aboutsummaryrefslogtreecommitdiff
path: root/system/skeleton/etc
Commit message (Collapse)AuthorAgeFilesLines
* system: replace nogroup with nobodyGravatar Norbert Lange2020-07-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, we define the so-called "overflow group" as 'nogroup'. However, one practical issue is that systemd-sysusers will otherwise create a 'nobody' group with gid 999, because that's is what is usual to define the overflow group: users and groups are defined in LSB (Linux Standard Base): https://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/usernames.html Quoting: "If the username exists on a system,then they should be in the suggested corresponding group". Only Debian and derivatives depart from this custom, naming it 'nogroup' (hence the rationale for commit 908198e756b4 (system/skeleton: remove spurious group 'nobody'). See also commit 9c67af2c52 (system/skeleton: use uid/gid 65534 for nobody/nogroup), and a related discussion on LWN.net (key is "overflow UID" which also applies to GID): https://lwn.net/Articles/695478/ Use the recommended groupname 'nobody'. Adapt packages accordingly. Signed-off-by: Norbert Lange <nolange79@gmail.com> [yann.morin.1998@free.fr: - reword commit log - extend commit log with more references (commits and LWN) ] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* system/skeleton: drop PAGER from /etc/profileGravatar Lubomir Rintel2019-09-071-1/+0
| | | | | | | | | | | | | | | We couldn't track down the reason why the profile sets $PAGER other than that it has always been there. However, it defeats pager autodetection by various tool (systemctl, nmcli, etc.) that would otherwise prefer less to more, in case both were available. Let's drop it. My desktop Linux distro (Fedora) doesn't seem to set it either and the universe doesn't seem to have collapsed yet. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* system/skeleton: remove password expiration from shadowGravatar Arnout Vandecappelle (Essensium/Mind)2019-03-201-9/+9
| | | | | | | | | | | | | | | | | | The fields in /etc/shadow were set as follows: root::10933:0:99999:7::: This sets the date of last password change to Jan 1, 2000, the minimum password age to 0 days, the maximum password age to near-infinity, and a warning period of 7 days. In practice, this means the password never expires. So all of this is quite useless. On the other hand, mkusers creates lines without all of these options. It just sets ::::: which disables password expiration completely. To make things consistent, do the same for the skeleton entries. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* skeleton: use BR2_SYSTEM_DEFAULT_PATH as default PATHGravatar Markus Mayer2018-12-311-1/+1
| | | | | | | | | | | | | | | We substitute the path specified in system/skeleton/etc/profile with the path specified in the configuration variable $(BR2_SYSTEM_DEFAULT_PATH). $(BR2_SYSTEM_DEFAULT_PATH) is a Kconfig string, so it is already double quoted. This means that export PATH=value will now be export PATH="value" in /etc/profile, which is perfectly fine. Signed-off-by: Markus Mayer <mmayer@broadcom.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> [Thomas: rework commit log about the double quoting] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* skeleton: PAGER without blank and unset at end of for loopGravatar Florian La Roche2018-06-051-2/+2
| | | | | | | | | | The PAGER environment variable is including a blank character at the end. Remove this. A for loop has been unsetting the variable inside the loop, this is only needed once at the end of the loop. Signed-off-by: Florian La Roche <F.LaRoche@pilz.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* system: separate sysv and systemd parts of the skeletonGravatar Yann E. MORIN2017-08-021-8/+0
| | | | | | | | | | | | | | | | | | | | | | | | For systemd, we create a simple /etc/fstab with only an entry for /, as systemd otherwise automatically mounts what it needs where it needs it. systemd does not like that the content of /var be symlinks to /tmp, especially journald that starts before /tmp is mounted, and thus the journal files are hidden from view, which causes quite a bit of fuss... Instead, move the current /var to a sysv-only skeleton. systemd at install time will create the /var content it needs, so we just create an empty /var for systemd. systemd would create /home and /srv at runtime if they are missing, but it is better to create them right now, to simplify supporting systemd on a RO filesystem in the (near) future. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/ifupdown-scripts: new packageGravatar Yann E. MORIN2017-07-044-21/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | The ifupdown scripts can be used independently of the init system, be it sysv, busybox or systemd; they could even be used when there is no init system (i.e. the user is providing his own). Currently, those ifupdown scripts are bundled in the skeleton. But we soon will have a skeleton specific to systemd, so we would be missing those scripts (when systemd-networkd is not enabled). So, move those scripts to their own package. To keep the current behaviour (before it is changed in future commits), we make that package default to y, but depend on the default skeleton. Instead of being a target-finalize hook, the scripts are installed as any other package are, with a package install-target command. