diff --git a/.docusaurus/docusaurus-plugin-content-docs/default/category-docs-packagesidebar-category-system-users-b09.json b/.docusaurus/docusaurus-plugin-content-docs/default/category-docs-packagesidebar-category-system-users-b09.json new file mode 100644 index 0000000..2cb895c --- /dev/null +++ b/.docusaurus/docusaurus-plugin-content-docs/default/category-docs-packagesidebar-category-system-users-b09.json @@ -0,0 +1,16 @@ +{ + "title": "System Users", + "description": "Stateless management of packaging-based system accounts", + "slug": "/category/system-users", + "permalink": "/docs/category/system-users", + "navigation": { + "previous": { + "title": "Transaction Triggers", + "permalink": "/docs/packaging/triggers/tx_triggers" + }, + "next": { + "title": "Overview", + "permalink": "/docs/packaging/users/overview" + } + } +} \ No newline at end of file diff --git a/.docusaurus/docusaurus-plugin-content-docs/default/site-docs-packaging-triggers-tx-triggers-md-d3a.json b/.docusaurus/docusaurus-plugin-content-docs/default/site-docs-packaging-triggers-tx-triggers-md-d3a.json index f1e818b..33a557a 100644 --- a/.docusaurus/docusaurus-plugin-content-docs/default/site-docs-packaging-triggers-tx-triggers-md-d3a.json +++ b/.docusaurus/docusaurus-plugin-content-docs/default/site-docs-packaging-triggers-tx-triggers-md-d3a.json @@ -19,5 +19,9 @@ "previous": { "title": "Overview", "permalink": "/docs/packaging/triggers/overview" + }, + "next": { + "title": "System Users", + "permalink": "/docs/category/system-users" } } \ No newline at end of file diff --git a/.docusaurus/docusaurus-plugin-content-docs/default/site-docs-packaging-users-groups-md-0c0.json b/.docusaurus/docusaurus-plugin-content-docs/default/site-docs-packaging-users-groups-md-0c0.json new file mode 100644 index 0000000..cca6860 --- /dev/null +++ b/.docusaurus/docusaurus-plugin-content-docs/default/site-docs-packaging-users-groups-md-0c0.json @@ -0,0 +1,27 @@ +{ + "id": "packaging/users/groups", + "title": "Defining Groups", + "description": "Refer to the JSON Group Record documentation for information on all supported fields.", + "source": "@site/docs/packaging/users/groups.md", + "sourceDirName": "packaging/users", + "slug": "/packaging/users/groups", + "permalink": "/docs/packaging/users/groups", + "draft": false, + "unlisted": false, + "editUrl": "https://github.com/serpent-os/docs/tree/main/docs/packaging/users/groups.md", + "tags": [], + "version": "current", + "sidebarPosition": 2, + "frontMatter": { + "sidebar_position": 2 + }, + "sidebar": "packageSidebar", + "previous": { + "title": "Overview", + "permalink": "/docs/packaging/users/overview" + }, + "next": { + "title": "Defining Users", + "permalink": "/docs/packaging/users/" + } +} \ No newline at end of file diff --git a/.docusaurus/docusaurus-plugin-content-docs/default/site-docs-packaging-users-overview-md-391.json b/.docusaurus/docusaurus-plugin-content-docs/default/site-docs-packaging-users-overview-md-391.json new file mode 100644 index 0000000..de7562f --- /dev/null +++ b/.docusaurus/docusaurus-plugin-content-docs/default/site-docs-packaging-users-overview-md-391.json @@ -0,0 +1,27 @@ +{ + "id": "packaging/users/overview", + "title": "Overview", + "description": "As a stateless distribution, Serpent OS does not permit the modification of /etc/passwd and co by", + "source": "@site/docs/packaging/users/overview.md", + "sourceDirName": "packaging/users", + "slug": "/packaging/users/overview", + "permalink": "/docs/packaging/users/overview", + "draft": false, + "unlisted": false, + "editUrl": "https://github.com/serpent-os/docs/tree/main/docs/packaging/users/overview.md", + "tags": [], + "version": "current", + "sidebarPosition": 