kickstart vs. /etc/login.defs

Moray Henderson Moray.Henderson at ict-software.org
Thu Jan 26 10:01:44 UTC 2012


> From: Michael Hennebry [mailto:hennebry at web.cs.ndsu.nodak.edu]
> Sent: 26 January 2012 00:56
> On Wed, 25 Jan 2012, Tim Mooney wrote:
> 
> > In regard to: Re: kickstart vs. /etc/login.defs, Michael Hennebry
> said
> > (at...:
> >
> >> On Wed, 25 Jan 2012, root at nachtmaus.us wrote:
> >>
> >>> Firstly, for where to put the ks file, it would be easiest for you
> to
> >>> remaster the boot CD, and put the ks file into the root directory
> of the
> >>> CD, update the configuration for the CD's boot-loader to add
> something
> >>> like "ks=cdrom:/fc14.ks", and then burn the resulting (modified)
> file-tree
> >>> to a new CD disk
> >
> > For a one-off install, in the absence of a provisioning environment
> like
> > cobbler, I personally think it's a lot easier to load the kickstart
> file
> > over the network.  Just do something like
> >
> > - place your ks.cfg in a directory that is accessible via a URL
> > - tell anaconda to load the ks.cfg from the URL
> >
> > 	ks=http://your.web.host.here/url/path/to/ks.cfg
> 
> I think I can do that.  I'm pretty sure that I can use my web site for
> it.
> Right, Tim?
> 
> >>> To get around the too early/to late of %pre and %post, you may want
> to add
> >>> a custom RPM archive file to the CD, have it dump the files into
> the
> >>> being-created system, and run a command as part of its installation
> >>> procedure that causes the newly added files to be read. Then
> reference the
> >>> new RPM archive in the packages section of your ks file.
> >
> > I don't understand from the initial post what the actual goal is, so
> it's
> > hard to know what to suggest here.  Unless I missed it, the original
> issue
> > has something to do with uids in the 101-499 range, but I have no
> idea
> > what the actual problem is.
> 
> By default, Fedora 16 has UID_MIN=GID_MIN=1000.
> My Fedora 14 (EOL) has UID_MIN=GID=500.
> These values are stored in /etc/login.defs .
> I want to install (not uppgrade) Fedora 16 and retain the 500.
> I have considered alternatives.
> During %pre /etc does not yet exist,
> so %pre is too early.
> During %post there will already be fake users in the range 500..999,
> so %post is too late.
> Fedora claims that a kickstart file is the way to keep the 500.
> Fedora was stingy with details.
> 
> > I will say that you can do a lot in %post using things like "wget" to
> > fetch a remote tarball or zip and then using the contents of that
> archive
> > to perform further actions.

Ah, so I was right to have some of my own programs check login.defs rather
than relying on a hard-wired 500 everywhere!  That's useful to know.

What fake users are created by the install?  I would expect only system
accounts to be created at that point, which are supposed to have uid's
outside the range of normal users.

Oh, amandabackup (in CentOS 5, anyway) is a "normal" user.  That could be
considered a bug in the amanda-backup_client package.  Other than that, the
only user I see on my CentOS servers that does not use an explicitly defined
uid is openvpn, and that is created as a system user.

It would be tricky to do what you want.  /etc/login.defs is part of the
shadow-utils package.  You would need to create an rpm that would be
installed onto the system after shadow-utils and before whichever packages
create the users you are concerned about.

In %post, though, you could modify the login.defs file - it will be
/mnt/sysimage/etc/login.defs while the %post script is running, and use
usermod to change the uid of any user you are particularly concerned about.
Note: users with explicitly-assigned uids should not be changed.  The --uid
option of usermod will change a uid and "Any files which the user owns and
which are located in the directory tree rooted at the user's home directory
will have the file user ID changed automatically. Files outside of the
user's home directory must be altered manually."

If you're freshly installing a system though, I would really recommend
leaving the defaults the way they are.


Moray.
"To err is human; to purr, feline."







More information about the Kickstart-list mailing list