Static passwd/group + checks
Static passwd/group + checks
Posted Apr 24, 2025 2:24 UTC (Thu) by champtar (subscriber, #128673)Parent article: Addressing UID/GID drift in rpm-ostree and bootc
At work we use rpm-ostree but rarely overlay anything that we don't control,
so we ended up having static passwd/group + the following in postprocess-script:
so we ended up having static passwd/group + the following in postprocess-script:
> systemd-sysusers
> # fail if extra user / group have been created
> tail -n1 /etc/passwd | grep -q nobody || exit 42
> tail -n1 /etc/group | grep -q nobody || exit 42