Chasing symlinks is a core function that's used in a lot of places
so it deservers a less verbose names so let's rename it to chase()
and chaseat().
We also slightly change the pattern used for the chaseat() helpers
so we get chase_and_openat() and similar.
The usual story:
$ diff -u <(pahole build/systemd-sysusers.0) <(pahole build/systemd-sysusers)
/* size: 80, cachelines: 2, members: 15 */
- /* sum members: 68, holes: 1, sum holes: 4 */
- /* sum bitfield members: 5 bits (0 bytes) */
- /* padding: 7 */
- /* bit_padding: 3 bits */
+ /* sum members: 73, holes: 1, sum holes: 4 */
+ /* padding: 3 */
/* last cacheline: 16 bytes */
Effectively, because of padding, we were not saving anything. We're not putting
struct Item in arrays, but when allocating on the heap, we're going to round up to
normal alignment too.
The code becomes shorter (and quicker):
$ size build/systemd-sysusers{,.0}
text data bss dec hex filename
79967 2040 264 82271 1415f build/systemd-sysusers.0
79726 2040 264 82030 1406e build/systemd-sysusers
(In case you're wondering, I wrote this long commit message for a very simple
change on purpose: I want to deflate the bitfield cargo cult a bit.)
The name "def.h" originates from before the rule of "no needless abbreviations"
was established. Let's rename the file to clarify that it contains a collection
of various semi-related constants.
This adds an additional name check when cross-matching new group
entries against existing users, which allows coalescing entries
matching both ID and name.
It provides a small idempotence enhancement when creating groups
in cases where matching user entries are in place. By fine-tuning
the conflict detection logic, this avoids picking up new random
IDs and correctly prefers configuration values instead.
This renames UidRange -> UidRangeEntry, and reintroduces UidRange which
contains the array of UidRangeEntry and its size.
No fucntional changes, just refactoring.
We have fairly nice error messages for specific operations, but only at debug
level. Instead, we'd print a fairly useless generic message:
Before:
Failed to write files: Invalid argument
After:
Failed to add existing group "users" to temporary group file: Invalid argument
Fixes#10241.
/bin/sh as a shell is punishing. There is no good reason to make
the occasional root login unpleasant.
Since /bin/sh is usually /bin/bash in compat mode, i.e. if one is
available, the other will be too, /bin/bash is almost as good as a default.
But to avoid a regression in the situation where /bin/bash (or
DEFAULT_USER_SHELL) is not installed, we check with access() and fall back
to /bin/sh. This should make this change in behaviour less risky.
(FWIW, e.g. Fedora/RHEL use /bin/bash as default for root.)
This is a follow-up of sorts for 53350c7bba,
which added the default-user-shell option, but most likely with the idea
of using /bin/bash less ;)
Fixes#24369.
We'd warn that "-" and "/sbin/nologin" are different, even even though
"/sbin/nologin" is the default we'd use. So let's stop warning in all cases
where the config would lead to the same file, also under different paths,
or when both shells are nologin shells.
The general idea is to avoid warnings when sysusers config is moved between
packages (and not exactly the same), or when it is generated from some template
and the details change in an unimportant way.
We try to chase symlinks. This means that on unmerged-usr systems we'll find
that e.g. /usr/bin/bash and /bin/bash are equivalent if the basic fs structure
is already in place (bash doesn't actually have to be installed, enough that
the /bin symlink exists). I think this is a good result: after all, /bin/bash
and /usr/bin/bash *may* be different things on an unmerged-usr system.
Fixes#24215.
/home/zbyszek/src/systemd-work/testcase.conf:3: '//sbin//nologin' is not a valid login shell field.
This isn't very useful. The usual argument holds: people use templates to
construct config, so paths may have doubled slashes and similar. Let's simplify
paths so that the value that is pushed to /etc/passwd is nice and clean.
https://github.com/systemd/systemd/pull/6636 added `fsync()` when
temporary shadow, group, and gshadow files are created, but it was
not added for passwd. As far as I can tell, this seems to have been
an oversight. I'm seeing real world issues where a blank /etc/passwd
file is being created if a machine loses power early in the boot process.