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Arnout Vandecappelle <arnout@mind.be> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> [Thomas: drop empty IFUPDOWN_SCRIPTS_SOURCE] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* skeleton: fix permissions on /dev/pts/ptmxGravatar Jan Kundrát2017-03-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Without this patch, it is not possible to allocate PTYs when a generated rootfs image with a recent glibc and systemd is launched as a container on an RHEL7 system via machinectl/systemd-nspawn. The container boots, but `machinectl login mycontainer` fails. The culprit is /dev/pts/ptmx with 0000 perms. On a typical system, there are two `ptmx` devices. One is provided by the devpts at /dev/pts/ptmx and it is typically not directly accessed from userspace. The other one which actually *is* opened by processes is /dev/ptmx. Kernel's documentation says these days that /dev/ptmx should be either a symlink, or a bind mount of the /dev/pts/ptmx from devpts. When a container is launched via machinectl/machined/systemd-nspawn, the container manager prepares a root filesystem so that the container can live in an appropriate namespace (this is similar to what initramfs is doing on x86 desktops). During these preparations, systemd-nspawn mounts a devpts instance using a correct ptmxmode=0666 within the container-to-be's /dev/pts, and it adds a compatibility symlink at /dev/ptmx. However, once systemd takes over as an init in the container, /lib/systemd/systemd-remount-fs applies mount options from /etc/fstab to all fileystems. Because the buildroot's template used to not include the ptmxmode=... option, a default value of 0000 was taking an effect which in turn led to not being able to allocate any pseudo-terminals. The relevant kernel option was introduced upstream in commit 1f8f1e29 back in 2009. The oldest linux-headers referenced from buildroot's config is 3.0, and that version definitely has that commit. Mount options that are not understood by the system are anyway ignored, so backward compatibility is preserved. Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> [Thomas: fix commit title, adjust commit log.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* system/skeleton: use uid/gid 65534 for nobody/nogroupGravatar Peter Korsgaard2016-08-262-2/+2
| | | | | | | | | | | | | | | | | | | | | | As recently discussed on lwn.net: https://lwn.net/Articles/695478/ The kernel has special behaviour for uid/gid 65534: 1. The kernel maps UIDs > 65535 to it when some subsystem/API/fs only supports 16bit UIDs, but a 32bit UID is passed to it. 2. it's used by the kernel's user namespacing as the internal UID that external UIDs are mapped to that don't have any local mapping. 3. It's used by NFS for all user IDs that cannot be mapped locally if UID mapping is enabled. Most distributions already map (or are in the progress of changing) nobody/nogroup to the 65534 uid/gid, so lets do so as well. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/skeleton: remove useless .empty fileGravatar Yann E. MORIN2016-07-051-0/+0
| | | | | | | | We now have a real file in that directory, so we do not need a .empty placeholder. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* system/skeleton: update etc/mtab with a more sensible linkGravatar Yann E. MORIN2016-07-051-1/+1
| | | | | | | | | | | | | | | | | | | Currently, our /etc/mtab points to /proc/mounts. This was all neat so far, and was good for a sysv-like init system. However, the way today is to point it at /proc/self/mounts, the per-process mount tab. Additionnally, that's what systemd expects. If /etc/mtab is not a symlink to ../proc/self/mounts and the rootfs is readonly, systemd would whine loudly (and a service unit would be marked failed). Since it works well for sysv-like init systems too, just use that. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Reviewed-by: Romain Naour <romain.naour@gmail.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* skeleton: Rename /etc/profile.d/umask to umask.shGravatar Nicolas Cavallari2016-02-101-0/+0
