You are not logged in.
Today (5 June 2014) , while an upgrade, I have a /etc/group.pacnew as well as /etc/passwd.pacnew. These files cause confusion. Unlike most other configuration files, these files are not usually edited directly and some packages update them. In my case /etc/group appears to be the same as /etc/group with the following extra lines:
oxxxxx:x:1000:oxxxxx
avahi:x:84:
polkitd:x:102:
git:x:999:
ntp:x:87:
colord:x:124:
spamd:x:182:
The first line is my name, no problem; my understanding is that the other lines were added by the corresponding packages and that I must leave them as is. But maybe some of these lines are deprecated and must be removed? How can I know?
For /etc/passwd, it appears that the login of systemd-journal-gateway has been changed from /bin/nologin to /bin/false and I think I must make this change and leave the other lines as is. But once again I cannot be sure some of the other extra lines in /etc/passwd should not be removed.
Also am I correct that I must run grpconv and pwdconv after the change to update the corresponding shadow files?
I thing the handling of these two files should be clarified somewhere in the documentation. Other configuration files are usually edited by hand and it's obvious how to merge the new ones, but these two files are different.
Last edited by olive (2014-06-05 09:34:46)
Offline
I don't know about “correct”, but all I did was overwrite the changed systemd-* entries with those from the .pacnew and then ran pwck and grpck as a sanity check.
Last edited by ukhippo (2014-06-05 10:38:57)
Offline
I haven't done the updating of the files, but I'd probably look at both, merge the new changes and do a sanity check as ukhippo suggests.
Claire is fine.
Problems? I have dysgraphia, so clear and concise please.
My public GPG key for package signing
My x86_64 package repository
Offline
I haven't done the updating of the files, but I'd probably look at both, merge the new changes and do a sanity check as ukhippo suggests.
And I'd probably _think_ before proposing stupid things... And then take a long look at /var/lib/pacman/local/filesystem-2014.06-1/install.
To answer the original question: you don't have to do anything.
Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd
Offline
And I'd probably _think_ before proposing stupid things... And then take a long look at /var/lib/pacman/local/filesystem-2014.06-1/install.
To answer the original question: you don't have to do anything.
You're wrong. Take a look at the wiki page concerning dealing with these files. Then check if there is a group like "git" or "ntp" in your earlier /etc/group. Then check if there's anything about that group in /var/lib/pacman/local/filesystem-2014.06-1/install.
Wiki says to do just what ukhippo suggested, and there's nothing about any of the groups I mentioned in the file.
Offline
Leonid.I wrote:And I'd probably _think_ before proposing stupid things... And then take a long look at /var/lib/pacman/local/filesystem-2014.06-1/install.
To answer the original question: you don't have to do anything.
You're wrong. Take a look at the wiki page concerning dealing with these files. Then check if there is a group like "git" or "ntp" in your earlier /etc/group. Then check if there's anything about that group in /var/lib/pacman/local/filesystem-2014.06-1/install.
I sense lots of confusion here, so let me explain in detail.
The .install script in the filesystem package is provided specifically to ensure that already running systems will keep running with new packages which require new user/groups, like systemd-timesyncd, by adding users/groups via post_upgrade() as well as checking that "standard" users/groups exist. For example
post_upgrade() {
_addgroup optical -g 93
_addgroup audio -g 92
_addgroup video -g 91
...
_addgroup systemd-network -g 193
_adduser systemd-network -u 193 -g 193 -d / -s /usr/bin/nologin
...
Yes, you may have git and ntp which were added by corresponding packages and "vanilla" passwd/group doesn't have these.
Hence, there is no need to merge {group,passwd}.pacnew files manually, just rm them. They are _not_ like other config files. In fact, they probably shouldn't even be in the backup array of filesystem (just like resolv.conf).
Wiki says to do just what ukhippo suggested, and there's nothing about any of the groups I mentioned in the file.
Yes, and wiki is the Ultimate Truth of course, right?
Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd
Offline
Hence, there is no need to merge {group,passwd}.pacnew files manually, just rm them. They are _not_ like other config files. In fact, they probably shouldn't even be in the backup array of filesystem (just like resolv.conf).
I believe {group,passwd} are part of the backup array in order to get the pacsave files in case you accidentally? unistall your filesystem package. It would be a hassle to get all user and group ids back in working order if these files were lost.
resolv.conf is not that mission-critical. A simple entry of e.g. 8.8.8.8 will work until you get the ips of your own nameservers back.
Last edited by progandy (2014-06-06 16:41:20)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
I believe {group,passwd} are part of the backup array in order to get the pacsave files in case you accidentally? unistall your filesystem package
I would think that the primary reason that they end up in the backup array is so that they won't be overwritten. It would be a bad thing to have all your users and groups reset upon every filesystem update.
Offline
Maybe this is a bug, but the /etc/passwd file in the filesystem package doesn't jive with the modifications made by the .install script. Eg. /etc/passwd from filesystem-2014.05-2:
http:x:33:33:http:/srv/http:/bin/false
uuidd:x:68:68:uuidd:/:/sbin/nologin
dbus:x:81:81:dbus:/:/sbin/nologin
systemd-journal-gateway:x:191:191:systemd-journal-gateway:/:/bin/false
systemd-timesync:x:192:192:systemd-timesync:/:/bin/false
The .install script sets the shell to /usr/bin/nologin for all of these. So if you merge the .pacnew file, you're actually undoing some of what was updated. At least that's what's been happening to me since I always merged these files.
