[RFC] filter the users of host system
Now kimchi uses host system users to login. In fedora most of system users are not allowed to login. so we should filter them. but in ubuntu, it seems most system user still can login. but their pw_shell are /bin/sh it is softlink to */bin/bash * Now I'd like to just list the users who's pw_shell are /bin/bash Not sure all distribution can works well by this way. I have just checked fedora and ubuntu, seems it can works. so any one can help check if any exception on your distribution? *root:x:0:0:root:/root:/bin/bash* bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:999:999:User for polkitd:/:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin colord:x:998:998:User for colord:/var/lib/colord:/sbin/nologin rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin geoclue:x:997:996:User for geoclue:/var/lib/geoclue:/sbin/nologin chrony:x:996:995::/var/lib/chrony:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin unbound:x:995:994:Unbound DNS resolver:/etc/unbound:/sbin/nologin openvpn:x:994:993:OpenVPN:/etc/openvpn:/sbin/nologin avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin pulse:x:993:991:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin gnome-initial-setup:x:992:989::/run/gnome-initial-setup/:/sbin/nologin nm-openconnect:x:991:988:NetworkManager user for OpenConnect:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin *shhfeng:x:1000:1000:shhfeng:/home/shhfeng:/bin/bash* qemu:x:107:107:qemu user:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin radvd:x:75:75:radvd user:/:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin saslauth:x:990:76:"Saslauthd user":/run/saslauthd:/sbin/nologin *guest:x:1001:1001::/home/guest:/bin/bash* nginx:x:989:984:Nginx web server:/var/lib/nginx:/sbin/nologin but in ubuntu, it seems most system user still can login. but their pw_shell are /bin/sh it is softlink to */bin/bash* *root:x:0:0:root:/root:/bin/bash* daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh syslog:x:101:103::/home/syslog:/bin/false messagebus:x:102:105::/var/run/dbus:/bin/false usbmux:x:103:46:usbmux daemon,,,:/home/usbmux:/bin/false dnsmasq:x:104:65534:dnsmasq,,,:/var/lib/misc:/bin/false avahi-autoipd:x:105:111:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false kernoops:x:106:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false rtkit:x:107:113:RealtimeKit,,,:/proc:/bin/false whoopsie:x:108:114::/nonexistent:/bin/false speech-dispatcher:x:109:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh avahi:x:110:116:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false lightdm:x:111:117:Light Display Manager:/var/lib/lightdm:/bin/false pulse:x:112:119:PulseAudio daemon,,,:/var/run/pulse:/bin/false hplip:x:113:7:HPLIP system user,,,:/var/run/hplip:/bin/false colord:x:114:122:colord colour management daemon,,,:/var/lib/colord:/bin/false saned:x:115:123::/home/saned:/bin/false *royce:x:1000:1000:royce,,,:/home/royce:/bin/bash* libvirt-qemu:x:116:126:Libvirt Qemu,,,:/var/lib/libvirt:/bin/false libvirt-dnsmasq:x:117:125:Libvirt Dnsmasq,,,:/var/lib/libvirt/dnsmasq:/bin/false statd:x:118:65534::/var/lib/nfs:/bin/false sshd:x:119:65534::/var/run/sshd:/usr/sbin/nologi -- Thanks and best regards! Sheldon Feng(???)<shaohef@linux.vnet.ibm.com> IBM Linux Technology Center
or just list the users with password: try this code to check if any exception on your distribution $ sudo python -c '
with open("/etc/shadow") as f: alls = f.readlines() for one in alls: sha = one.split(":") if sha[1] != "*" and sha[1] != "!!": print sha[0] '
On 07/16/2014 03:38 PM, Sheldon wrote:
Now kimchi uses host system users to login. In fedora most of system users are not allowed to login. so we should filter them. but in ubuntu, it seems most system user still can login. but their pw_shell are /bin/sh it is softlink to */bin/bash * Now I'd like to just list the users who's pw_shell are /bin/bash Not sure all distribution can works well by this way. I have just checked fedora and ubuntu, seems it can works.
so any one can help check if any exception on your distribution?