| | | | | | | | | /etc/profile only sources files that matches the /etc/profile.d/*.sh pattern, so /etc/profile.d/umask was never sourced. Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr> Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Makefile: drop ldconfig handlingGravatar Thomas Petazzoni2016-01-031-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | The ldconfig handling in the main Makefile is utterly broken, as it calls the build machine ldconfig to generate the ld.so.cache of the target. Unfortunately, the format of the ld.so.cache is architecture specific, and therefore the build machine ldconfig cannot be used as-is. This patch therefore simply drops using ldconfig entirely, and removes /etc/ld.so.conf.d/ from the target skeleton. The idea is that all libraries that should be loaded by the dynamic linker must be installed in paths where the dynamic linker searches them by default (typically /lib or /usr/lib). This might potentially break a few packages, but the only way to know is to actually stop handling ldconfig. In order to be notified of such cases, we add a check in target-finalize to verify that there is no /etc/ld.so.conf file as well as no /etc/ld.so.conf.d directory. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* readline: install configuration file from package recipeGravatar Jérôme Pouiller2015-11-171-44/+0
| | | | | | | | | | /etc/inputrc is configuration file for readline. However, until now, it was provided by skeleton. This patch install /etc/inputrc from readline recipe. Signed-off-by: Jérôme Pouiller <jezz@sysmic.org> Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* skeleton: remove unused /etc/issueGravatar Jérôme Pouiller2015-11-171-3/+0
| | | | | | | | | | | | | /etc/issue is managed with BR2_TARGET_GENERIC_ISSUE. In case BR2_TARGET_GENERIC_ISSUE is set (which is default), /etc/issue is overwritten. In case BR2_TARGET_GENERIC_ISSUE is not set, we don't want /etc/issue exist. Finaly, remove /etc/issue from skeleton. Signed-off-by: Jérôme Pouiller <jezz@sysmic.org> Reviewed-by: "Maxime Hadjinlian" <maxime.hadjinlian@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* skeleton: optionally wait for network interfaces to appearGravatar Jérôme Pouiller2015-11-021-0/+21
| | | | | | | | | | | | | | | | | | | | | | This patch has same purpose than 49964858f45d2243c513e6d362e992ad89ec7a45: On some machines, the network interface is slow to appear. For example, on the Raspberry Pi, the network interface eth0 is an ethernet-over-USB, and our standard boot process is too fast, so our network startup script is called before the USB bus is compeltely enumerated, thus it can't configure eth0. Closes #8116. However, wait-delay hook is enabled only if wait-delay property appears in /etc/network/interfaces. This patch enable it automaticaly when interface is configured through DHCP at bootup. But, if user choose to write /etc/network/interface himself, he have to explicitly set wait-delay. Signed-off-by: Jérôme Pouiller <jezz@sysmic.org> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* skeleton: add "operator" groupGravatar Jérôme Pouiller2015-10-281-0/+1
| | | | | | | gid 37 was referenced in /etc/passwd but not in /etc/group Signed-off-by: Jérôme Pouiller <jezz@sysmic.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* skeleton: sync /etc/shadow with /etc/passwdGravatar Jérôme Pouiller2015-10-281-3/+4
| | | | | | | | | Synchronize /etc/shadow with /etc/passwd: - remove "halt" and "uucp" - add "sys", "mail" and "www-data" Signed-off-by: Jérôme Pouiller <jezz@sysmic.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* system/skeleton: finalize removal of ftp userGravatar Thomas Petazzoni2015-10-181-1/+0
| | | | | | | | | | | | | | In commit 3dde19e5f32c58ffbf7e190257b073e91e0a7e8d, the ftp user was removed from /etc/passwd, /etc/group and /home in the skeleton, but the corresponding entry was not removed from /etc/shadow. This commit fixes that. Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Cc: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* skeleton: Remove ftp user and /home/ftpGravatar Maxime Hadjinlian2015-10-102-2/+0
| | | | | | Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* skeleton: Pretty fixes for /etc/profileGravatar Maxime Hadjinlian2015-10-041-14/+10
| | | | | | | | | | Fix indent and put PATH on a single line. Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net> Tested-by: Luca Ceresoli <luca@lucaceresoli.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* skeleton: Clean up profile fileGravatar Maxime Hadjinlian2015-10-042-49/+8
| | | | | | | | | | | | | | | | | There's a lot of code in /etc/profile, which doesn't really belong in a minimal default skeleton. Also, add an 'unset i' to avoid clutter. If the user has a specific needs, it needs to be added in /etc/profile.d/ by a post-build script. Signed-off-by Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net> Tested-by: Luca Ceresoli <luca@lucaceresoli.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* initscripts: new packageGravatar Maxime Hadjinlian2015-07-145-168/+0
| | | | | | | | | | | | | | | | | The folder init.d is currently installed by default since it's part of our skeleton. This patch creates a package out of it and make busybox/sysvinit depends on it. This way, if you chose another init, you don't end up with a useless init.d folder. [Thomas: - make the initscripts package selectable via a hidden bool - remove some unneeded changes in sysvinit.mk.] Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* skeleton: apply locale settings in user shellsGravatar Maxim Mikityanskiy2015-07-131-0/+23
