From a4c0528f14257e23a8fad8855f178ef71d99978b Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 23 Oct 2024 22:22:54 +0200 Subject: [PATCH] sysusers.d: lock all system users defined by us --- sysusers.d/basic.conf.in | 2 +- sysusers.d/systemd-coredump.conf | 2 +- sysusers.d/systemd-network.conf.in | 2 +- sysusers.d/systemd-oom.conf | 2 +- sysusers.d/systemd-remote.conf | 2 +- sysusers.d/systemd-resolve.conf.in | 2 +- sysusers.d/systemd-timesync.conf.in | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/sysusers.d/basic.conf.in b/sysusers.d/basic.conf.in index 0aec080a4cb..992af346ca6 100644 --- a/sysusers.d/basic.conf.in +++ b/sysusers.d/basic.conf.in @@ -11,7 +11,7 @@ u root 0:0 "Super User" /root # The nobody user/group for NFS file systems g {{NOBODY_GROUP_NAME}} 65534 - - -u {{NOBODY_USER_NAME }} 65534:65534 "Kernel Overflow User" - +u! {{NOBODY_USER_NAME }} 65534:65534 "Kernel Overflow User" - # Administrator group: can *see* more than normal users g adm {{ADM_GID }} - - diff --git a/sysusers.d/systemd-coredump.conf b/sysusers.d/systemd-coredump.conf index c4ff003bd60..2ab8a41b9da 100644 --- a/sysusers.d/systemd-coredump.conf +++ b/sysusers.d/systemd-coredump.conf @@ -5,4 +5,4 @@ # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. -u systemd-coredump - "systemd Core Dumper" +u! systemd-coredump - "systemd Core Dumper" diff --git a/sysusers.d/systemd-network.conf.in b/sysusers.d/systemd-network.conf.in index 7c64a4681fd..fc04827efdd 100644 --- a/sysusers.d/systemd-network.conf.in +++ b/sysusers.d/systemd-network.conf.in @@ -5,4 +5,4 @@ # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. -u systemd-network {{SYSTEMD_NETWORK_UID}} "systemd Network Management" +u! systemd-network {{SYSTEMD_NETWORK_UID}} "systemd Network Management" diff --git a/sysusers.d/systemd-oom.conf b/sysusers.d/systemd-oom.conf index 27e571feb5e..1ce3d23b6be 100644 --- a/sysusers.d/systemd-oom.conf +++ b/sysusers.d/systemd-oom.conf @@ -5,4 +5,4 @@ # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. -u systemd-oom - "systemd Userspace OOM Killer" +u! systemd-oom - "systemd Userspace OOM Killer" diff --git a/sysusers.d/systemd-remote.conf b/sysusers.d/systemd-remote.conf index ca20c248961..796850c9e61 100644 --- a/sysusers.d/systemd-remote.conf +++ b/sysusers.d/systemd-remote.conf @@ -5,4 +5,4 @@ # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. -u systemd-journal-remote - "systemd Journal Remote" +u! systemd-journal-remote - "systemd Journal Remote" diff --git a/sysusers.d/systemd-resolve.conf.in b/sysusers.d/systemd-resolve.conf.in index 9f02ef94e6e..e385070c45b 100644 --- a/sysusers.d/systemd-resolve.conf.in +++ b/sysusers.d/systemd-resolve.conf.in @@ -5,4 +5,4 @@ # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. -u systemd-resolve {{SYSTEMD_RESOLVE_UID}} "systemd Resolver" +u! systemd-resolve {{SYSTEMD_RESOLVE_UID}} "systemd Resolver" diff --git a/sysusers.d/systemd-timesync.conf.in b/sysusers.d/systemd-timesync.conf.in index e50f0254169..7b9fb3d8d9f 100644 --- a/sysusers.d/systemd-timesync.conf.in +++ b/sysusers.d/systemd-timesync.conf.in @@ -5,4 +5,4 @@ # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. -u systemd-timesync {{SYSTEMD_TIMESYNC_UID}} "systemd Time Synchronization" +u! systemd-timesync {{SYSTEMD_TIMESYNC_UID}} "systemd Time Synchronization" -- 2.47.3