*root:x:0:0:root:/root:/bin/bash* bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:999:999:User for polkitd:/:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin colord:x:998:998:User for colord:/var/lib/colord:/sbin/nologin rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin geoclue:x:997:996:User for geoclue:/var/lib/geoclue:/sbin/nologin chrony:x:996:995::/var/lib/chrony:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin unbound:x:995:994:Unbound DNS resolver:/etc/unbound:/sbin/nologin openvpn:x:994:993:OpenVPN:/etc/openvpn:/sbin/nologin avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin pulse:x:993:991:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin gnome-initial-setup:x:992:989::/run/gnome-initial-setup/:/sbin/nologin nm-openconnect:x:991:988:NetworkManager user for OpenConnect:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin *shhfeng:x:1000:1000:shhfeng:/home/shhfeng:/bin/bash* qemu:x:107:107:qemu user:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin radvd:x:75:75:radvd user:/:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin saslauth:x:990:76:"Saslauthd user":/run/saslauthd:/sbin/nologin *guest:x:1001:1001::/home/guest:/bin/bash* nginx:x:989:984:Nginx web server:/var/lib/nginx:/sbin/nologin
but in ubuntu, it seems most system user still can login. but their pw_shell are /bin/sh it is softlink to */bin/bash*
*root:x:0:0:root:/root:/bin/bash* daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh syslog:x:101:103::/home/syslog:/bin/false messagebus:x:102:105::/var/run/dbus:/bin/false usbmux:x:103:46:usbmux daemon,,,:/home/usbmux:/bin/false dnsmasq:x:104:65534:dnsmasq,,,:/var/lib/misc:/bin/false avahi-autoipd:x:105:111:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false kernoops:x:106:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false rtkit:x:107:113:RealtimeKit,,,:/proc:/bin/false whoopsie:x:108:114::/nonexistent:/bin/false speech-dispatcher:x:109:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh avahi:x:110:116:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false lightdm:x:111:117:Light Display Manager:/var/lib/lightdm:/bin/false pulse:x:112:119:PulseAudio daemon,,,:/var/run/pulse:/bin/false hplip:x:113:7:HPLIP system user,,,:/var/run/hplip:/bin/false colord:x:114:122:colord colour management daemon,,,:/var/lib/colord:/bin/false saned:x:115:123::/home/saned:/bin/false *royce:x:1000:1000:royce,,,:/home/royce:/bin/bash* libvirt-qemu:x:116:126:Libvirt Qemu,,,:/var/lib/libvirt:/bin/false libvirt-dnsmasq:x:117:125:Libvirt Dnsmasq,,,:/var/lib/libvirt/dnsmasq:/bin/false statd:x:118:65534::/var/lib/nfs:/bin/false sshd:x:119:65534::/var/run/sshd:/usr/sbin/nologi -- Thanks and best regards!
Sheldon Feng(???)<shaohef@linux.vnet.ibm.com> IBM Linux Technology Center
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
-- Thanks and best regards! Sheldon Feng(???)<shaohef@linux.vnet.ibm.com> IBM Linux Technology Center
A user without password can not login into kimchi? On 07/16/2014 05:34 AM, Sheldon wrote:
or just list the users with password:
try this code to check if any exception on your distribution
$ sudo python -c '
with open("/etc/shadow") as f: alls = f.readlines() for one in alls: sha = one.split(":") if sha[1] != "*" and sha[1] != "!!": print sha[0] '
On 07/16/2014 03:38 PM, Sheldon wrote:
Now kimchi uses host system users to login. In fedora most of system users are not allowed to login. so we should filter them. but in ubuntu, it seems most system user still can login. but their pw_shell are /bin/sh it is softlink to */bin/bash * Now I'd like to just list the users who's pw_shell are /bin/bash Not sure all distribution can works well by this way. I have just checked fedora and ubuntu, seems it can works.
so any one can help check if any exception on your distribution?
*root:x:0:0:root:/root:/bin/bash* bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:999:999:User for polkitd:/:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin colord:x:998:998:User for colord:/var/lib/colord:/sbin/nologin rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin geoclue:x:997:996:User for geoclue:/var/lib/geoclue:/sbin/nologin chrony:x:996:995::/var/lib/chrony:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin unbound:x:995:994:Unbound DNS resolver:/etc/unbound:/sbin/nologin openvpn:x:994:993:OpenVPN:/etc/openvpn:/sbin/nologin avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin pulse:x:993:991:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin gnome-initial-setup:x:992:989::/run/gnome-initial-setup/:/sbin/nologin nm-openconnect:x:991:988:NetworkManager user for OpenConnect:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin *shhfeng:x:1000:1000:shhfeng:/home/shhfeng:/bin/bash* qemu:x:107:107:qemu user:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin radvd:x:75:75:radvd user:/:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin saslauth:x:990:76:"Saslauthd user":/run/saslauthd:/sbin/nologin *guest:x:1001:1001::/home/guest:/bin/bash* nginx:x:989:984:Nginx web server:/var/lib/nginx:/sbin/nologin
but in ubuntu, it seems most system user still can login. but their pw_shell are /bin/sh it is softlink to */bin/bash*
*root:x:0:0:root:/root:/bin/bash* daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh syslog:x:101:103::/home/syslog:/bin/false messagebus:x:102:105::/var/run/dbus:/bin/false usbmux:x:103:46:usbmux daemon,,,:/home/usbmux:/bin/false dnsmasq:x:104:65534:dnsmasq,,,:/var/lib/misc:/bin/false avahi-autoipd:x:105:111:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false kernoops:x:106:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false rtkit:x:107:113:RealtimeKit,,,:/proc:/bin/false whoopsie:x:108:114::/nonexistent:/bin/false speech-dispatcher:x:109:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh avahi:x:110:116:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false lightdm:x:111:117:Light Display Manager:/var/lib/lightdm:/bin/false pulse:x:112:119:PulseAudio daemon,,,:/var/run/pulse:/bin/false hplip:x:113:7:HPLIP system user,,,:/var/run/hplip:/bin/false colord:x:114:122:colord colour management daemon,,,:/var/lib/colord:/bin/false saned:x:115:123::/home/saned:/bin/false *royce:x:1000:1000:royce,,,:/home/royce:/bin/bash* libvirt-qemu:x:116:126:Libvirt Qemu,,,:/var/lib/libvirt:/bin/false libvirt-dnsmasq:x:117:125:Libvirt Dnsmasq,,,:/var/lib/libvirt/dnsmasq:/bin/false statd:x:118:65534::/var/lib/nfs:/bin/false sshd:x:119:65534::/var/run/sshd:/usr/sbin/nologi -- Thanks and best regards!
Sheldon Feng(???)<shaohef@linux.vnet.ibm.com> IBM Linux Technology Center
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
-- Thanks and best regards!
Sheldon Feng(???)<shaohef@linux.vnet.ibm.com> IBM Linux Technology Center
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
As we discussed to check if a user has passwd set maybe a choice, I still prefer stop wiring up system user and kimchi user. The reason I have elaborated in Christian's patch: 1. we want different admin just responsible for their own parts: network admin manage network, storage admin manage storage, but superuser/un-previledged user does not have such fine grained view. 2. we want multi-level of access of one tab: take guest management as an example, we want create/destroy--start/stop--access vnc, at least 3 levels of access. superuser way cannot reflect multi-level control. 3. security reason System user and virtualization user needs to be isolated, even privileged virtualization user had better not know system details, such as system users, groups and other informations. On 2014?07?16? 15:38, Sheldon wrote:
Now kimchi uses host system users to login. In fedora most of system users are not allowed to login. so we should filter them. but in ubuntu, it seems most system user still can login. but their pw_shell are /bin/sh it is softlink to */bin/bash * Now I'd like to just list the users who's pw_shell are /bin/bash Not sure all distribution can works well by this way. I have just checked fedora and ubuntu, seems it can works.
so any one can help check if any exception on your distribution?
*root:x:0:0:root:/root:/bin/bash* bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:999:999:User for polkitd:/:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin colord:x:998:998:User for colord:/var/lib/colord:/sbin/nologin rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin geoclue:x:997:996:User for geoclue:/var/lib/geoclue:/sbin/nologin chrony:x:996:995::/var/lib/chrony:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin unbound:x:995:994:Unbound DNS resolver:/etc/unbound:/sbin/nologin openvpn:x:994:993:OpenVPN:/etc/openvpn:/sbin/nologin avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin pulse:x:993:991:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin gnome-initial-setup:x:992:989::/run/gnome-initial-setup/:/sbin/nologin nm-openconnect:x:991:988:NetworkManager user for OpenConnect:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin *shhfeng:x:1000:1000:shhfeng:/home/shhfeng:/bin/bash* qemu:x:107:107:qemu user:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin radvd:x:75:75:radvd user:/:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin saslauth:x:990:76:"Saslauthd user":/run/saslauthd:/sbin/nologin *guest:x:1001:1001::/home/guest:/bin/bash* nginx:x:989:984:Nginx web server:/var/lib/nginx:/sbin/nologin
but in ubuntu, it seems most system user still can login. but their pw_shell are /bin/sh it is softlink to */bin/bash*