| | | | | | | | | | | | | Add /etc/profile.d/locale.sh script from Arch Linux to /etc/profile. This script looks for locale.conf, sources it, and exports the LANG and LC_* variables. [Arnout: put in /etc/profile in the skeleton rather than making it systemd specific.] Signed-off-by: Maxim Mikityanskiy <maxtram95@gmail.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* core/skeleton: drop /etc/securettyGravatar Yann E. MORIN2015-07-131-57/+0
| | | | | | | | | | | | | | | | securetty is supposed to restrict the terminals root is allowed to login from. As it happens, login from busybox (w/ securetty support) is actually enforcing use of securetty, while login from util-linux is completely ignoring securetty altogether. Remove securetty from our skeleton altogether and stop worrying about it. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Cc: Arnout Vandecappelle <arnout@mind.be> Cc: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* system/skeleton: don't use random-seed from a read-only fsGravatar Baruch Siach2015-07-081-10/+7
| | | | | | | | | | A random-seed from a read-only filesystem is useless. Also, drop the check for /etc/random-seed existence; it must exist after a touch. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* system/skeleton: remove random-seedGravatar Baruch Siach2015-07-081-0/+0
| | | | | | | | | Seeding the entropy pool with a known seed makes more harm than good. This is especially bad for when /etc is not on a persistent writable storage, so the entropy pool is seeded with the same value on every boot. Just drop it. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* system/skeleton: fix /etc/groupGravatar Bartosz Golaszewski2015-04-211-1/+1
| | | | | | | | | | | | When using busybox compiled from current git, login emits the following message: login: /etc/group: bad record Fix it by adding the missing colon to /etc/group in system/skeleton. Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* skeleton: make /run a proper directory/filesystemGravatar Gustavo Zacarias2015-02-031-9/+8
| | | | | | | | | | | | | | | | | | | | Making /var/run and /run symlinks to /tmp is bad since the underlying tmpfs filesystem is mode 1777 which leads to possible security attack vectors via badly owned/mask-mode pidfiles and state files residing there. So make /run a proper directory with /var/run symlinked to it. Eventually all startup scripts and state info should be pointed to /run directly as per the linux fhs and good practice. Add a tmpfs filesystem entry for /run so that busybox inittab, systemv inittab and systemd automount mounts it there to avoid breaking the system. While at it fix inconsistent spacing in /etc/fstab by using tabs and drop the "static file system information" header whatever that means. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Allow a single DHCP configuration via the system configuration submenuGravatar Jeremy Rosen2015-02-021-4/+0
| | | | | | | | | | | | | | This patch allows the setup of simple a single interface to be automatically brought up and configured via DHCP on system startup. The interface name can be set via a configuration option. This patch does not support systemd-networkd, any complex network configuration should be done via overlay of /etc/network/interfaces or the relevant networkd configuration file [Peter: rename to BR2_SYSTEM_DHCP, tweak help text & implementation] Signed-off-by: Jérémy Rosen <jeremy.rosen@openwide.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* skeleton/S40network: tweak for debian ifupdownGravatar Gustavo Zacarias2015-01-121-0/+3
| | | | | | | | | | Make the S40network script create the /run/network directory for the debian variant of ifupdown which uses it as a lock directory. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Tested-by: Karoly Kasza <kaszak@gmail.com> Reviewed-by: Karoly Kasza <kaszak@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* system/inittab: adjust shutdownGravatar Gustavo Zacarias2014-11-201-4/+3
| | | | | | | | | | | | | | Drop null id since that means "don't show anything" for busybox init, hence the shutdown sequence (/etc/init.d/rcK) doesn't show anything giving the false impression that it's not being run. If someone wants a really silent console they'll need to adjust much more than this anyway. Also swap the root read-only remount with swapoff since the swap can be a regular (loop) file in the root filesystem and make the operation fail resulting in a dirty filesystem. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* system/skeleton: drop lp user from shadowGravatar Gustavo Zacarias2014-10-271-1/+0
| | | | | | | It has no counterpart in passwd so it's basically a NOP. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* system/skeleton: drop shutdown user from shadowGravatar Gustavo Zacarias2014-10-271-1/+0
