summaryrefslogtreecommitdiffstats
path: root/factory (follow)
Commit message (Collapse)AuthorAgeFilesLines
* factory/locale.conf: mention systemd ownershipLuca BRUNO2021-12-231-0/+2
| | | | | | This explicitly mentions that comments and empty lines are supported (and ignored) in /etc/locale.conf. It then adds ownership reference to the factory default.
* factory: populate /etc/locale.conf with systemd build-time settingLuca BRUNO2021-12-232-0/+12
| | | | | | | | | | | | | This adds /etc/locale.conf to the set of configuration files populated by tmpfiles.d factory /etc handling. In particular, the build-time locale configuration in systemd is now wired to a /usr factory file, and installed to the system. On boot, if other locale customization tools did not write /etc/locale.conf on the system, the factory default file gets copied to /etc by systemd-tmpfiles. This is done in order to avoid skews between different system components when no locale settings are configured. At that point, systemd can safely act as the fallback owner of /etc/locale.conf.
* pam: fix typo try_authtok → use_authtokLennart Poettering2021-05-121-1/+1
| | | | | | | | This was a copy/paste mistae apparently, there's not "try_authtok" and this was supposed to copy what Fedora uses, which uses "use_authtok" correctly. Hence adjust this. Fixes: #19369
* nss-systemd: synthesize NSS shadow/gshadow records from userdb, as wellLennart Poettering2021-05-081-1/+2
| | | | | | | This ensures we not only synthesize regular paswd/group records of userdb records, but shadow records as well. This should make sure that userdb can be used as comprehensive superset of the classic passwd/group/shadow/gshadow functionality.
* man: move 'files' module in NSS 'hosts:' line before myhostnameLennart Poettering2020-08-171-1/+1
| | | | | | | | | | | | | I am pretty sure /etc/hosts (i.e. an explicitly configured, local, trusted database) should be useful for overriding the automatic myhostname logic. resolved's internal logic handles it that way and hence we should suggest it in the NSS fallback line, too. Let's also bring the factory file back into sync with what the docs say. And update the prose a bit too, to actually match what we recommend.
* nss-mymachines: drop support for UID/GID resolvingLennart Poettering2020-07-141-2/+2
| | | | | | | | | | | | | | Now that we make the user/group name resolving available via userdb and thus nss-systemd, we do not need the UID/GID resolving support in nss-mymachines anymore. Let's drop it hence. We keep the module around, since besides UID/GID resolving it also does hostname resolving, which we care about. (One of those days we should replace that by some Varlink logic between nss-resolve/systemd-resolved.service too) The hooks are kept in the NSS module, but they do not resolve anything anymore, in order to keep compat at a maximum.
* home: add pam_systemd_home.so PAM hookupLennart Poettering2020-01-281-11/+15
| | | | In a way fixes: https://bugs.freedesktop.org/show_bug.cgi?id=67474
* nss: hook up nss-systemd with userdb varlink bitsLennart Poettering2020-01-151-1/+1
| | | | | | | | | | | This changes nss-systemd to use the new varlink user/group APIs for looking up everything. (This also changes the factory /etc/nsswitch.conf line to use for hooking up nss-system to use glibc's [SUCCESS=merge] feature so that we can properly merge group membership lists). Fixes: #12492
* factory: add default /etc/issue fileLennart Poettering2019-07-241-0/+3
| | | | | | Booting up an image with --volatile=yes otherwise looks so naked, so let's include this file in the default factory too. It's common and simple and should be safe to ship.
* factory: include pam_keyinit.so in PAM factory configurationLennart Poettering2019-07-131-0/+1
| | | | | We use the keyring, so let's make sure it gets properly initialized for sessions in factory reset mode.
* factory: add comment to PAM file, explaining that the defaults are not usefulLennart Poettering2019-07-131-0/+3
|
* factory: tighten PAM configurationLennart Poettering2019-07-131-0/+3
| | | | | | | | | | | | | Apparently PAM reacts differently on different systems (?) and if no authoritative matching module is found might either succeed/fail, depending on the system. Let's lock this down explicitly, by hooking in pam_deny.so. Of course, these PAM files are just examples, and no distro in its right mind would ship these unmodified, but let's default to something safe. Fixes: #12950
* man,factory: update factory config for nsswitch.conf to match the man pagesZbigniew Jędrzejewski-Szmek2018-11-271-4/+13
| | | | | Also add a note in the man pages to remind people to adjust the factory config and other man pages at the same time.
* factory: remove broken pam_limitsKay Sievers2014-07-301-1/+0
| | | | | | | | Stupid PAM, please just go away! login[26]: pam_limits(login:session): error parsing the configuration file: '/etc/security/limits.conf' login[26]: pam_unix(login:session): session opened for user root by LOGIN(uid=0) login[26]: Error in service module
* login: update systemd-user PAM configuration fileKay Sievers2014-07-292-11/+17
|
* factory: nss - add generic configKay Sievers2014-07-271-0/+6
|
* factory: PAM - add generic fallback configKay Sievers2014-07-271-0/+13
Single PAM fallback config file to be used in /etc to allow bootstrapping of a system with an empty /etc.