3894d93266
If puppet creates users after any static UID/GID users are created, it will use the next available UID or GID even if we intend to use if for another static user. Solve this by increasing the dynamic range minimums in /etc/login.defs, and also define system account maximums explicitly so that they don't get interpreted as one less than the normal user minimums and potentially also conflict. Change-Id: Ie82ee5cbc23ef38b0eddd8c6af611724cc10fb28
69 lines
1.8 KiB
Plaintext
69 lines
1.8 KiB
Plaintext
#
|
|
# Please note that the parameters in this configuration file control the
|
|
# behavior of the tools from the shadow-utils component. None of these
|
|
# tools uses the PAM mechanism, and the utilities that use PAM (such as the
|
|
# passwd command) should therefore be configured elsewhere. Refer to
|
|
# /etc/pam.d/system-auth for more information.
|
|
#
|
|
|
|
# *REQUIRED*
|
|
# Directory where mailboxes reside, _or_ name of file, relative to the
|
|
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
|
|
# QMAIL_DIR is for Qmail
|
|
#
|
|
#QMAIL_DIR Maildir
|
|
MAIL_DIR /var/spool/mail
|
|
#MAIL_FILE .mail
|
|
|
|
# Password aging controls:
|
|
#
|
|
# PASS_MAX_DAYS Maximum number of days a password may be used.
|
|
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
|
|
# PASS_MIN_LEN Minimum acceptable password length.
|
|
# PASS_WARN_AGE Number of days warning given before a password expires.
|
|
#
|
|
PASS_MAX_DAYS 99999
|
|
PASS_MIN_DAYS 0
|
|
PASS_MIN_LEN 5
|
|
PASS_WARN_AGE 7
|
|
|
|
#
|
|
# Min/max values for automatic uid selection in useradd
|
|
#
|
|
SYS_UID_MAX 499
|
|
UID_MIN 3000
|
|
UID_MAX 60000
|
|
|
|
#
|
|
# Min/max values for automatic gid selection in groupadd
|
|
#
|
|
SYS_GID_MAX 499
|
|
GID_MIN 3000
|
|
GID_MAX 60000
|
|
|
|
#
|
|
# If defined, this command is run when removing a user.
|
|
# It should remove any at/cron/print jobs etc. owned by
|
|
# the user to be removed (passed as the first argument).
|
|
#
|
|
#USERDEL_CMD /usr/sbin/userdel_local
|
|
|
|
#
|
|
# If useradd should create home directories for users by default
|
|
# On RH systems, we do. This option is overridden with the -m flag on
|
|
# useradd command line.
|
|
#
|
|
CREATE_HOME yes
|
|
|
|
# The permission mask is initialized to this value. If not specified,
|
|
# the permission mask will be initialized to 022.
|
|
UMASK 077
|
|
|
|
# This enables userdel to remove user groups if no members exist.
|
|
#
|
|
USERGROUPS_ENAB yes
|
|
|
|
# Use SHA512 to encrypt password.
|
|
ENCRYPT_METHOD SHA512
|
|
|