#2228 [RFE] Manage local users from /etc/passwd and account service
Closed: wontfix 3 years ago by pbrezina. Opened 10 years ago by jhrozek.

The SSSD should be enhanced so that it's capable of managing local users.

Architecturally, the UNIX files would be treated as the authoritative data store, much like we treat LDAP normally, with the local cache augmenting the files with extra data.

The database that stores the augmented data must not be called 'cache' and should reside in a different directory.

One question that is left a bit undecided at this time is which accounts should be marked as system accounts. The current proposal was that all accounts that were created directly with the files (and not utilities like libuser) would be system accounts. The utilities could create both account types.


Fields changed

blockedby: 2229 => 2229,2244

Fields changed

blockedby: 2229,2244 => 2229,2244,2227

Fields changed

blockedby: 2229,2244,2227 => 2229,2244,2227,843,1126

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.13 beta
rhbz: => todo
summary: RFE: Manage local users => [RFE] Manage local users from /etc/passwd and account service

While the design page explicitly talks about synchronization, JanP suggested to add an option where sssd database would be the one and sole owner of the data and /etc/passwd would only contain:

 # do not edit this file, see man sssd-passwd(1)

This won't be the default, but should be included as an alternative.

Fields changed

cc: => jpazdziora@redhat.com

Fields changed

mark: => 1

We need to start on this effort already..

priority: major => critical

Fields changed

milestone: SSSD 1.13 beta => SSSD 1.13 backlog

We should start working on individual pieces after downstream requirements for 1.13 are met, but won't make 1.13, sorry.

milestone: SSSD 1.13 backlog => SSSD 1.14 beta
priority: critical => blocker

This is out of scope for 1.14, unfortunately. Moving to 1.15.

The good news is that we had another face-to-face meeting during the devconf.cz conference and now we now exactly what to do. This is a target for the Fedora-25 distro release.

milestone: SSSD 1.14 beta => SSSD 1.15 beta
sensitive: => 0

Fields changed

milestone: SSSD 1.16 beta => SSSD 1.15 Beta

Fields changed

blockedby: 2229,2244,2227,843,1126 => 2229,2244,2227,843,1126,3242

Fields changed

blockedby: 2229,2244,2227,843,1126,3242 => 2229,2244,2227,843,1126,3242,3262

Metadata Update from @jhrozek:
- Issue marked as blocked by: #2494
- Issue marked as blocked by: #3242
- Issue marked as depending on: #1126
- Issue marked as depending on: #2227
- Issue marked as depending on: #2229
- Issue marked as depending on: #2244
- Issue marked as depending on: #3242
- Issue marked as depending on: #3262
- Issue marked as depending on: #843
- Issue set to the milestone: SSSD 1.15.3

7 years ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from 0)
- Custom field mark adjusted to on (was: 1)
- Custom field patch reset (from 0)
- Custom field review reset (from 0)
- Custom field sensitive reset (from 0)
- Custom field testsupdated reset (from 0)
- Issue unmarked as blocking: #2227
- Issue unmarked as blocking: #2229
- Issue unmarked as blocking: #2244
- Issue unmarked as blocking: #3242
- Issue unmarked as blocking: #3262
- Issue unmarked as depending on: #2494

6 years ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue set to the milestone: SSSD Future releases (no date set yet) (was: SSSD 1.15.3)

6 years ago

Please note that the files provider that mirrors the contents of /etc/passwd and /etc/group is already developed and shipped since Fedora-26. This ticket now tracks implementing the writable interface and implementing the accountsService interface so we can obsolete accountsService.

(On a tangent, this was expressed with the blocked/blocking tickets, but pagure handles them in a strange way, so I just removed all the blocks..)

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)

6 years ago

(On a tangent, this was expressed with the blocked/blocking tickets, but pagure handles them in a strange way, so I just removed all the blocks..)

Could you elaborate? Because bug with dependencies should be fixed.

Metadata Update from @lslebodn:
- Custom field design_review reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)

6 years ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)

6 years ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue set to the milestone: SSSD 2.0 (was: SSSD Future releases (no date set yet))

6 years ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue priority set to: critical (was: blocker)

6 years ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue priority set to: minor (was: critical)

6 years ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue set to the milestone: SSSD 2.1 (was: SSSD 2.0)

5 years ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue set to the milestone: SSSD 2.2 (was: SSSD 2.1)

5 years ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue set to the milestone: SSSD 2.3 (was: SSSD 2.2)

4 years ago

Metadata Update from @thalman:
- Custom field design_review reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue tagged with: Canditate to close

4 years ago

Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfill this request I am closing the issue as wontfix.

If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.

Thank you for understanding.

Metadata Update from @pbrezina:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3270

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata