<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Shao he,<br>
<br>
As there is really a big list of users/groups, so filter out those
system users will truly improve experience.<br>
But reliability is key which means that 'any user that should be
displayed must be reserved'.<br>
<br>
On UI, there is a filter box, so even in some distribution that
undesired users/groups are not filtered out, the filter box can
still help.<br>
So be sure it is reliable even on some distribution, undesired
users/groups are not filtered out.<br>
<br>
<img src="cid:part1.08090103.03040208@linux.vnet.ibm.com" alt=""><br>
<br>
On 7/16/2014 3:38 PM, Sheldon wrote:<br>
</div>
<blockquote cite="mid:53C62C0D.6020006@linux.vnet.ibm.com"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
Now kimchi uses host system users to login. <font color="#3366ff"><font
color="#000000"> </font><br>
In fedora most of system users are not allowed to login. </font>
<font color="#3366ff"><font color="#000000">so we should filter
them.</font></font><br>
<font color="#cc0000">but in </font>ubuntu, it seems most system
user still can login. but their pw_shell are /bin/sh it is
softlink to <font size="3"><font color="#000000"><b>/bin/bash<br>
</b></font></font><br>
Now I'd like to just list the users who's pw_shell are /bin/bash<br>
Not sure all distribution can works well by this way. <br>
I have just checked <font color="#3366ff">fedora and <font
color="#000000">ubuntu</font>, </font>seems it can works. <br>
<br>
so any one can help check if any <span>exception on your </span>distribution?<br>
<br>
<b>root:x:0:0:root:/root:/bin/bash</b><br>
bin:x:1:1:bin:/bin:/sbin/nologin<br>
daemon:x:2:2:daemon:/sbin:/sbin/nologin<br>
adm:x:3:4:adm:/var/adm:/sbin/nologin<br>
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin<br>
sync:x:5:0:sync:/sbin:/bin/sync<br>
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown<br>
halt:x:7:0:halt:/sbin:/sbin/halt<br>
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin<br>
operator:x:11:0:operator:/root:/sbin/nologin<br>
games:x:12:100:games:/usr/games:/sbin/nologin<br>
ftp:x:14:50:FTP User:/var/<a moz-do-not-send="true"
class="moz-txt-link-freetext" href="ftp:/sbin/nologin">ftp:/sbin/nologin</a><br>
nobody:x:99:99:Nobody:/:/sbin/nologin<br>
avahi-autoipd:x:170:170:Avahi IPv4LL
Stack:/var/lib/avahi-autoipd:/sbin/nologin<br>
dbus:x:81:81:System message bus:/:/sbin/nologin<br>
polkitd:x:999:999:User for polkitd:/:/sbin/nologin<br>
abrt:x:173:173::/etc/abrt:/sbin/nologin<br>
usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin<br>
colord:x:998:998:User for colord:/var/lib/colord:/sbin/nologin<br>
rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin<br>
geoclue:x:997:996:User for geoclue:/var/lib/geoclue:/sbin/nologin<br>
chrony:x:996:995::/var/lib/chrony:/sbin/nologin<br>
tss:x:59:59:Account used by the trousers package to sandbox the
tcsd daemon:/dev/null:/sbin/nologin<br>
unbound:x:995:994:Unbound DNS resolver:/etc/unbound:/sbin/nologin<br>
openvpn:x:994:993:OpenVPN:/etc/openvpn:/sbin/nologin<br>
avahi:x:70:70:Avahi mDNS/DNS-SD
Stack:/var/run/avahi-daemon:/sbin/nologin<br>
pulse:x:993:991:PulseAudio System
Daemon:/var/run/pulse:/sbin/nologin<br>
gdm:x:42:42::/var/lib/gdm:/sbin/nologin<br>
gnome-initial-setup:x:992:989::/run/gnome-initial-setup/:/sbin/nologin<br>
nm-openconnect:x:991:988:NetworkManager user for
OpenConnect:/:/sbin/nologin<br>
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin<br>
<b>shhfeng:x:1000:1000:shhfeng:/home/shhfeng:/bin/bash</b><br>
qemu:x:107:107:qemu user:/:/sbin/nologin<br>
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin<br>
