Bug 717119 - Please update documentation to refer to /etc/login.defs to define a 'system' account
Summary: Please update documentation to refer to /etc/login.defs to define a 'system' ...
Alias: None
Product: Fedora
Classification: Fedora
Component: sssd
Version: rawhide
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Stephen Gallagher
QA Contact: Fedora Extras Quality Assurance
Depends On:
Blocks: 1kAccounts
TreeView+ depends on / blocked
Reported: 2011-06-28 04:33 UTC by Miloslav Trmač
Modified: 2012-03-05 21:15 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2012-03-05 21:15:52 UTC

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
FedoraHosted SSSD 907 None None None Never

Description Miloslav Trmač 2011-06-28 04:33:08 UTC
src/examples/sssd.conf assumes that user accounts start at ID 500; please update it to refer to /etc/login.defs [UG]ID_MIN, we plan to change the boundary.

Version-Release number of selected component (if applicable):

Comment 1 Stephen Gallagher 2011-06-28 11:09:40 UTC
This is only an example configuration file. It is disabled by default and the purpose of mentioning the min_id = 500 is to demonstrate an override, not a default.

The default for the SSSD local provider has always been 1000, but I realize that we should probably make this a compile-time option (right now it's hard-coded). I've opened https://fedorahosted.org/sssd/ticket/907 upstream to add this option.

Comment 2 Miloslav Trmač 2011-06-28 16:51:36 UTC
Re: ticket 907, in general I think it would be preferable if the administrator only had to modify a single file (and /etc/login.defs is already used by several packages); but perhaps the sssd model does not so easily map to the simple "system account/user account" split, I don't know.

Comment 3 Simo Sorce 2011-06-28 17:36:47 UTC
There are three classes we have to care about when sssd is involved:
system users
local users
network users

Our min_id command *filters* out any user that have an id lower than that setting so that 'network users' cannot interfere with system and local users.
So using login.defs doesn't make much sense for min_id.

We might start using it is one day in Fedora we decide to always store 'local' users in the LOCAL domain of sssd. For those users login_defs makes sense.

Comment 4 Stephen Gallagher 2012-03-05 21:15:52 UTC
At this time, we have no plans to change this default (and Fedora has opted to switch to a min_id = 1000 default as well).

Note You need to log in before you can comment on or make changes to this bug.