Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support new u! command in sysusers files #3481

Merged
merged 1 commit into from
Dec 6, 2024
Merged

Support new u! command in sysusers files #3481

merged 1 commit into from
Dec 6, 2024

Conversation

ffesti
Copy link
Contributor

@ffesti ffesti commented Dec 2, 2024

systemd 257 defines a new modifier ! for u entries that locks the account by setting it as expired.

See systemd/systemd@2ec7977

Resolves: #3450

@ffesti ffesti requested a review from a team as a code owner December 2, 2024 15:34
@ffesti ffesti requested review from dmnks and removed request for a team December 2, 2024 15:34
dmnks
dmnks reviewed Dec 5, 2024
View reviewed changes
scripts/sysusers.sh Outdated
@@ -90,6 +91,10 @@ user() {
fi
fi
fi

if [[ $expire ]]; then
usermod -e 0 "${user}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Although various sources claim that both 0 and 1 (or higher) can be used to disable an account, there's at least one place where the use of 0 is discouraged, in the shadow(5) man page:

account expiration date
           The date of expiration of the account, expressed as the number of days since Jan 1, 1970 00:00 UTC.

           Note that an account expiration differs from a password expiration. In case of an account expiration, the user
           shall not be allowed to login. In case of a password expiration, the user is not allowed to login using her
           password.

           An empty field means that the account will never expire.

           The value 0 should not be used as it is interpreted as either an account with no expiration, or as an expiration
           on Jan 1, 1970.

So I wonder if using 1 wouldn't be safer? It's also what sysusers does here (albeit still saying that either 0 or 1 can be used, see this line).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, let's rather be on the save side. Changed to 1.

@ffesti
Support new u! command in sysusers files
c33ce2f 
systemd 257 defines a new modifier ! for u entries that locks the
account by setting it as expired.

See systemd/systemd@2ec7977

Resolves: rpm-software-management#3450
@dmnks
Copy link
Contributor

dmnks commented Dec 6, 2024

Thanks!

@dmnks dmnks merged commit 2347060 into rpm-software-management:master Dec 6, 2024
1 check passed
@ffesti ffesti deleted the 3450 branch December 9, 2024 12:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dmnks dmnks dmnks left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

systemd 257 defines a new modifier ! for u entries
2 participants
@ffesti @dmnks