[Kimchi-devel] [RFC] filter the users of host system

Sheldon shaohef at linux.vnet.ibm.com
Wed Jul 16 07:38:53 UTC 2014


Now kimchi uses host system users to login.
In fedora most of system users are not allowed to login. so we should 
filter them.
but in ubuntu, it seems most system user still can login. but their 
pw_shell are /bin/sh it is softlink to */bin/bash
*
Now I'd like to just list the users who's pw_shell are /bin/bash
Not sure all distribution can works well by this way.
I have  just checked fedora and ubuntu, seems it can works.

so any one can help check if any exception on your distribution?

*root:x:0:0:root:/root:/bin/bash*
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL 
Stack:/var/lib/avahi-autoipd:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:999:User for polkitd:/:/sbin/nologin
abrt:x:173:173::/etc/abrt:/sbin/nologin
usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin
colord:x:998:998:User for colord:/var/lib/colord:/sbin/nologin
rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin
geoclue:x:997:996:User for geoclue:/var/lib/geoclue:/sbin/nologin
chrony:x:996:995::/var/lib/chrony:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd 
daemon:/dev/null:/sbin/nologin
unbound:x:995:994:Unbound DNS resolver:/etc/unbound:/sbin/nologin
openvpn:x:994:993:OpenVPN:/etc/openvpn:/sbin/nologin
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
pulse:x:993:991:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
gnome-initial-setup:x:992:989::/run/gnome-initial-setup/:/sbin/nologin
nm-openconnect:x:991:988:NetworkManager user for OpenConnect:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
*shhfeng:x:1000:1000:shhfeng:/home/shhfeng:/bin/bash*
qemu:x:107:107:qemu user:/:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
radvd:x:75:75:radvd user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
saslauth:x:990:76:"Saslauthd user":/run/saslauthd:/sbin/nologin
*guest:x:1001:1001::/home/guest:/bin/bash*
nginx:x:989:984:Nginx web server:/var/lib/nginx:/sbin/nologin


but in ubuntu, it seems most system user still can login. but their 
pw_shell are /bin/sh it is softlink to */bin/bash*

*root:x:0:0:root:/root:/bin/bash*
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
messagebus:x:102:105::/var/run/dbus:/bin/false
usbmux:x:103:46:usbmux daemon,,,:/home/usbmux:/bin/false
dnsmasq:x:104:65534:dnsmasq,,,:/var/lib/misc:/bin/false
avahi-autoipd:x:105:111:Avahi autoip 
daemon,,,:/var/lib/avahi-autoipd:/bin/false
kernoops:x:106:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false
rtkit:x:107:113:RealtimeKit,,,:/proc:/bin/false
whoopsie:x:108:114::/nonexistent:/bin/false
speech-dispatcher:x:109:29:Speech 
Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh
avahi:x:110:116:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
lightdm:x:111:117:Light Display Manager:/var/lib/lightdm:/bin/false
pulse:x:112:119:PulseAudio daemon,,,:/var/run/pulse:/bin/false
hplip:x:113:7:HPLIP system user,,,:/var/run/hplip:/bin/false
colord:x:114:122:colord colour management 
daemon,,,:/var/lib/colord:/bin/false
saned:x:115:123::/home/saned:/bin/false
*royce:x:1000:1000:royce,,,:/home/royce:/bin/bash*
libvirt-qemu:x:116:126:Libvirt Qemu,,,:/var/lib/libvirt:/bin/false
libvirt-dnsmasq:x:117:125:Libvirt 
Dnsmasq,,,:/var/lib/libvirt/dnsmasq:/bin/false
statd:x:118:65534::/var/lib/nfs:/bin/false
sshd:x:119:65534::/var/run/sshd:/usr/sbin/nologi

-- 
Thanks and best regards!

Sheldon Feng(???)<shaohef at linux.vnet.ibm.com>
IBM Linux Technology Center

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/kimchi-devel/attachments/20140716/4f6847a5/attachment.html>


More information about the Kimchi-devel mailing list