Thanks to Leonid.I for 'splaining things, otherwise I wouldn't have realized this.
Edit: so much for that theory. If the .install script is supposed to update the existing passwd file, it ain't working. After updating my home machine, http, uuid and dbus were still /bin/false, /sbin/nologin, and /sbin/nologin respectively.
Last edited by alphaniner (2014-06-07 01:15:51)
But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case, it is unfit to exist.
-Lysander Spooner
Offline
new filesystem (2014.06-1) package change the "/bin/false" to "/usr/bin/nologin"
but other packages like avahi, tor, postfix, etc still use "/bin/false" (or "/sbin/nologin")
need change to "/usr/bin/nologin"? or need wait the package update
greetings
Last edited by sl1pkn07 (2014-06-08 23:04:50)
Offline
Doesn't matter, they're functionally the same.
Offline
Offline
(same question as sl1pkn07) So we just do nothing and wait the packagers/maintainert take care of it?
Offline
(same question as sl1pkn07) So we just do nothing and wait the packagers/maintainert take care of it?
It says in the bug report: https://bugs.archlinux.org/task/40690
I'll fix this the next time I do a filesystem release.
Claire is fine.
Problems? I have dysgraphia, so clear and concise please.
My public GPG key for package signing
My x86_64 package repository
Offline
Thnanks. While i clicked on it i didn't read the comments.
Offline
Today's update of /etc/paswd showed the following change for most of the normal existing entries,
present passwd file:
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
mail:x:8:12:mail:/var/spool/mail:/bin/false
ftp:x:14:11:ftp:/srv/ftp:/bin/false
http:x:33:33:http:/srv/http:/bin/false
uuidd:x:68:68:uuidd:/:/sbin/nologin
dbus:x:81:81:dbus:/:/sbin/nologin
nobody:x:99:99:nobody:/:/bin/false
the pacnew file:
bin:x:1:1:bin:/bin:/usr/bin/nologin
daemon:x:2:2:daemon:/sbin:/usr/bin/nologin
mail:x:8:12:mail:/var/spool/mail:/usr/bin/nologin
ftp:x:14:11:ftp:/srv/ftp:/usr/bin/nologin
http:x:33:33:http:/srv/http:/usr/bin/nologin
uuidd:x:68:68:uuidd:/:/sbin/nologin
dbus:x:81:81:dbus:/:/sbin/nologin
nobody:x:99:99:nobody:/:/usr/bin/nologin
Should I pass this change to /usr/bin/nologin onto entries created during the setup of the system?
<snip>
polkitd:x:102:102:Policy Kit Daemon:/:/bin/false
avahi:x:84:84:avahi:/:/bin/false
mysql:x:89:89::/var/lib/mysql:/bin/false
kdm:x:135:135::/var/lib/kdm:/bin/false
<snip>
Offline
I actually don't think it makes a difference. I didn't change it and my shit hasn't borked yet.
Read through this thread though: https://bbs.archlinux.org/viewtopic.php?id=182428
Offline
Merging...
Offline
Merging...
Just as I was submitting a reply to Wonderwoofy.....there were some surprising moments there.
Anyhow, thank you Wonderwoofy for the reply. Things are clear now.
Offline
Oh, sorry. I also reported the thread to be merged here since it is covering the same topic.
Offline
Hello
If I compare my group and passwd with the "pacnew" ones I see that I have the same lines (even more) but in different sequence (all lines in pacnew are in my files -although personalized-), so I guess I have to do nothing, is it so?
I have read that never mind "false" or "nobody" (they're functionally the same) but which is better?
Thanks
Last edited by ppsalama (2014-06-09 11:07:35)
Offline
progandy wrote:I believe {group,passwd} are part of the backup array in order to get the pacsave files in case you accidentally? unistall your filesystem package
I would think that the primary reason that they end up in the backup array is so that they won't be overwritten. It would be a bad thing to have all your users and groups reset upon every filesystem update.
Yes, you right -- my bad.
Edit: so much for that theory. If the .install script is supposed to update the existing passwd file, it ain't working. After updating my home machine, http, uuid and dbus were still /bin/false, /sbin/nologin, and /sbin/nologin respectively.
The .install script only checks the presence of a user, and does nothing if it finds that user. This is the correct behavior because otherwise your modifications would be lost. Having said that, having /sbin/nologin or /bin/false is all the same. There is a cosmetic difference between them -- read man nologin.
Again, if your group/passwd files are functional before the update -- keep them as is (unless you wan to do cosmetic changes). If they are missing a user/group needed for some package that you don't have yet (and .pacnew files ship that user/group), this user/group should be added by that package's post_install(), e.g. systemd-timesyncd...
Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd
Offline
@Leonid.I: Thanks for clearing that up.
But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case, it is unfit to exist.
-Lysander Spooner
Offline
I actually don't think it makes a difference. I didn't change it and my shit hasn't borked yet.
Read through this thread though: https://bbs.archlinux.org/viewtopic.php?id=182428
I thought that posting a recursive link was just sarcastic humor until I saw that the thread had been merged.
Some of you may find my pacnew merge scripts useful for handling these files: http://xyne.archlinux.ca/projects/pacnew_scripts/
My Arch Linux Stuff • Forum Etiquette • Community Ethos - Arch is not for everyone
Offline
Way to post 5000 times Xyne!
Offline