* Lennart Poettering: > On Do, 06.12.18 14:58, Pavel Březina (pbrezina@xxxxxxxxxx) wrote: > >> > Then there is nss-mymachines. It's primarily useful if >> > systemd-machined or systemd-nspawn is used. Given that those are now >> > part of the 'systemd-container' RPM it would be OK to also add >> > nss-mymachines to nsswitch.conf only when the RPM is installed, if >> > there's a concept for that. That said, in order to simplify things, >> > and given that systemd is a very core part of the OS I'd personally >> > just put it statically in nsswitch.conf too by default. After all a >> > missing NSS module listed in nsswitch.conf is just skipped, hence this >> > should not matter. This module should be in the 'passwd', 'group' and >> > 'hosts' lines. >> >> Reading https://bugzilla.redhat.com/show_bug.cgi?id=1284325 there is can >> happen some ID overlaps with FreeIPA/Samba which is undesirable. I would say >> that this must be solves if this module is enabled by default. Was there any >> progress in this area? > > I think that's a misunderstanding of what the module does. At the > point the module announces those uid/gid ranges they are already > reserved, hence the conflict is already there. nss-mymachines is hence > only the messanger, not the culprit. I don't think we enforce that reservation system-wide. Do we filter out those accounts when they come in over LDAP? Can users add them locally using adduser? None of the NSS modules in glibc provide such filtering. Thanks, Florian _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
