Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

revise restricted system usernames #2634

Closed
phillxnet opened this issue Aug 1, 2023 · 3 comments
Closed

revise restricted system usernames #2634

phillxnet opened this issue Aug 1, 2023 · 3 comments
Assignees
@phillxnet
Milestone
5.1.X-X Stable re...

Comments

@phillxnet
Copy link
Member

Within our user management we have a hard-wired username list. This is in need of revision.
See:

rockstor-core/src/rockstor/storageadmin/views/user.py

Lines 39 to 41 in 5252197

class UserMixin(object):
serializer_class = SUserSerializer
exclude_list = (

Used primarily for validating user input re users.
@phillxnet phillxnet changed the title revise excluded system usernames revise restricted system usernames Aug 1, 2023
@Hooverdan96
Copy link
Member

Hooverdan96 commented Sep 29, 2023
edited
Loading

I attempted to do a comparison between two current OpenSUSE flavors we have and whether they are in the currently maintained list. After a fairly fresh install, these were the users I've identified (I think I excluded all the users, I didn't create manually). I don't have a 15.5 install, but I assume it will either be the same as 15.4 or fairly close.

User Description Current Hard-code LEAP 15.4 TW
at Batch jobs daemon No X X
avahi User for Avahi X X X
bin bin X No X
chrony Chrony Daemon No X X
daemon Daemon X X X
dnsmasq dnsmasq No No X
dockremap docker --userns-remap=default No X X
lp Printing daemon No X X
mail Mailer daemon X X X
messagebus User for D-Bus No X X
nginx User for nginx X X X
nobody nobody X X X
nscd User for nscd No No X
ntp NTP account X X X
pesign PE-COFF signing daemon No X X
polkitd User for polkitd No X X
postfix Postfix Daemon X X X
postgres PostgreSQL Server X X X
root root X X X
rpc User for rpcbind X X X
shellinabox user for shellinabox No X X
sshd SSH daemon X X X
statd NFS statd daemon No X X
systemd-network systemd Network Management No X No
systemd-timesync systemd Time Synchronization No X X
tftp TFTP Account No No X
unbound unbound caching DNS server No No X
upsd UPS daemon No X X

Or, mix it with the list here, which is more comprehensive, just to be safe: https://doc.opensuse.org/documentation/leap/startup/html/book-startup/cha-yast-userman.html#sec-yast-userman-defaults

@phillxnet
Copy link
Member Author

@Hooverdan96 Thanks for following-up on this one. I think all we need now is to establish what the system users are on each of our OS bases - likely prioritising TW. And ensure we cover them in our system users list. Pretty sure this is just a mask to identify all users we know are system users and flag them as such. Bit tricky but doable. The current list is just left over from our CentOS days is my assumption.

@phillxnet phillxnet added this to the 5.1.X-X Stable release milestone Jul 3, 2024
@phillxnet phillxnet self-assigned this Jul 9, 2024
phillxnet added a commit to phillxnet/rockstor-core that referenced this issue Jul 9, 2024
@phillxnet
revise restricted system usernames rockstor#2634
5b1a6e2 
Update to reflect current OS base (openSUSE), and its users
associated with common system services.
phillxnet added a commit to phillxnet/rockstor-core that referenced this issue Jul 9, 2024
@phillxnet
user.py - string.format to fstrings rockstor#2634
f02ea7f 
Incidental update from older % string formatter included.
@phillxnet phillxnet mentioned this issue Jul 9, 2024
Merged
phillxnet added a commit that referenced this issue Jul 10, 2024
@phillxnet
Merge pull request #2866 from phillxnet/2634-revise-restricted-system…
1c52870 
…-usernames

revise restricted system usernames #2634
@phillxnet
Copy link
Member Author

Closing as:
Fixed by #2866

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@phillxnet phillxnet

Labels
None yet
Projects
None yet
Milestone
5.1.X-X Stable release
Development

No branches or pull requests
2 participants
@phillxnet @Hooverdan96