HomePhabricator

admin: add support for system users and groups

Description

admin: add support for system users and groups

This CR adds the ability to add system users and groups across the
fleet. System users and groups have additional conditions
which are enforced by theses changes

System Groups:

  • must have a GID in the range: 900 <= gid <= 950
  • have no privileges

System Users:

  • must have a home_dir
  • default shell: /usr//sbin/nologin
  • must have a GID in the range: 900 <= gid <= 950
  • have no privileges
  • have no real name
  • have no ssh keys

    the gid range was chosen to keep users above the desired system users upper bound of 499 but still below the first user uid of 1000. I chosee an upper bond of 950 as there is still an issue which means some system users get created starting at 999 and going down (T235162)

Bug: T235162
Bug: T245612
Change-Id: Ic1e887b2795efffc450fa016e3cde76d52a0277f

Details

Provenance
jbondAuthored on Feb 21 2020, 12:11 PM
Parents
rOPUPb9d9967808df: hieradata: test streaming apache logs to logstash from mwdebug1001
Branches
Unknown
Tags
Unknown
ChangeId
Ic1e887b2795efffc450fa016e3cde76d52a0277f