userdb: Add missing .membership extension to membership files

Follow up for fe0342edf4693ac14c8cb9a977afa09e4acd4daf

This also drops the mkosi testuser from the wheel and systemd-journal
groups as the integration tests rely on the testuser not being to read
the full journal.

diff --git a/mkosi/mkosi.credentials/userdb.user.testuser b/mkosi/mkosi.credentials/userdb.user.testuser
index 6a2ce883241ccf152fe899b056fdfea2f8677fdd..69a1bfd21daf7c6c2942ac0d5faeaf8ab64d56f3 100644 (file)
--- a/mkosi/mkosi.credentials/userdb.user.testuser
+++ b/mkosi/mkosi.credentials/userdb.user.testuser
@@ -3,10 +3,6 @@
     "uid": 4711,
     "disposition": "regular",
     "enforcePasswordPolicy": false,
-    "memberOf": [
-        "wheel",
-        "systemd-journal"
-    ],
     "shell": "/bin/bash",
     "privileged": {
         "hashedPassword": ["$1$kqp7NF1f$tNnQcshPX53CSfRKTQD0R1"]

diff --git a/src/userdb/userdbctl.c b/src/userdb/userdbctl.c
index 8efdc7c133680bd5b1348f45804ffa2816e5289c..ca698e7345f592cb1c42246762761d591ea7820b 100644 (file)
--- a/src/userdb/userdbctl.c
+++ b/src/userdb/userdbctl.c
@@ -1430,7 +1430,7 @@ static int load_credential_one(
 
         if (ur)
                 STRV_FOREACH(g, ur->member_of) {
-                        _cleanup_free_ char *membership = strjoin(ur->user_name, ":", *g);
+                        _cleanup_free_ char *membership = strjoin(ur->user_name, ":", *g, ".membership");
                         if (!membership)
                                 return log_oom();
 
@@ -1442,7 +1442,7 @@ static int load_credential_one(
                 }
         else
                 STRV_FOREACH(u, gr->members) {
-                        _cleanup_free_ char *membership = strjoin(*u, ":", gr->group_name);
+                        _cleanup_free_ char *membership = strjoin(*u, ":", gr->group_name, ".membership");
                         if (!membership)
                                 return log_oom();