diff --git a/system-group-hardware.conf b/system-group-hardware.conf index ad228d0..b96b7e2 100644 --- a/system-group-hardware.conf +++ b/system-group-hardware.conf @@ -7,6 +7,7 @@ g utmp - - # Hardware access groups g audio - - g cdrom - - +g clock - - g dialout - - g disk - - g input - - diff --git a/system-user-bin.conf b/system-user-bin.conf index 0722698..7d433a0 100644 --- a/system-user-bin.conf +++ b/system-user-bin.conf @@ -1,4 +1,2 @@ # Type Name ID GECOS [HOME] -g bin 1 -m daemon bin -u bin 1 bin /bin +u! bin 1 bin /bin diff --git a/system-user-daemon.conf b/system-user-daemon.conf index bb3cbec..57560db 100644 --- a/system-user-daemon.conf +++ b/system-user-daemon.conf @@ -1,3 +1,2 @@ # Type Name ID GECOS [HOME] -g daemon 2 -u daemon 2 Daemon /sbin +u! daemon 2 Daemon /sbin diff --git a/system-user-ftp.conf b/system-user-ftp.conf index 4cbc2bd..fa14030 100644 --- a/system-user-ftp.conf +++ b/system-user-ftp.conf @@ -1,2 +1,2 @@ # Type Name ID GECOS [HOME] -u ftp - "FTP Account" /srv/ftp +u! ftp - "FTP Account" /srv/ftp diff --git a/system-user-games.conf b/system-user-games.conf index 75f3fe9..8f6eb4d 100644 --- a/system-user-games.conf +++ b/system-user-games.conf @@ -1,2 +1,2 @@ # Type Name ID GECOS [HOME] -u games - "Games account" /var/games +u! games - "Games account" /var/games diff --git a/system-user-lp.conf b/system-user-lp.conf index 579fc40..57b4e2d 100644 --- a/system-user-lp.conf +++ b/system-user-lp.conf @@ -1,2 +1,2 @@ # Type Name ID GECOS [HOME] -u lp - "Printing daemon" /var/spool/lpd +u! lp - "Printing daemon" /var/spool/lpd diff --git a/system-user-mail.conf b/system-user-mail.conf index 39f4a58..b0c8210 100644 --- a/system-user-mail.conf +++ b/system-user-mail.conf @@ -1,2 +1,2 @@ # Type Name ID GECOS [HOME] -u mail - "Mailer daemon" /var/spool/clientmqueue +u! mail - "Mailer daemon" /var/spool/clientmqueue diff --git a/system-user-man.conf b/system-user-man.conf index c8e1514..3d7907a 100644 --- a/system-user-man.conf +++ b/system-user-man.conf @@ -1,3 +1,3 @@ # Type Name ID GECOS [HOME] g man 62 -u man 13 "Manual pages viewer" /var/lib/empty +u! man 13 "Manual pages viewer" /var/lib/empty diff --git a/system-user-news.conf b/system-user-news.conf index 51c6a32..3b36c3c 100644 --- a/system-user-news.conf +++ b/system-user-news.conf @@ -1,2 +1,2 @@ # Type Name ID GECOS [HOME] -u news - "News system" /etc/news +u! news - "News system" /etc/news diff --git a/system-user-nobody.conf b/system-user-nobody.conf index 2d81734..db1df7c 100644 --- a/system-user-nobody.conf +++ b/system-user-nobody.conf @@ -1,4 +1,3 @@ # Type Name ID GECOS [HOME] g nogroup 65533 -g nobody 65534 -u nobody 65534 "nobody" /var/lib/nobody /bin/bash +u! nobody 65534 "nobody" /var/lib/nobody - diff --git a/system-user-ntp.conf b/system-user-ntp.conf index 043d097..8063229 100644 --- a/system-user-ntp.conf +++ b/system-user-ntp.conf @@ -1,2 +1,2 @@ # Type Name ID GECOS [HOME] -u ntp - "NTP account" /var/lib/ntp +u! ntp - "NTP account" /var/lib/ntp diff --git a/system-user-qemu.conf b/system-user-qemu.conf index 404eb3a..8ef138b 100644 --- a/system-user-qemu.conf +++ b/system-user-qemu.conf @@ -1,4 +1,3 @@ # Type Name ID GECOS [HOME] -g qemu 107 -u qemu 107 "qemu user" +u! qemu 107 "qemu user" m qemu kvm diff --git a/system-user-tftp.conf b/system-user-tftp.conf index b20ec7e..9ff6276 100644 --- a/system-user-tftp.conf +++ b/system-user-tftp.conf @@ -1,2 +1,2 @@ # Type Name ID GECOS [HOME] -u tftp - "TFTP Account" /srv/tftpboot +u! tftp - "TFTP Account" /srv/tftpboot diff --git a/system-user-tss.conf b/system-user-tss.conf index df2729e..0b36f09 100644 --- a/system-user-tss.conf +++ b/system-user-tss.conf @@ -1,2 +1,2 @@ # Type Name ID GECOS [HOME] -u tss 98 "TSS daemon" /var/lib/tpm +u! tss 98 "TSS daemon" /var/lib/tpm diff --git a/system-user-upsd.conf b/system-user-upsd.conf index c649863..05204ee 100644 --- a/system-user-upsd.conf +++ b/system-user-upsd.conf @@ -1,3 +1,2 @@ # Type Name ID GECOS [HOME] -u upsd - "UPS daemon" /var/lib/empty -m upsd daemon +u! upsd - "UPS daemon" /var/lib/empty diff --git a/system-user-uucp.conf b/system-user-uucp.conf index 4974dc9..4fe0037 100644 --- a/system-user-uucp.conf +++ b/system-user-uucp.conf @@ -1,3 +1,3 @@ # Type Name ID GECOS [HOME] -u uucp - "Unix-to-Unix CoPy system" /etc/uucp +u! uucp - "Unix-to-Unix CoPy system" /etc/uucp m uucp lock diff --git a/system-user-uuidd.conf b/system-user-uuidd.conf index 57bb1d5..c7a42af 100644 --- a/system-user-uuidd.conf +++ b/system-user-uuidd.conf @@ -1,2 +1,2 @@ # Type Name ID GECOS [HOME] -u uuidd - "User for uuidd" /var/run/uuidd +u! uuidd - "User for uuidd" /var/run/uuidd diff --git a/system-user-vscan.conf b/system-user-vscan.conf index 275f911..8eef383 100644 --- a/system-user-vscan.conf +++ b/system-user-vscan.conf @@ -1,3 +1,2 @@ # Type Name ID GECOS [HOME] -g vscan 65 - - -u vscan 65 "Vscan account" /var/spool/amavis +u! vscan 65 "Vscan account" /var/spool/amavis diff --git a/system-user-wwwrun.conf b/system-user-wwwrun.conf index 30b1605..36903f2 100644 --- a/system-user-wwwrun.conf +++ b/system-user-wwwrun.conf @@ -1,4 +1,4 @@ # Type Name ID GECOS [HOME] g www - -u wwwrun - "WWW daemon apache" /var/lib/wwwrun +u! wwwrun - "WWW daemon apache" /var/lib/wwwrun m wwwrun www diff --git a/system-users.changes b/system-users.changes index ef69533..ca0f38c 100644 --- a/system-users.changes +++ b/system-users.changes @@ -1,3 +1,29 @@ +------------------------------------------------------------------- +Mon Aug 25 09:01:05 UTC 2025 - Jan Engelhardt + +- Remove old and now implicit %defattr lines +- Use noun phrase for descriptions +- Reduce calls to mkdir + +------------------------------------------------------------------- +Fri Aug 22 14:27:27 UTC 2025 - Thorsten Kukuk + +- Use fully locked user accounts +- Remove daemon as second group + +------------------------------------------------------------------- +Wed Mar 12 09:31:26 UTC 2025 - Thorsten Kukuk + +- system-group-hardware: add group clock for systemd 258 + (udev: set clock group for PTP and RTC devices) + +------------------------------------------------------------------- +Wed Oct 30 10:29:05 UTC 2024 - Thorsten Kukuk + +- system-user-nobody: remove shell for user nobody, all packages + should be meanwhile adjusted, no other distribution has a shell + for this user. + ------------------------------------------------------------------- Fri Aug 18 09:49:58 UTC 2023 - Thorsten Kukuk diff --git a/system-users.spec b/system-users.spec index c6309f8..c547d75 100644 --- a/system-users.spec +++ b/system-users.spec @@ -1,7 +1,7 @@ # # spec file for package system-users # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,9 +17,9 @@ Name: system-users -Version: 20170617 +Version: 20250822 Release: 0 -Summary: Provide system accounts +Summary: Provider for system accounts License: MIT Group: System/Fhs Source1: system-user-uucp.conf @@ -54,9 +54,7 @@ This package provides various system users and their directories %package -n system-user-bin Summary: System user and group 'bin' -#!BuildIgnore: user(daemon) Group: System/Fhs -Requires(pre): user(daemon) %{sysusers_requires} %description -n system-user-bin @@ -178,9 +176,7 @@ This package provides the system account and group 'nobody'. %package -n system-user-upsd Summary: System user upsd -#!BuildIgnore: group(daemon) Group: System/Fhs -Requires(pre): group(daemon) %{sysusers_requires} %description -n system-user-upsd @@ -252,7 +248,7 @@ Group: System/Fhs This package provides the system user and group 'ntp'. %prep -%setup -q -c -T +%autosetup -c %build %sysusers_generate_pre %{SOURCE1} uucp system-user-uucp.conf @@ -280,20 +276,21 @@ This package provides the system user and group 'ntp'. %sysusers_generate_pre %{SOURCE25} ntp system-user-ntp.conf %install -mkdir -p %{buildroot}%{_sysusersdir} -mkdir -p %{buildroot}%{_sysconfdir}/uucp -mkdir -p %{buildroot}%{_sysconfdir}/news -mkdir -p %{buildroot}%{_localstatedir}/games -mkdir -p %{buildroot}%{_localstatedir}/lib/ntp -mkdir -p %{buildroot}%{_localstatedir}/lib/wwwrun -mkdir -p %{buildroot}%{_localstatedir}/spool/amavis -mkdir -p %{buildroot}%{_localstatedir}/spool/clientmqueue -mkdir -p %{buildroot}%{_localstatedir}/spool/lpd -mkdir -p %{buildroot}%{_localstatedir}/run/uuidd -mkdir -p %{buildroot}/srv/ftp -mkdir -p %{buildroot}%{_localstatedir}/lib/nobody -mkdir -p %{buildroot}/srv/tftpboot -mkdir -p %{buildroot}/var/lib/tpm +mkdir -pv \ + %{buildroot}%{_sysusersdir} \ + %{buildroot}%{_sysconfdir}/uucp \ + %{buildroot}%{_sysconfdir}/news \ + %{buildroot}%{_localstatedir}/games \ + %{buildroot}%{_localstatedir}/lib/ntp \ + %{buildroot}%{_localstatedir}/lib/wwwrun \ + %{buildroot}%{_localstatedir}/spool/amavis \ + %{buildroot}%{_localstatedir}/spool/clientmqueue \ + %{buildroot}%{_localstatedir}/spool/lpd \ + %{buildroot}%{_localstatedir}/run/uuidd \ + %{buildroot}/srv/ftp \ + %{buildroot}%{_localstatedir}/lib/nobody \ + %{buildroot}/srv/tftpboot \ + %{buildroot}/var/lib/tpm install -m 644 %{SOURCE1} %{buildroot}%{_sysusersdir}/system-user-uucp.conf install -m 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/system-user-games.conf install -m 644 %{SOURCE3} %{buildroot}%{_sysusersdir}/system-user-bin.conf @@ -365,106 +362,83 @@ install -m 644 %{SOURCE25} %{buildroot}%{_sysusersdir}/system-user-ntp.conf %pre -n system-user-ntp -f ntp.pre %files -n system-user-uucp -%defattr(-,root,root) %dir %attr(0750,uucp,uucp) %{_sysconfdir}/uucp %{_sysusersdir}/system-user-uucp.conf %files -n system-user-games -%defattr(-,root,root) %dir %attr(0755,root,root) %{_localstatedir}/games %{_sysusersdir}/system-user-games.conf %files -n system-user-bin -%defattr(-,root,root) %{_sysusersdir}/system-user-bin.conf %files -n system-user-daemon -%defattr(-,root,root) %{_sysusersdir}/system-user-daemon.conf %files -n system-user-man -%defattr(-,root,root) %{_sysusersdir}/system-user-man.conf %files -n system-user-news -%defattr(-,root,root) %dir %attr(0750,news,news) %{_sysconfdir}/news %{_sysusersdir}/system-user-news.conf %files -n system-group-obsolete -%defattr(-,root,root) %{_sysusersdir}/system-group-obsolete.conf %files -n system-group-hardware -%defattr(-,root,root) %{_sysusersdir}/system-group-hardware.conf %files -n system-group-wheel -%defattr(-,root,root) %{_sysusersdir}/system-group-wheel.conf %files -n system-user-wwwrun -%defattr(-,root,root) %dir %attr(0755,wwwrun,root) %{_localstatedir}/lib/wwwrun %{_sysusersdir}/system-user-wwwrun.conf %files -n system-user-mail -%defattr(-,root,root) %dir %attr(0770,mail,mail) %{_localstatedir}/spool/clientmqueue %{_sysusersdir}/system-user-mail.conf %files -n system-user-ftp -%defattr(-,root,root) %dir %attr(0755,root,root) /srv/ftp %{_sysusersdir}/system-user-ftp.conf %files -n system-user-lp -%defattr(-,root,root) %dir %attr(0755,lp,lp) %{_localstatedir}/spool/lpd %{_sysusersdir}/system-user-lp.conf %files -n system-user-nobody -%defattr(-,root,root) %dir %attr(0755,nobody,root) %{_localstatedir}/lib/nobody %{_sysusersdir}/system-user-nobody.conf %files -n system-user-upsd -%defattr(-,root,root) %{_sysusersdir}/system-user-upsd.conf %files -n system-user-uuidd -%defattr(-,root,root) %{_sysusersdir}/system-user-uuidd.conf %files -n system-user-tftp -%defattr(-,root,root) %dir %attr(0755,tftp,tftp) /srv/tftpboot %{_sysusersdir}/system-user-tftp.conf %files -n system-user-tss -%defattr(-,root,root) %dir %attr(0750,tss,tss) /var/lib/tpm %{_sysusersdir}/system-user-tss.conf %files -n system-group-kvm -%defattr(-,root,root) %{_sysusersdir}/system-group-kvm.conf %files -n system-user-qemu -%defattr(-,root,root) %{_sysusersdir}/system-user-qemu.conf %files -n system-group-libvirt -%defattr(-,root,root) %{_sysusersdir}/system-group-libvirt.conf %files -n system-user-vscan -%defattr(-,root,root) %dir %attr(0750,vscan,vscan) %{_localstatedir}/spool/amavis %{_sysusersdir}/system-user-vscan.conf %files -n system-user-ntp -%defattr(-,root,root) %dir %attr(0755,root,root) %{_localstatedir}/lib/ntp %{_sysusersdir}/system-user-ntp.conf