sysusers: make group shadow support configurable

Some distros (openSUSE) don't have group shadow support enabled. This can lead
to the following error:

  # systemd-sysusers
  Creating group foofoo with gid 478.
  # systemd-sysusers
  # groupdel foofoo
  # systemd-sysusers
  Creating group foofoo with gid 478.
  Failed to write files: File exists

This patch adds --disable-gshadow option to configure. If used,
systemd-sysvusers won't consider /etc/gshadow.

diff --git a/configure.ac b/configure.ac
index f59f3fa..4851e55 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1092,6 +1092,11 @@ if test "x$enable_sysusers" != "xno"; then
 fi
 AM_CONDITIONAL(ENABLE_SYSUSERS, [test "$have_sysusers" = "yes"])
 
+AC_ARG_ENABLE(gshadow, AS_HELP_STRING([--disable-gshadow], [disable shadow group support]))
+AS_IF([test "x${enable_gshadow}" != "xno"], [
+        AC_DEFINE(ENABLE_GSHADOW, 1, [shadow group support is enabled])
+])
+
 # ------------------------------------------------------------------------------
 have_firstboot=no
 AC_ARG_ENABLE(firstboot, AS_HELP_STRING([--disable-firstboot], [disable firstboot support]))

diff --git a/meson.build b/meson.build
index 14a2053..1d84227 100644 (file)
--- a/meson.build
+++ b/meson.build
@@ -988,6 +988,7 @@ foreach pair : [['utmp',          'HAVE_UTMP'],
                 ['tpm',           'SD_BOOT_LOG_TPM'],
                 ['ima',           'HAVE_IMA'],
                 ['smack',         'HAVE_SMACK'],
+                ['gshadow',       'ENABLE_GSHADOW'],
                ]
 
         if get_option(pair[0])
@@ -2473,6 +2474,7 @@ foreach tuple : [
         ['hibernate'],
         ['adm group',        get_option('adm-group')],
         ['wheel group',      get_option('wheel-group')],
+        ['gshadow'],
         ['debug hashmap'],
         ['debug mmap cache'],
 ]

diff --git a/meson_options.txt b/meson_options.txt
index 4e99b25..3f55cdf 100644 (file)
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -146,6 +146,8 @@ option('dev-kvm-mode', type : 'string', value : '0660',
        description : '/dev/kvm access mode')
 option('default-kill-user-processes', type : 'boolean',
        description : 'the default value for KillUserProcesses= setting')
+option('gshadow', type : 'boolean',
+       description : 'support for shadow group')
 
 option('default-dnssec', type : 'combo',
        description : 'default DNSSEC mode',

diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index 5423978..b8e8963 100644 (file)
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -292,6 +292,7 @@ static int putgrent_with_members(const struct group *gr, FILE *group) {
         return 0;
 }
 
+#ifdef ENABLE_GSHADOW
 static int putsgent_with_members(const struct sgrp *sg, FILE *gshadow) {
         char **a;
 
@@ -341,6 +342,7 @@ static int putsgent_with_members(const struct sgrp *sg, FILE *gshadow) {
 
         return 0;
 }
+#endif
 
 static int sync_rights(FILE *from, FILE *to) {
         struct stat st;
@@ -659,6 +661,7 @@ fail:
 }
 
 static int write_temporary_gshadow(const char * gshadow_path, FILE **tmpfile, char **tmpfile_path) {
+#ifdef ENABLE_GSHADOW
         _cleanup_fclose_ FILE *original = NULL, *gshadow = NULL;
         _cleanup_free_ char *gshadow_tmp = NULL;
         bool group_changed = false;
@@ -740,6 +743,9 @@ static int write_temporary_gshadow(const char * gshadow_path, FILE **tmpfile, ch
 fail:
         unlink(gshadow_tmp);
         return r;
+#else
+        return 0;
+#endif
 }
 
 static int write_files(void) {