Bug 2192833

Summary: Speaking of passwd
Product: [Fedora] Fedora Reporter: Artem S. Tashkinov <aros>
Component: setupAssignee: Martin Osvald 🛹 <mosvald>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: rawhideCC: karsten, mosvald, ovasik, pavel
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-07-23 11:00:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Artem S. Tashkinov 2023-05-03 08:49:43 UTC
Here's what the XFCE spin of Fedora 38 generates:

root:x:0:0:Super User:/root:/bin/bash
bin:x:1:1:bin:/bin:/usr/sbin/nologin
daemon:x:2:2:daemon:/sbin:/usr/sbin/nologin
adm:x:3:4:adm:/var/adm:/usr/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/usr/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/usr/sbin/nologin
operator:x:11:0:operator:/root:/usr/sbin/nologin
games:x:12:100:games:/usr/games:/usr/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/usr/sbin/nologin
nobody:x:65534:65534:Kernel Overflow User:/:/usr/sbin/nologin
dbus:x:81:81:System Message Bus:/:/usr/sbin/nologin
tss:x:59:59:Account used for TPM access:/:/usr/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/usr/sbin/nologin
systemd-oom:x:998:998:systemd Userspace OOM Killer:/:/usr/sbin/nologin
systemd-resolve:x:193:193:systemd Resolver:/:/usr/sbin/nologin
polkitd:x:997:996:User for polkitd:/:/sbin/nologin
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
geoclue:x:996:995:User for geoclue:/var/lib/geoclue:/sbin/nologin
colord:x:995:994:User for colord:/var/lib/colord:/sbin/nologin
nm-fortisslvpn:x:994:993:Default user for running openfortivpn spawned by NetworkManager:/:/sbin/nologin
rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin
pipewire:x:993:992:PipeWire System Daemon:/var/run/pipewire:/sbin/nologin
chrony:x:992:991:chrony system user:/var/lib/chrony:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
openvpn:x:991:990:OpenVPN:/etc/openvpn:/sbin/nologin
nm-openvpn:x:990:989:Default user for running openvpn spawned by NetworkManager:/:/sbin/nologin
nm-openconnect:x:989:988:NetworkManager user for OpenConnect:/:/sbin/nologin
unbound:x:988:987:Unbound DNS resolver:/var/lib/unbound:/sbin/nologin
setroubleshoot:x:987:986:SELinux troubleshoot server:/var/lib/setroubleshoot:/usr/sbin/nologin
abrt:x:173:173::/etc/abrt:/sbin/nologin
sstpc:x:986:985:Secure Socket Tunneling Protocol(SSTP) Client:/var/run/sstpc:/sbin/nologin
lightdm:x:985:984:LightDM daemon:/var/lib/lightdm:/usr/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
vboxadd:x:984:1::/var/run/vboxadd:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/usr/share/empty.sshd:/usr/sbin/nologin
dnsmasq:x:983:982:Dnsmasq DHCP and DNS server:/var/lib/dnsmasq:/usr/sbin/nologin
tcpdump:x:72:72:tcpdump:/:/usr/sbin/nologin
systemd-coredump:x:981:981:systemd Core Dumper:/:/usr/sbin/nologin
systemd-timesync:x:980:980:systemd Time Synchronization:/:/usr/sbin/nologin

Issues:

1) Entries are not sorted by the ID - I've always been hugely annoyed by that. Please make changes to whatever utilities/libraries are handling `passwd` and `group` entries to always make them sorted by the third field numerically

2) There's a mess of `{/bin|/usr/bin|/sbin|/usr/sbin}/something` as a user shell/command. Please make them all use `/usr/{bin|sbin}/something`

3) I really really hate that some high UIDs != GUIDs, e.g. sstpc's 986 != 985. There's nothing bad or wrong about that but it's sloppy considering it's a brand new system and you can perfectly make them match except for users using other groups IDs, e.g. halt or games.

4) Some users descriptions capitalize each word ("PipeWire System Daemon"), others don't ("Unbound DNS resolver"). Why?

Thank you for your attention.

And no, I'm not going to file a bug report against each individual package. There are literally hundreds of applications/daemons/services which come with a separate user or/and group.

Comment 1 Artem S. Tashkinov 2023-06-29 10:22:04 UTC
May I have your attention please?

Comment 2 Ondrej Vasik 2023-06-29 11:02:23 UTC
You state you are not going to file a bug report against each individual package. But this is exactly how this can only be handled. This package just owns the basic passwd file, it is not responsible for the format - tools from shadow-utils or passwd utility write into that file. If you want to pursue that, individual bug report against specific components is imho the only way how to change it...

Comment 3 Artem S. Tashkinov 2023-06-30 08:18:39 UTC
I'm pretty sure all the applications/servers/services/daemons which update /etc/{passwd|group|shadow|grshadow} do so via some API.

I don't think it's going to be too difficult to change this API to make these files sorted.

Comment 4 Martin Osvald 🛹 2023-06-30 09:55:50 UTC
Until recently all the packages created users/groups directly through the spec file.

With sysusers.d introduction:

https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format

most of the packages on Fedora use sysusers.d file format:

https://www.freedesktop.org/software/systemd/man/sysusers.d.html

and let systemd create them.

So if any sorting should be done, it should be done by systemd-sysusers and RFE should get filled against it.


Regarding the other discrepancies (/sbin/nologin instead of /usr/sbin/nologin and GECOS field), individual bugs should get filled against the responsible packages, from the setup package point of view, there is nothing that can be done.

Package maintainers should be aware about UsrMove/Usr merge and change it to /usr/sbin/nologin:

https://fedoraproject.org/wiki/Features/UsrMove

like it was done for setup:

https://pagure.io/setup/c/e24038b10525d0037b5e359b541d59f769fa8ca9?branch=master

Comment 5 Martin Osvald 🛹 2023-07-23 11:00:51 UTC
I hope we answered all your queries. With all the above being said I am closing this as NOTABUG.