Commit Graph

13 Commits

Author SHA1 Message Date
Lennart Poettering
d296c20f1f man: move 'files' module in NSS 'hosts:' line before myhostname
I am pretty sure /etc/hosts (i.e. an explicitly configured, local,
trusted database) should be useful for overriding the automatic
myhostname logic.

resolved's internal logic handles it that way and hence we should
suggest it in the NSS fallback line, too.

Let's also bring the factory file back into sync with what the docs say.

And update the prose a bit too, to actually match what we recommend.
2020-08-17 18:55:59 +02:00
Lennart Poettering
38ccb55731 nss-mymachines: drop support for UID/GID resolving
Now that we make the user/group name resolving available via userdb and
thus nss-systemd, we do not need the UID/GID resolving support in
nss-mymachines anymore. Let's drop it hence.

We keep the module around, since besides UID/GID resolving it also does
hostname resolving, which we care about. (One of those days we should
replace that by some Varlink logic between
nss-resolve/systemd-resolved.service too)

The hooks are kept in the NSS module, but they do not resolve anything
anymore, in order to keep compat at a maximum.
2020-07-14 17:08:12 +02:00
Lennart Poettering
26cf9fb7f8 home: add pam_systemd_home.so PAM hookup
In a way fixes: https://bugs.freedesktop.org/show_bug.cgi?id=67474
2020-01-28 22:36:41 +01:00
Lennart Poettering
1684c56f40 nss: hook up nss-systemd with userdb varlink bits
This changes nss-systemd to use the new varlink user/group APIs for
looking up everything.

(This also changes the factory /etc/nsswitch.conf line to use for
hooking up nss-system to use glibc's [SUCCESS=merge] feature so that we
can properly merge group membership lists).

Fixes: #12492
2020-01-15 15:29:07 +01:00
Lennart Poettering
062666c7c4 factory: add default /etc/issue file
Booting up an image with --volatile=yes otherwise looks so naked, so
let's include this file in the default factory too. It's common and
simple and should be safe to ship.
2019-07-24 08:57:23 +09:00
Lennart Poettering
4c92bf408d factory: include pam_keyinit.so in PAM factory configuration
We use the keyring, so let's make sure it gets properly initialized for
sessions in factory reset mode.
2019-07-13 11:06:24 +02:00
Lennart Poettering
29d30ae7b6 factory: add comment to PAM file, explaining that the defaults are not useful 2019-07-13 11:06:24 +02:00
Lennart Poettering
ed40cb82f7 factory: tighten PAM configuration
Apparently PAM reacts differently on different systems (?) and if no
authoritative matching module is found might either succeed/fail,
depending on the system.

Let's lock this down explicitly, by hooking in pam_deny.so.

Of course, these PAM files are just examples, and no distro in its right
mind would ship these unmodified, but let's default to something safe.

Fixes: #12950
2019-07-13 11:06:24 +02:00
Zbigniew Jędrzejewski-Szmek
94f760ec9d man,factory: update factory config for nsswitch.conf to match the man pages
Also add a note in the man pages to remind people to adjust the factory config
and other man pages at the same time.
2018-11-27 22:35:02 +01:00
Kay Sievers
c009072ec5 factory: remove broken pam_limits
Stupid PAM, please just go away!

login[26]: pam_limits(login:session): error parsing the configuration file: '/etc/security/limits.conf'
login[26]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
login[26]: Error in service module
2014-07-30 15:21:54 +02:00
Kay Sievers
32767cb1e8 login: update systemd-user PAM configuration file 2014-07-29 13:20:20 +02:00
Kay Sievers
ccc6fa0d6b factory: nss - add generic config 2014-07-27 14:53:21 +02:00
Kay Sievers
e5168066e7 factory: PAM - add generic fallback config
Single PAM fallback config file to be used in /etc to allow
bootstrapping of a system with an empty /etc.
2014-07-27 14:34:19 +02:00