Bug 717119 - Please update documentation to refer to /etc/login.defs to define a 'system' account
Summary: Please update documentation to refer to /etc/login.defs to define a 'system' ...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: sssd
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
Assignee: Stephen Gallagher
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1kAccounts
TreeView+ depends on / blocked
 
Reported: 2011-06-28 04:33 UTC by Miloslav Trmač
Modified: 2020-05-04 10:21 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-05 21:15:52 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
FedoraHosted SSSD 907 0 None None None Never
Github SSSD sssd issues 1949 0 None closed The local provider min_id should be a compile-time option 2020-05-04 10:21:24 UTC

Description Miloslav Trmač 2011-06-28 04:33:08 UTC
src/examples/sssd.conf assumes that user accounts start at ID 500; please update it to refer to /etc/login.defs [UG]ID_MIN, we plan to change the boundary.

Version-Release number of selected component (if applicable):
sssd-1.5.8-1.fc16

Comment 1 Stephen Gallagher 2011-06-28 11:09:40 UTC
This is only an example configuration file. It is disabled by default and the purpose of mentioning the min_id = 500 is to demonstrate an override, not a default.

The default for the SSSD local provider has always been 1000, but I realize that we should probably make this a compile-time option (right now it's hard-coded). I've opened https://fedorahosted.org/sssd/ticket/907 upstream to add this option.

Comment 2 Miloslav Trmač 2011-06-28 16:51:36 UTC
Re: ticket 907, in general I think it would be preferable if the administrator only had to modify a single file (and /etc/login.defs is already used by several packages); but perhaps the sssd model does not so easily map to the simple "system account/user account" split, I don't know.

Comment 3 Simo Sorce 2011-06-28 17:36:47 UTC
There are three classes we have to care about when sssd is involved:
system users
local users
network users

Our min_id command *filters* out any user that have an id lower than that setting so that 'network users' cannot interfere with system and local users.
So using login.defs doesn't make much sense for min_id.

We might start using it is one day in Fedora we decide to always store 'local' users in the LOCAL domain of sssd. For those users login_defs makes sense.

Comment 4 Stephen Gallagher 2012-03-05 21:15:52 UTC
At this time, we have no plans to change this default (and Fedora has opted to switch to a min_id = 1000 default as well).


Note You need to log in before you can comment on or make changes to this bug.