*root:x:0:0:root:/root:/bin/bash* daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh syslog:x:101:103::/home/syslog:/bin/false messagebus:x:102:105::/var/run/dbus:/bin/false usbmux:x:103:46:usbmux daemon,,,:/home/usbmux:/bin/false dnsmasq:x:104:65534:dnsmasq,,,:/var/lib/misc:/bin/false avahi-autoipd:x:105:111:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false kernoops:x:106:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false rtkit:x:107:113:RealtimeKit,,,:/proc:/bin/false whoopsie:x:108:114::/nonexistent:/bin/false speech-dispatcher:x:109:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh avahi:x:110:116:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false lightdm:x:111:117:Light Display Manager:/var/lib/lightdm:/bin/false pulse:x:112:119:PulseAudio daemon,,,:/var/run/pulse:/bin/false hplip:x:113:7:HPLIP system user,,,:/var/run/hplip:/bin/false colord:x:114:122:colord colour management daemon,,,:/var/lib/colord:/bin/false saned:x:115:123::/home/saned:/bin/false *royce:x:1000:1000:royce,,,:/home/royce:/bin/bash* libvirt-qemu:x:116:126:Libvirt Qemu,,,:/var/lib/libvirt:/bin/false libvirt-dnsmasq:x:117:125:Libvirt Dnsmasq,,,:/var/lib/libvirt/dnsmasq:/bin/false statd:x:118:65534::/var/lib/nfs:/bin/false sshd:x:119:65534::/var/run/sshd:/usr/sbin/nologi -- Thanks and best regards!
Sheldon Feng(???)<shaohef@linux.vnet.ibm.com> IBM Linux Technology Center
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
On 07/16/2014 05:40 AM, Royce Lv wrote:
As we discussed to check if a user has passwd set maybe a choice, I still prefer stop wiring up system user and kimchi user. The reason I have elaborated in Christian's patch: 1. we want different admin just responsible for their own parts: network admin manage network, storage admin manage storage, but superuser/un-previledged user does not have such fine grained view.
This is for 1.3. But in future we will add more and more roles.
2. we want multi-level of access of one tab: take guest management as an example, we want create/destroy--start/stop--access vnc, at least 3 levels of access. superuser way cannot reflect multi-level control.
The roles will handle that.
3. security reason System user and virtualization user needs to be isolated, even privileged virtualization user had better not know system details, such as system users, groups and other informations.
The roles will hanble that.
On 2014年07月16日 15:38, Sheldon wrote:
Now kimchi uses host system users to login. In fedora most of system users are not allowed to login. so we should filter them. but in ubuntu, it seems most system user still can login. but their pw_shell are /bin/sh it is softlink to */bin/bash * Now I'd like to just list the users who's pw_shell are /bin/bash Not sure all distribution can works well by this way. I have just checked fedora and ubuntu, seems it can works.
so any one can help check if any exception on your distribution?
*root:x:0:0:root:/root:/bin/bash* bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:999:999:User for polkitd:/:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin colord:x:998:998:User for colord:/var/lib/colord:/sbin/nologin rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin geoclue:x:997:996:User for geoclue:/var/lib/geoclue:/sbin/nologin chrony:x:996:995::/var/lib/chrony:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin unbound:x:995:994:Unbound DNS resolver:/etc/unbound:/sbin/nologin openvpn:x:994:993:OpenVPN:/etc/openvpn:/sbin/nologin avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin pulse:x:993:991:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin gnome-initial-setup:x:992:989::/run/gnome-initial-setup/:/sbin/nologin nm-openconnect:x:991:988:NetworkManager user for OpenConnect:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin *shhfeng:x:1000:1000:shhfeng:/home/shhfeng:/bin/bash* qemu:x:107:107:qemu user:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin radvd:x:75:75:radvd user:/:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin saslauth:x:990:76:"Saslauthd user":/run/saslauthd:/sbin/nologin *guest:x:1001:1001::/home/guest:/bin/bash* nginx:x:989:984:Nginx web server:/var/lib/nginx:/sbin/nologin
but in ubuntu, it seems most system user still can login. but their pw_shell are /bin/sh it is softlink to */bin/bash*
*root:x:0:0:root:/root:/bin/bash* daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh syslog:x:101:103::/home/syslog:/bin/false messagebus:x:102:105::/var/run/dbus:/bin/false usbmux:x:103:46:usbmux daemon,,,:/home/usbmux:/bin/false dnsmasq:x:104:65534:dnsmasq,,,:/var/lib/misc:/bin/false avahi-autoipd:x:105:111:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false kernoops:x:106:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false rtkit:x:107:113:RealtimeKit,,,:/proc:/bin/false whoopsie:x:108:114::/nonexistent:/bin/false speech-dispatcher:x:109:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh avahi:x:110:116:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false lightdm:x:111:117:Light Display Manager:/var/lib/lightdm:/bin/false pulse:x:112:119:PulseAudio daemon,,,:/var/run/pulse:/bin/false hplip:x:113:7:HPLIP system user,,,:/var/run/hplip:/bin/false colord:x:114:122:colord colour management daemon,,,:/var/lib/colord:/bin/false saned:x:115:123::/home/saned:/bin/false *royce:x:1000:1000:royce,,,:/home/royce:/bin/bash* libvirt-qemu:x:116:126:Libvirt Qemu,,,:/var/lib/libvirt:/bin/false libvirt-dnsmasq:x:117:125:Libvirt Dnsmasq,,,:/var/lib/libvirt/dnsmasq:/bin/false statd:x:118:65534::/var/lib/nfs:/bin/false sshd:x:119:65534::/var/run/sshd:/usr/sbin/nologi -- Thanks and best regards!
