Bug 717119 - Please update documentation to refer to /etc/login.defs to define a 'system' account
Please update documentation to refer to /etc/login.defs to define a 'system' ...
Product: Fedora
Classification: Fedora
Component: sssd (Show other bugs)
Unspecified Unspecified
unspecified Severity low
: ---
: ---
Assigned To: Stephen Gallagher
Fedora Extras Quality Assurance
Depends On:
Blocks: 1kAccounts
  Show dependency treegraph
Reported: 2011-06-28 00:33 EDT by Miloslav Trmač
Modified: 2012-03-05 16:15 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-03-05 16:15:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
FedoraHosted SSSD 907 None None None Never

  None (edit)
Description Miloslav Trmač 2011-06-28 00:33:08 EDT
src/examples/sssd.conf assumes that user accounts start at ID 500; please update it to refer to /etc/login.defs [UG]ID_MIN, we plan to change the boundary.

Version-Release number of selected component (if applicable):
Comment 1 Stephen Gallagher 2011-06-28 07:09:40 EDT
This is only an example configuration file. It is disabled by default and the purpose of mentioning the min_id = 500 is to demonstrate an override, not a default.

The default for the SSSD local provider has always been 1000, but I realize that we should probably make this a compile-time option (right now it's hard-coded). I've opened https://fedorahosted.org/sssd/ticket/907 upstream to add this option.
Comment 2 Miloslav Trmač 2011-06-28 12:51:36 EDT
Re: ticket 907, in general I think it would be preferable if the administrator only had to modify a single file (and /etc/login.defs is already used by several packages); but perhaps the sssd model does not so easily map to the simple "system account/user account" split, I don't know.
Comment 3 Simo Sorce 2011-06-28 13:36:47 EDT
There are three classes we have to care about when sssd is involved:
system users
local users
network users

Our min_id command *filters* out any user that have an id lower than that setting so that 'network users' cannot interfere with system and local users.
So using login.defs doesn't make much sense for min_id.

We might start using it is one day in Fedora we decide to always store 'local' users in the LOCAL domain of sssd. For those users login_defs makes sense.
Comment 4 Stephen Gallagher 2012-03-05 16:15:52 EST
At this time, we have no plans to change this default (and Fedora has opted to switch to a min_id = 1000 default as well).

Note You need to log in before you can comment on or make changes to this bug.