1, + "frontMatter": { + "sidebar_position": 1 + }, + "sidebar": "packageSidebar", + "previous": { + "title": "System Users", + "permalink": "/docs/category/system-users" + }, + "next": { + "title": "Defining Groups", + "permalink": "/docs/packaging/users/groups" + } +} \ No newline at end of file diff --git a/.docusaurus/docusaurus-plugin-content-docs/default/site-docs-packaging-users-users-md-d69.json b/.docusaurus/docusaurus-plugin-content-docs/default/site-docs-packaging-users-users-md-d69.json new file mode 100644 index 0000000..ad4e216 --- /dev/null +++ b/.docusaurus/docusaurus-plugin-content-docs/default/site-docs-packaging-users-users-md-d69.json @@ -0,0 +1,23 @@ +{ + "id": "packaging/users/users", + "title": "Defining Users", + "description": "System accounts should always be marked as locked. Refer to the JSON User Record documentation for information on all supported fields.", + "source": "@site/docs/packaging/users/users.md", + "sourceDirName": "packaging/users", + "slug": "/packaging/users/", + "permalink": "/docs/packaging/users/", + "draft": false, + "unlisted": false, + "editUrl": "https://github.com/serpent-os/docs/tree/main/docs/packaging/users/users.md", + "tags": [], + "version": "current", + "sidebarPosition": 3, + "frontMatter": { + "sidebar_position": 3 + }, + "sidebar": "packageSidebar", + "previous": { + "title": "Defining Groups", + "permalink": "/docs/packaging/users/groups" + } +} \ No newline at end of file diff --git a/.docusaurus/docusaurus-plugin-content-docs/default/version-current-metadata-prop-751.json b/.docusaurus/docusaurus-plugin-content-docs/default/version-current-metadata-prop-751.json index eed4119..98f8120 100644 --- a/.docusaurus/docusaurus-plugin-content-docs/default/version-current-metadata-prop-751.json +++ b/.docusaurus/docusaurus-plugin-content-docs/default/version-current-metadata-prop-751.json @@ -137,6 +137,36 @@ } ], "href": "/docs/category/triggers" + }, + { + "type": "category", + "label": "System Users", + "collapsible": true, + "collapsed": true, + "items": [ + { + "type": "link", + "label": "Overview", + "href": "/docs/packaging/users/overview", + "docId": "packaging/users/overview", + "unlisted": false + }, + { + "type": "link", + "label": "Defining Groups", + "href": "/docs/packaging/users/groups", + "docId": "packaging/users/groups", + "unlisted": false + }, + { + "type": "link", + "label": "Defining Users", + "href": "/docs/packaging/users/", + "docId": "packaging/users/users", + "unlisted": false + } + ], + "href": "/docs/category/system-users" } ], "userSidebar": [ @@ -233,6 +263,24 @@ "description": "Transactional scope triggers (tx triggers) are run after the new filesystem transaction has been", "sidebar": "packageSidebar" }, + "packaging/users/groups": { + "id": "packaging/users/groups", + "title": "Defining Groups", + "description": "Refer to the JSON Group Record documentation for information on all supported fields.", + "sidebar": "packageSidebar" + }, + "packaging/users/overview": { + "id": "packaging/users/overview", + "title": "Overview", + "description": "As a stateless distribution, Serpent OS does not permit the modification of /etc/passwd and co by", + "sidebar": "packageSidebar" + }, + "packaging/users/users": { + "id": "packaging/users/users", + "title": "Defining Users", + "description": "System accounts should