Sheldon Feng(冯少合)<shaohef@linux.vnet.ibm.com> IBM Linux Technology Center
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
Shao he, As there is really a big list of users/groups, so filter out those system users will truly improve experience. But reliability is key which means that 'any user that should be displayed must be reserved'. On UI, there is a filter box, so even in some distribution that undesired users/groups are not filtered out, the filter box can still help. So be sure it is reliable even on some distribution, undesired users/groups are not filtered out. On 7/16/2014 3:38 PM, Sheldon wrote:
Now kimchi uses host system users to login. In fedora most of system users are not allowed to login. so we should filter them. but in ubuntu, it seems most system user still can login. but their pw_shell are /bin/sh it is softlink to */bin/bash * Now I'd like to just list the users who's pw_shell are /bin/bash Not sure all distribution can works well by this way. I have just checked fedora and ubuntu, seems it can works.
so any one can help check if any exception on your distribution?
*root:x:0:0:root:/root:/bin/bash* bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:999:999:User for polkitd:/:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin colord:x:998:998:User for colord:/var/lib/colord:/sbin/nologin rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin geoclue:x:997:996:User for geoclue:/var/lib/geoclue:/sbin/nologin chrony:x:996:995::/var/lib/chrony:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin unbound:x:995:994:Unbound DNS resolver:/etc/unbound:/sbin/nologin openvpn:x:994:993:OpenVPN:/etc/openvpn:/sbin/nologin avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin pulse:x:993:991:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin gnome-initial-setup:x:992:989::/run/gnome-initial-setup/:/sbin/nologin nm-openconnect:x:991:988:NetworkManager user for OpenConnect:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin *shhfeng:x:1000:1000:shhfeng:/home/shhfeng:/bin/bash* qemu:x:107:107:qemu user:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin radvd:x:75:75:radvd user:/:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin saslauth:x:990:76:"Saslauthd user":/run/saslauthd:/sbin/nologin *guest:x:1001:1001::/home/guest:/bin/bash* nginx:x:989:984:Nginx web server:/var/lib/nginx:/sbin/nologin
but in ubuntu, it seems most system user still can login. but their pw_shell are /bin/sh it is softlink to */bin/bash*
*root:x:0:0:root:/root:/bin/bash* daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh syslog:x:101:103::/home/syslog:/bin/false messagebus:x:102:105::/var/run/dbus:/bin/false usbmux:x:103:46:usbmux daemon,,,:/home/usbmux:/bin/false dnsmasq:x:104:65534:dnsmasq,,,:/var/lib/misc:/bin/false avahi-autoipd:x:105:111:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false kernoops:x:106:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false rtkit:x:107:113:RealtimeKit,,,:/proc:/bin/false whoopsie:x:108:114::/nonexistent:/bin/false speech-dispatcher:x:109:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh avahi:x:110:116:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false lightdm:x:111:117:Light Display Manager:/var/lib/lightdm:/bin/false pulse:x:112:119:PulseAudio daemon,,,:/var/run/pulse:/bin/false hplip:x:113:7:HPLIP system user,,,:/var/run/hplip:/bin/false colord:x:114:122:colord colour management daemon,,,:/var/lib/colord:/bin/false saned:x:115:123::/home/saned:/bin/false *royce:x:1000:1000:royce,,,:/home/royce:/bin/bash* libvirt-qemu:x:116:126:Libvirt Qemu,,,:/var/lib/libvirt:/bin/false libvirt-dnsmasq:x:117:125:Libvirt Dnsmasq,,,:/var/lib/libvirt/dnsmasq:/bin/false statd:x:118:65534::/var/lib/nfs:/bin/false sshd:x:119:65534::/var/run/sshd:/usr/sbin/nologi -- Thanks and best regards!
