On Thu, Jul 10, 2014 at 08:17:07AM +0300, Oron Peled wrote: > On Thursday 10 July 2014 01:49:41 Lennart Poettering wrote: > > Please understand that we are not duplicating "adduser" here. Already in > > the name of the tool we wanted to make clear thtat this is abotu system > > users, nothing else. The file format we defined has been reduced to the > > minimum possible, in order to make it difficult for people to use it for > > anything else than this. > > There are cases where a home directory of system users carry some semantics. > > Two examples from the top of my head: > * Some tftpd implementations use it as the base path (and chroot into it) > * Some anonymous ftpd implementation have similar use (chroot into ~ftp) Another interesting use case is gitolite: it's a system user that needs: - a shell (/bin/sh in Fedora) -- otherwise sshd won't allow login (/sbin/nologin) or login fails (/sbin/login) - a home directory (/var/lib/gitolite in Fedora) -- so sshd can use ~/.ssh/authorized_keys to work out who's allowed to use the service & what they're allowed to do sshd prevents users from ever getting the default shell due to the configuration of authorized_keys. However, it doesn't need/want a password allowing standard login (though the admin will do "su - gitolite" from root for initial setup or version migration). See http://gitolite.com/gitolite/how.html for more details on how gitolite's ssh authentication works. -- Scott Schmit
<<attachment: smime.p7s>>
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