always be marked as locked. Refer to the JSON User Record documentation for information on all supported fields.", + "sidebar": "packageSidebar" + }, "users/intro": { "id": "users/intro", "title": "Introduction", diff --git a/.docusaurus/docusaurus-plugin-debug/default/docusaurus-debug-all-content-673.json b/.docusaurus/docusaurus-plugin-debug/default/docusaurus-debug-all-content-673.json index 3b70a99..40d12ea 100644 --- a/.docusaurus/docusaurus-plugin-debug/default/docusaurus-debug-all-content-673.json +++ b/.docusaurus/docusaurus-plugin-debug/default/docusaurus-debug-all-content-673.json @@ -367,6 +367,87 @@ "previous": { "title": "Overview", "permalink": "/docs/packaging/triggers/overview" + }, + "next": { + "title": "System Users", + "permalink": "/docs/category/system-users" + } + }, + { + "id": "packaging/users/groups", + "title": "Defining Groups", + "description": "Refer to the JSON Group Record documentation for information on all supported fields.", + "source": "@site/docs/packaging/users/groups.md", + "sourceDirName": "packaging/users", + "slug": "/packaging/users/groups", + "permalink": "/docs/packaging/users/groups", + "draft": false, + "unlisted": false, + "editUrl": "https://github.com/serpent-os/docs/tree/main/docs/packaging/users/groups.md", + "tags": [], + "version": "current", + "sidebarPosition": 2, + "frontMatter": { + "sidebar_position": 2 + }, + "sidebar": "packageSidebar", + "previous": { + "title": "Overview", + "permalink": "/docs/packaging/users/overview" + }, + "next": { + "title": "Defining Users", + "permalink": "/docs/packaging/users/" + } + }, + { + "id": "packaging/users/overview", + "title": "Overview", + "description": "As a stateless distribution, Serpent OS does not permit the modification of /etc/passwd and co by", + "source": "@site/docs/packaging/users/overview.md", + "sourceDirName": "packaging/users", + "slug": "/packaging/users/overview", + "permalink": "/docs/packaging/users/overview", + "draft": false, + "unlisted": false, + "editUrl": "https://github.com/serpent-os/docs/tree/main/docs/packaging/users/overview.md", + "tags": [], + "version": "current", + "sidebarPosition": 1, + "frontMatter": { + "sidebar_position": 1 + }, + "sidebar": "packageSidebar", + "previous": { + "title": "System Users", + "permalink": "/docs/category/system-users" + }, + "next": { + "title": "Defining Groups", + "permalink": "/docs/packaging/users/groups" + } + }, + { + "id": "packaging/users/users", + "title": "Defining Users", + "description": "System accounts should always be marked as locked. Refer to the JSON User Record documentation for information on all supported fields.", + "source": "@site/docs/packaging/users/users.md", + "sourceDirName": "packaging/users", + "slug": "/packaging/users/", + "permalink": "/docs/packaging/users/", + "draft": false, + "unlisted": false, + "editUrl": "https://github.com/serpent-os/docs/tree/main/docs/packaging/users/users.md", + "tags": [], + "version": "current", + "sidebarPosition": 3, + "frontMatter": { + "sidebar_position": 3 + }, + "sidebar": "packageSidebar", + "previous": { + "title": "Defining Groups", + "permalink": "/docs/packaging/users/groups" } }, { @@ -498,6 +579,32 @@ "slug": "/category/triggers", "permalink": "/docs/category/triggers" } + }, + { + "type": "category", + "label": "System Users", + "collapsible": true, + "collapsed": true, + "items": [ + { + "type": "doc", + "id": "packaging/users/overview" + }, + { + "type": "doc", + "id": "packaging/users/groups" + }, + { + "type": "doc", + "id": "packaging/users/users" + } + ], + "link": { + "type": "generated-index", + "description": "Stateless