Sheldon Feng(???)<shaohef@linux.vnet.ibm.com> IBM Linux Technology Center
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
On 07/16/2014 06:24 AM, Yu Xin Huo wrote:
Shao he,
As there is really a big list of users/groups, so filter out those system users will truly improve experience. But reliability is key which means that 'any user that should be displayed must be reserved'.
On UI, there is a filter box, so even in some distribution that undesired users/groups are not filtered out, the filter box can still help. So be sure it is reliable even on some distribution, undesired users/groups are not filtered out.
ACK. And the mock UI seems pretty good.
On 7/16/2014 3:38 PM, Sheldon wrote:
Now kimchi uses host system users to login. In fedora most of system users are not allowed to login. so we should filter them. but in ubuntu, it seems most system user still can login. but their pw_shell are /bin/sh it is softlink to */bin/bash * Now I'd like to just list the users who's pw_shell are /bin/bash Not sure all distribution can works well by this way. I have just checked fedora and ubuntu, seems it can works.
so any one can help check if any exception on your distribution?
*root:x:0:0:root:/root:/bin/bash* bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:999:999:User for polkitd:/:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin colord:x:998:998:User for colord:/var/lib/colord:/sbin/nologin rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin geoclue:x:997:996:User for geoclue:/var/lib/geoclue:/sbin/nologin chrony:x:996:995::/var/lib/chrony:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin unbound:x:995:994:Unbound DNS resolver:/etc/unbound:/sbin/nologin openvpn:x:994:993:OpenVPN:/etc/openvpn:/sbin/nologin avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin pulse:x:993:991:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin gnome-initial-setup:x:992:989::/run/gnome-initial-setup/:/sbin/nologin nm-openconnect:x:991:988:NetworkManager user for OpenConnect:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin *shhfeng:x:1000:1000:shhfeng:/home/shhfeng:/bin/bash* qemu:x:107:107:qemu user:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin radvd:x:75:75:radvd user:/:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin saslauth:x:990:76:"Saslauthd user":/run/saslauthd:/sbin/nologin *guest:x:1001:1001::/home/guest:/bin/bash* nginx:x:989:984:Nginx web server:/var/lib/nginx:/sbin/nologin
but in ubuntu, it seems most system user still can login. but their pw_shell are /bin/sh it is softlink to */bin/bash*
*root:x:0:0:root:/root:/bin/bash* daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh syslog:x:101:103::/home/syslog:/bin/false messagebus:x:102:105::/var/run/dbus:/bin/false usbmux:x:103:46:usbmux daemon,,,:/home/usbmux:/bin/false dnsmasq:x:104:65534:dnsmasq,,,:/var/lib/misc:/bin/false avahi-autoipd:x:105:111:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false kernoops:x:106:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false rtkit:x:107:113:RealtimeKit,,,:/proc:/bin/false whoopsie:x:108:114::/nonexistent:/bin/false speech-dispatcher:x:109:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh avahi:x:110:116:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false lightdm:x:111:117:Light Display Manager:/var/lib/lightdm:/bin/false pulse:x:112:119:PulseAudio daemon,,,:/var/run/pulse:/bin/false hplip:x:113:7:HPLIP system user,,,:/var/run/hplip:/bin/false colord:x:114:122:colord colour management daemon,,,:/var/lib/colord:/bin/false saned:x:115:123::/home/saned:/bin/false *royce:x:1000:1000:royce,,,:/home/royce:/bin/bash* libvirt-qemu:x:116:126:Libvirt Qemu,,,:/var/lib/libvirt:/bin/false libvirt-dnsmasq:x:117:125:Libvirt Dnsmasq,,,:/var/lib/libvirt/dnsmasq:/bin/false statd:x:118:65534::/var/lib/nfs:/bin/false sshd:x:119:65534::/var/run/sshd:/usr/sbin/nologi -- Thanks and best regards!
Sheldon Feng(???)<shaohef@linux.vnet.ibm.com> IBM Linux Technology Center
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
participants (4)
-
Aline Manera -
Royce Lv -
Sheldon -
Yu Xin Huo