radvd:x:75:75:radvd user:/:/sbin/nologin<br>
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin<br>
nfsnobody:x:65534:65534:Anonymous NFS
User:/var/lib/nfs:/sbin/nologin<br>
saslauth:x:990:76:"Saslauthd user":/run/saslauthd:/sbin/nologin<br>
<b>guest:x:1001:1001::/home/guest:/bin/bash</b><br>
nginx:x:989:984:Nginx web server:/var/lib/nginx:/sbin/nologin<br>
<br>
<font color="#cc0000"><br>
but in </font>ubuntu, it seems most system user still can
login. but their pw_shell are /bin/sh it is softlink to <font
size="3"><font color="#000000"><b>/bin/bash</b></font></font><br>
<br>
<font size="3"><font color="#000000"><b>root:x:0:0:root:/root:/bin/bash</b><br>
daemon:x:1:1:daemon:/usr/sbin:/bin/sh<br>
bin:x:2:2:bin:/bin:/bin/sh<br>
sys:x:3:3:sys:/dev:/bin/sh<br>
sync:x:4:65534:sync:/bin:/bin/sync<br>
games:x:5:60:games:/usr/games:/bin/sh<br>
<a moz-do-not-send="true"
href="man:x:6:12:man:/var/cache/man:/bin/sh">man:x:6:12:man:/var/cache/man:/bin/sh</a><br>
lp:x:7:7:lp:/var/spool/lpd:/bin/sh<br>
mail:x:8:8:mail:/var/mail:/bin/sh<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="news:x:9:9:news:/var/spool/news:/bin/sh">news:x:9:9:news:/var/spool/news:/bin/sh</a><br>
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh<br>
proxy:x:13:13:proxy:/bin:/bin/sh<br>
www-data:x:33:33:www-data:/var/www:/bin/sh<br>
backup:x:34:34:backup:/var/backups:/bin/sh<br>
list:x:38:38:Mailing List Manager:/var/list:/bin/sh<br>
<a moz-do-not-send="true"
href="irc:x:39:39:ircd:/var/run/ircd:/bin/sh">irc:x:39:39:ircd:/var/run/ircd:/bin/sh</a><br>
gnats:x:41:41:Gnats Bug-Reporting System
(admin):/var/lib/gnats:/bin/sh<br>
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh<br>
libuuid:x:100:101::/var/lib/libuuid:/bin/sh<br>
syslog:x:101:103::/home/syslog:/bin/false<br>
messagebus:x:102:105::/var/run/dbus:/bin/false<br>
usbmux:x:103:46:usbmux daemon,,,:/home/usbmux:/bin/false<br>
dnsmasq:x:104:65534:dnsmasq,,,:/var/lib/misc:/bin/false<br>
avahi-autoipd:x:105:111:Avahi autoip
daemon,,,:/var/lib/avahi-autoipd:/bin/false<br>
kernoops:x:106:65534:Kernel Oops Tracking
Daemon,,,:/:/bin/false<br>
rtkit:x:107:113:RealtimeKit,,,:/proc:/bin/false<br>
whoopsie:x:108:114::/nonexistent:/bin/false<br>
speech-dispatcher:x:109:29:Speech
Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh<br>
avahi:x:110:116:Avahi mDNS
daemon,,,:/var/run/avahi-daemon:/bin/false<br>
lightdm:x:111:117:Light Display
Manager:/var/lib/lightdm:/bin/false<br>
pulse:x:112:119:PulseAudio daemon,,,:/var/run/pulse:/bin/false<br>
hplip:x:113:7:HPLIP system user,,,:/var/run/hplip:/bin/false<br>
colord:x:114:122:colord colour management
daemon,,,:/var/lib/colord:/bin/false<br>
saned:x:115:123::/home/saned:/bin/false<br>
<b>royce:x:1000:1000:royce,,,:/home/royce:/bin/bash</b><br>
libvirt-qemu:x:116:126:Libvirt
Qemu,,,:/var/lib/libvirt:/bin/false<br>
libvirt-dnsmasq:x:117:125:Libvirt
Dnsmasq,,,:/var/lib/libvirt/dnsmasq:/bin/false<br>
statd:x:118:65534::/var/lib/nfs:/bin/false<br>
sshd:x:119:65534::/var/run/sshd:/usr/sbin/nologi</font></font><br>
<pre class="moz-signature" cols="72">--
Thanks and best regards!
Sheldon Feng(冯少合)<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:shaohef@linux.vnet.ibm.com"><shaohef@linux.vnet.ibm.com></a>
IBM Linux Technology Center</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Kimchi-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Kimchi-devel@ovirt.org">Kimchi-devel@ovirt.org</a>
<a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/kimchi-devel">http://lists.ovirt.org/mailman/listinfo/kimchi-devel</a>
</pre>
</blockquote>
<br>
</body>
</html>