| | | | | | | It has no counterpart in passwd so it's basically a NOP. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* system/skeleton: drop adm user from shadowGravatar Gustavo Zacarias2014-10-271-1/+0
| | | | | | | It has no counterpart in passwd so it's basically a NOP. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* system/skeleton: drop valid shell from non-login usersGravatar Gustavo Zacarias2014-10-271-8/+8
| | | | | | | Non-login users shouldn't have a valid shell so drop it. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* system/skeleton: drop proxy userGravatar Gustavo Zacarias2014-10-271-1/+0
| | | | | | | | AFAIK no package uses it and even if it did it would belong there. And it's not a standard user either. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* system/skeleton: drop backup userGravatar Gustavo Zacarias2014-10-271-1/+0
| | | | | | | | AFAIK no package uses it and even if it did it would belong there. And it's not a standard user either. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: drop user from skeletonGravatar Gustavo Zacarias2014-10-271-1/+0
| | | | | | | | The sshd privilege drop user doesn't belong in the skeleton, it's exclusively used by OpenSSH. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* dbus: drop user/group from skeletonGravatar Gustavo Zacarias2014-10-272-2/+0
| | | | | | | It belongs to the package. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* system/skeleton: remove haldaemonGravatar Gustavo Zacarias2014-10-272-2/+0
| | | | | | | | | We dropped the hal package quite some time ago, and it's not even a properly created user. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Acked-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* skeleton/etc/profile: drop aliasesGravatar Gustavo Zacarias2014-10-251-11/+0
| | | | | | | | | They all depend on having a custom busybox config and/or fully featured utilities which depend on BR2_PACKAGE_BUSYBOX_SHOW_OTHERS. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* skeleton/etc/profile: remove /usr/bin/X11 from PATHGravatar Gustavo Zacarias2014-10-251-1/+0
| | | | | | | | | That directory has been unused for ages so remove it. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* system/skeleton: make nsswitch install conditionalGravatar Gustavo Zacarias2014-10-251-17/+0
| | | | | | | | | | | | Don't blindly install the /etc/nsswitch.conf file, it's useless for toolchains that aren't (e)glibc-based and misleading. Make the installation conditional on a (e)glibc toolchain. [Thomas: use $(INSTALL) instead of cp.] Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* system/inittab: update to fix bug #7442Gravatar Gustavo Zacarias2014-10-251-1/+1
| | | | | | | | | | | | | | | | | | | Update inittabs (skeleton/busybox & sysvinit) to remove the trailing REMOUNT_ROOTFS_RW comment used as magic string in system/system.mk to enable/disable remounting the root filesystem rw or not since it affects sysvinit in doing so properly as reported in bug #7442. Instead update the sed expressions to match clean non-commented strings by searching for "-o remount,rw /" and checking that's the end of the line as well to avoid affecting possibly other remounts that a user can have in a custom inittab. Long-term the startup block of inittab should just move to a S00sysinit script or similar so that rcS can pick it up directly. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* system/skeleton: remove spurious group 'nobody'Gravatar Yann E. MORIN2014-07-231-1/+0
| | | | | | | | | | | | | | | | We define the two groups 'nobody' and 'nogroup' in our skeleton, but they have the same gid, which is not valid. This breaks the mkuser script, as noticed by Thomas. Anyway, the user 'nobody' belongs to the group 'nogroup' in any sane distribution. So, just remove the spurious 'nobody' group. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Remove user "default"Gravatar Stephan Hoffmann2014-06-073-3/+0
| | | | | | | | | | User "default" with no password has been around for long time, but not used within buildroot. Since we now have BR2_ROOTFS_USERS_TABLES it is no longer needed. Signed-off-by: Stephan Hoffmann <sho@relinux.de> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* system/skeleton: add mail groupGravatar Luca Ceresoli2014-04-051-0/+1
| | | | | Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* skeleton: /etc/fstab: make sure /tmp is world writable and stickyGravatar Peter Korsgaard2014-02-211-1/+1
| | | | | | | | | | | ramfs (which is used instead of tmpfs if CONFIG_SHMEM isn't enabled in the kernel configuration), defaults to mode 0755 instead of 01777 like tmpfs uses. /tmp should be world writable and sticky, so explictly enforce the mode so ramfs users gets it correct instead of relying on the defaults. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Add hypervisor consoles (hvc)Gravatar Anton Blanchard2013-12-161-0/+4
| | | | | | | | Add /dev/hvc* devices, and add them to securetty. These are required for ppc64 virtual consoles. Signed-off-by: Anton Blanchard <anton@samba.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>