management of packaging-based system accounts", + "slug": "/category/system-users", + "permalink": "/docs/category/system-users" + } } ], "userSidebar": [ diff --git a/.docusaurus/docusaurus.config.mjs b/.docusaurus/docusaurus.config.mjs index 4abe802..d4e2f41 100644 --- a/.docusaurus/docusaurus.config.mjs +++ b/.docusaurus/docusaurus.config.mjs @@ -294,7 +294,11 @@ export default { ] }, "additionalLanguages": [ - "d" + "d", + "rust", + "bash", + "yaml", + "json" ], "magicComments": [ { diff --git a/.docusaurus/globalData.json b/.docusaurus/globalData.json index b7e8f14..a2e6d70 100644 --- a/.docusaurus/globalData.json +++ b/.docusaurus/globalData.json @@ -79,6 +79,21 @@ "path": "/docs/packaging/triggers/tx_triggers", "sidebar": "packageSidebar" }, + { + "id": "packaging/users/groups", + "path": "/docs/packaging/users/groups", + "sidebar": "packageSidebar" + }, + { + "id": "packaging/users/overview", + "path": "/docs/packaging/users/overview", + "sidebar": "packageSidebar" + }, + { + "id": "packaging/users/users", + "path": "/docs/packaging/users/", + "sidebar": "packageSidebar" + }, { "id": "users/intro", "path": "/docs/users/intro", @@ -103,6 +118,11 @@ "id": "/category/triggers", "path": "/docs/category/triggers", "sidebar": "packageSidebar" + }, + { + "id": "/category/system-users", + "path": "/docs/category/system-users", + "sidebar": "packageSidebar" } ], "draftIds": [], diff --git a/.docusaurus/registry.js b/.docusaurus/registry.js index 46d41d4..86d44ef 100644 --- a/.docusaurus/registry.js +++ b/.docusaurus/registry.js @@ -14,6 +14,7 @@ export default { "allContent---docusaurus-debug-content-246-9aa": [() => import(/* webpackChunkName: "allContent---docusaurus-debug-content-246-9aa" */ "~debug/default/docusaurus-debug-all-content-673.json"), "~debug/default/docusaurus-debug-all-content-673.json", require.resolveWeak("~debug/default/docusaurus-debug-all-content-673.json")], "categoryGeneratedIndex---docs-category-recipescb-0-301": [() => import(/* webpackChunkName: "categoryGeneratedIndex---docs-category-recipescb-0-301" */ "~docs/default/category-docs-packagesidebar-category-recipes-826.json"), "~docs/default/category-docs-packagesidebar-category-recipes-826.json", require.resolveWeak("~docs/default/category-docs-packagesidebar-category-recipes-826.json")], "categoryGeneratedIndex---docs-category-stone-format-6-fd-66f": [() => import(/* webpackChunkName: "categoryGeneratedIndex---docs-category-stone-format-6-fd-66f" */ "~docs/default/category-docs-devsidebar-category-stone-format-b15.json"), "~docs/default/category-docs-devsidebar-category-stone-format-b15.json", require.resolveWeak("~docs/default/category-docs-devsidebar-category-stone-format-b15.json")], + "categoryGeneratedIndex---docs-category-system-usersa-78-df9": [() => import(/* webpackChunkName: "categoryGeneratedIndex---docs-category-system-usersa-78-df9" */ "~docs/default/category-docs-packagesidebar-category-system-users-b09.json"), "~docs/default/category-docs-packagesidebar-category-system-users-b09.json", require.resolveWeak("~docs/default/category-docs-packagesidebar-category-system-users-b09.json")], "categoryGeneratedIndex---docs-category-triggers-0-e-5-f10": [() => import(/* webpackChunkName: "categoryGeneratedIndex---docs-category-triggers-0-e-5-f10" */ "~docs/default/category-docs-packagesidebar-category-triggers-867.json"), "~docs/default/category-docs-packagesidebar-category-triggers-867.json", require.resolveWeak("~docs/default/category-docs-packagesidebar-category-triggers-867.json")], "categoryGeneratedIndex---docs-category-v-195-b-d8f": [() => import(/* webpackChunkName: "categoryGeneratedIndex---docs-category-v-195-b-d8f" */ "~docs/default/category-docs-devsidebar-category-v-1-1cc.json"), "~docs/default/category-docs-devsidebar-category-v-1-1cc.json", require.resolveWeak("~docs/default/category-docs-devsidebar-category-v-1-1cc.json")], "config---5-e-9-4f3": [() => import(/* webpackChunkName: "config---5-e-9-4f3" */ "@generated/docusaurus.config"), "@generated/docusaurus.config", require.resolveWeak("@generated/docusaurus.config")], @@ -31,6 +32,9 @@ export default { "content---docs-packaging-recipes-upstreamsb-7-a-a37": [() => import(/* webpackChunkName: "content---docs-packaging-recipes-upstreamsb-7-a-a37" */ "@site/docs/packaging/recipes/upstreams.md"), "@site/docs/packaging/recipes/upstreams.md", require.resolveWeak("@site/docs/packaging/recipes/upstreams.md")], "content---docs-packaging-triggers-overview-774-c35": [() => import(/* webpackChunkName: "content---docs-packaging-triggers-overview-774-c35" */ "@site/docs/packaging/triggers/overview.md"), "@site/docs/packaging/triggers/overview.md", require.resolveWeak("@site/docs/packaging/triggers/overview.md")], "content---docs-packaging-triggers-tx-triggersd-3-a-25d": [() => import(/* webpackChunkName: "content---docs-packaging-triggers-tx-triggersd-3-a-25d" */ "@site/docs/packaging/triggers/tx_triggers.md"), "@site/docs/packaging/triggers/tx_triggers.md", require.resolveWeak("@site/docs/packaging/triggers/tx_triggers.md")], + "content---docs-packaging-users-groups-0-c-0-8e9": [() => import(/* webpackChunkName: "content---docs-packaging-users-groups-0-c-0-8e9" */ "@site/docs/packaging/users/groups.md"), "@site/docs/packaging/users/groups.md", require.resolveWeak("@site/docs/packaging/users/groups.md")], + "content---docs-packaging-users-overview-391-6f8": [() => import(/* webpackChunkName: "content---docs-packaging-users-overview-391-6f8" */ "@site/docs/packaging/users/overview.md"), "@site/docs/packaging/users/overview.md", require.resolveWeak("@site/docs/packaging/users/overview.md")], + "content---docs-packaging-usersd-69-cb6": [() => import(/* webpackChunkName: "content---docs-packaging-usersd-69-cb6" */ "@site/docs/packaging/users/users.md"), "@site/docs/packaging/users/users.md", require.resolveWeak("@site/docs/packaging/users/users.md")], "content---docs-users-intro-7-c-6-878": [() => import(/* webpackChunkName: "content---docs-users-intro-7-c-6-878" */ "@site/docs/users/intro.md"), "@site/docs/users/intro.md", require.resolveWeak("@site/docs/users/intro.md")], "plugin---4-c-9-786": [() => import(/* webpackChunkName: "plugin---4-c-9-786" */ "/home/ikey/serpent/docs/.docusaurus/docusaurus-plugin-content-pages/default/plugin-route-context-module-100.json"), "/home/ikey/serpent/docs/.docusaurus/docusaurus-plugin-content-pages/default/plugin-route-context-module-100.json", require.resolveWeak("/home/ikey/serpent/docs/.docusaurus/docusaurus-plugin-content-pages/default/plugin-route-context-module-100.json")], "plugin---docs-13-c-7c1": [() => import(/* webpackChunkName: "plugin---docs-13-c-7c1" */ "/home/ikey/serpent/docs/.docusaurus/docusaurus-plugin-content-docs/default/plugin-route-context-module-100.json"), "/home/ikey/serpent/docs/.docusaurus/docusaurus-plugin-content-docs/default/plugin-route-context-module-100.json", require.resolveWeak("/home/ikey/serpent/docs/.docusaurus/docusaurus-plugin-content-docs/default/plugin-route-context-module-100.json")], diff --git a/.docusaurus/routes.js b/.docusaurus/routes.js index 010905d..50eeddb 100644 --- a/.docusaurus/routes.js +++ b/.docusaurus/routes.js @@ -39,15 +39,15 @@ export default [ }, { path: '/docs', - component: ComponentCreator('/docs', 'a02'), + component: ComponentCreator('/docs', 'b78'), routes: [ { path: '/docs', - component: ComponentCreator('/docs', '834'), + component: ComponentCreator('/docs', '09e'), routes: [ { path: '/docs', - component: ComponentCreator('/docs', '687'), + component: ComponentCreator('/docs', '6ed'), routes: [ { path: '/docs/category/recipes', @@ -61,6 +61,12 @@ export default [ exact: true, sidebar: "devSidebar" }, + { + path: '/docs/category/system-users', + component: ComponentCreator('/docs/category/system-users', 'a8a'), + exact: true, + sidebar: "packageSidebar" + }, { path: '/docs/category/triggers', component: ComponentCreator('/docs/category/triggers', '1a1'), @@ -156,6 +162,24 @@ export default [ exact: true, sidebar: "packageSidebar" }, + { + path: '/docs/packaging/users', + component: ComponentCreator('/docs/packaging/users', '417'), + exact: true, + sidebar: "packageSidebar" + }, + { + path: '/docs/packaging/users/groups', + component: ComponentCreator('/docs/packaging/users/groups', '1b9'), + exact: true, + sidebar: "packageSidebar" + }, + { + path: '/docs/packaging/users/overview', + component: ComponentCreator('/docs/packaging/users/overview', 'e14'), + exact: true, + sidebar: "packageSidebar" + }, { path: '/docs/users/intro', component: ComponentCreator('/docs/users/intro', '420'), diff --git a/.docusaurus/routesChunkNames.json b/.docusaurus/routesChunkNames.json index 29362c9..c97449c 100644 --- a/.docusaurus/routesChunkNames.json +++ b/.docusaurus/routesChunkNames.json @@ -42,17 +42,17 @@ "plugin": "plugin---docusaurus-debug-8-ae-ccb" } }, - "/docs-a02": { + "/docs-b78": { "__comp": "__comp---theme-docs-root-5-e-9-0b6", "__context": { "plugin": "plugin---docs-13-c-7c1" } }, - "/docs-834": { + "/docs-09e": { "__comp": "__comp---theme-doc-version-roota-7-b-5de", "version": "version---docs-935-398" }, - "/docs-687": { + "/docs-6ed": { "__comp": "__comp---theme-doc-roota-94-67a" }, "/docs/category/recipes-b62": { @@ -63,6 +63,10 @@ "__comp": "__comp---theme-doc-category-generated-index-page-14-e-640", "categoryGeneratedIndex": "categoryGeneratedIndex---docs-category-stone-format-6-fd-66f" }, + "/docs/category/system-users-a8a": { + "__comp": "__comp---theme-doc-category-generated-index-page-14-e-640", + "categoryGeneratedIndex": "categoryGeneratedIndex---docs-category-system-usersa-78-df9" + }, "/docs/category/triggers-1a1": { "__comp": "__comp---theme-doc-category-generated-index-page-14-e-640", "categoryGeneratedIndex": "categoryGeneratedIndex---docs-category-triggers-0-e-5-f10" @@ -127,6 +131,18 @@ "__comp": "__comp---theme-doc-item-178-a40", "content": "content---docs-packaging-triggers-tx-triggersd-3-a-25d" }, + "/docs/packaging/users-417": { + "__comp": "__comp---theme-doc-item-178-a40", + "content": "content---docs-packaging-usersd-69-cb6" + }, + "/docs/packaging/users/groups-1b9": { + "__comp": "__comp---theme-doc-item-178-a40", + "content": "content---docs-packaging-users-groups-0-c-0-8e9" + }, + "/docs/packaging/users/overview-e14": { + "__comp": "__comp---theme-doc-item-178-a40", + "content": "content---docs-packaging-users-overview-391-6f8" + }, "/docs/users/intro-420": { "__comp": "__comp---theme-doc-item-178-a40", "content": "content---docs-users-intro-7-c-6-878" diff --git a/docs/packaging/users/_category_.json b/docs/packaging/users/_category_.json new file mode 100644 index 0000000..08cb64c --- /dev/null +++ b/docs/packaging/users/_category_.json @@ -0,0 +1,9 @@ +{ + "label": "System Users", + "position": 3, + "link": { + "type": "generated-index", + "description": "Stateless management of packaging-based system accounts" + } + } + \ No newline at end of file diff --git a/docs/packaging/users/groups.md b/docs/packaging/users/groups.md new file mode 100644 index 0000000..0ca0f31 --- /dev/null +++ b/docs/packaging/users/groups.md @@ -0,0 +1,28 @@ +--- +sidebar_position: 2 +--- + +# Defining Groups + +Refer to the [JSON Group Record](https://systemd.io/GROUP_RECORD/) documentation for information on all supported fields. + +## Example + +Within the package tree `./pkg` add `gdm.group`: + +```json +{ + "groupName" : "gdm", + "gid" : 21, + "disposition" : "system" +} +``` + +Note that these are the minimum required set of fields, and `disposition` should always be set to `system`. + +In your recipe's `install` section, you must install the file by group name *and* by gid to the `%(libdir)/userdb` directory: + +```shell + %install_file %(pkgdir)/gdm.group %(installroot)%(libdir)/userdb/gdm.group + ln -s gdm.group %(installroot)%(libdir)/userdb/21.group +``` \ No newline at end of file diff --git a/docs/packaging/users/overview.md b/docs/packaging/users/overview.md new file mode 100644 index 0000000..951f634 --- /dev/null +++ b/docs/packaging/users/overview.md @@ -0,0 +1,20 @@ +--- +sidebar_position: 1 +--- + +# Overview + +As a stateless distribution, Serpent OS does not permit the modification of `/etc/passwd` and co by +packages or triggers. Instead, we integrate `nss-systemd` and `userdb`. + +:::warning + +The use of `nss` means that user accounts and groups defined by this mechanism are only available +to packages using the correct `glibc` APIs. Statically linking with `musl` or directly reading +`/etc/passwd`, `/etc/group`, etc, will not reveal these accounts. + +::: + +The main benefit with this approach is ensuring that we do not directly mutate system files, and that +unlike the `sysusers` mechanism, removal of a package ensures these system user and group definitions +are no longer available. \ No newline at end of file diff --git a/docs/packaging/users/users.md b/docs/packaging/users/users.md new file mode 100644 index 0000000..4a9e1f5 --- /dev/null +++ b/docs/packaging/users/users.md @@ -0,0 +1,34 @@ +--- +sidebar_position: 3 +--- + +# Defining Users + +System accounts should *always* be marked as `locked`. Refer to the [JSON User Record](https://systemd.io/USER_RECORD/) documentation for information on all supported fields. + +In Serpent OS we only ship user definitions without `privileged` or `signature` fields. + +## Example + +Within the package tree `./pkg` add `gdm.user`: + +```json +{ + "userName" : "gdm", + "realName" : "GNOME Display Manager", + "uid" : 21, + "gid" : 21, + "disposition" : "system", + "locked" : true +} +``` + +Note that these are the minimum required set of fields, and `disposition` should always be set to `system`. Also note that +`homeDirectory` may need setting for some packages. + +In your recipe's `install` section, you must install the file by username *and* by uid to the `%(libdir)/userdb` directory: + +```shell + %install_file %(pkgdir)/gdm.user %(installroot)%(libdir)/userdb/gdm.user + ln -s gdm.user %(installroot)%(libdir)/userdb/21.user +``` \ No newline at end of file