynamic on new systems, removed Dec2014, can be reused if necessary later +# Dynamic on new systems, removed Dec2014, can be freed if necessary later #systemd-journal-gateway 191 191 / /usr/sbin/nologin systemd systemd-network 192 192 / /usr/sbin/nologin systemd systemd-resolve 193 193 / /usr/sbin/nologin systemd -xrootd 194 194 /var/spool/xrootd - xrootd-server #gnats ? ? ? ? gnats, gnats-db #listar ? ? ? ? listar nobody 65534 65534 / /usr/sbin/nologin setup diff --git a/uidgidlint b/uidgidlint index 997cc43..902f55e 100755 --- a/uidgidlint +++ b/uidgidlint @@ -1,26 +1,23 @@ -#!/bin/bash -set -eu -set -o pipefail - +#!/bin/sh # We need a file to look at. if [ -z "$*" ] ; then - echo "Usage: $0 uidgid" + echo Usage: `basename $0` uidgid exit 1 fi error=0 # The format of the file is (currently) for infile in "$@" ; do - uidlist=$(grep -v '^#' "$infile" | awk '{print $2}' | grep -v -e - | sort -nu) - gidlist=$(grep -v '^#' "$infile" | awk '{print $3}' | grep -v -e - | sort -nu) - for uid in $uidlist; do - if test "$(grep -v '^#' "$infile" | awk '{print $2}' | grep -c '^'"$uid"'$')" -ne 1 ; then - echo "Duplicate UID: $uid" + uidlist=`grep -v '^#' "$infile" | awk '{print $2}' | grep -v -e - | sort -nu` + gidlist=`grep -v '^#' "$infile" | awk '{print $3}' | grep -v -e - | sort -nu` + for uid in $uidlist ; do + if test `grep -v '^#' "$infile" | awk '{print $2}' | grep '^'"$uid"'$' | wc -l` -ne 1 ; then + echo Duplicate UID: $uid error=1 fi done - for gid in $gidlist; do - if test "$(grep -v '^#' "$infile" | awk '{print $3}' | grep -c '^'"$gid"'$')" -ne 1 ; then - echo "Duplicate GID: $gid" + for gid in $gidlist ; do + if test `grep -v '^#' "$infile" | awk '{print $3}' | grep '^'"$gid"'$' | wc -l` -ne 1 ; then + echo Duplicate GID: $gid error=1 fi done