Skip to content

sysusers: create fully locked system account #3468

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

sysusers: create fully locked system account #3468

wants to merge 1 commit into from

Conversation

eworm-de
Copy link
Contributor

... for some extra security. The account is marked locked as a whole, not just created with an invalid password.

https://github.com/systemd/systemd/blob/v257/NEWS#L767-L777
https://www.freedesktop.org/software/systemd/man/latest/sysusers.d.html#u

@eworm-de
Copy link
Contributor Author

This is supported with systemd v257. Can we just use it (as a system with recent util-linux should comes with recent systemd as well) or do we need a switch?

@karelzak
Copy link
Collaborator

I have doubts that enabling it by default is a good idea as v257 seems very recent (for example, the current Fedora has v256). The util-linux does not require the most recent dependencies. Maybe adding --enable-sysusers-locked is not a bad idea.

@eworm-de
Copy link
Contributor Author

Wondering if this should be autodetected from build environment...

@karelzak
Copy link
Collaborator

systemctl systemctl --version, or maybe somehow by pkg-config, not sure

@karelzak karelzak added the NOT-READY The patch is not ready yet. Need rework. label Mar 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
NOT-READY The patch is not ready yet. Need rework.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@eworm-de @karelzak