From aee5f45217ecebc54ee87d540f7bfdfbbf12f5ea Mon Sep 17 00:00:00 2001
From: Luca BRUNO <luca.bruno@coreos.com>
Date: Tue, 9 Aug 2022 12:40:42 +0000
Subject: [PATCH] overlay/sysusers: add fragments for all FCOS system groups

This translates all Fedora CoreOS system groups (i.e. those coming
from group manifest) into equivalent sysusers.d fragments.

We currently ship four kinds of system groups:
 * basic groups coming from the `/etc/group` file in the `setup`
   package (10-groups-basic.conf)
 * the legacy GID for the `nobody` group (00-group-nobody.conf)
 * extra groups with static GIDs that adhere to the Fedora
   allocation table (10-groups-static-extra.conf)
 * extra groups with static GIDs that are specific to CoreOS
   (00-groups-coreos-static.conf)

These sysusers.d fragments are meant as a transitory measure to
help migrate the existing group entries from the current nss-altfiles
setup to a plain sysusers.d world.
---
 .../usr/lib/sysusers.d/00-group-nobody.conf   |  3 +++
 .../sysusers.d/00-groups-coreos-static.conf   | 16 +++++++++++++
 .../usr/lib/sysusers.d/10-groups-basic.conf   | 23 +++++++++++++++++++
 .../sysusers.d/10-groups-static-extra.conf    | 12 ++++++++++
 4 files changed, 54 insertions(+)
 create mode 100644 overlay.d/15fcos/usr/lib/sysusers.d/00-group-nobody.conf
 create mode 100644 overlay.d/15fcos/usr/lib/sysusers.d/00-groups-coreos-static.conf
 create mode 100644 overlay.d/15fcos/usr/lib/sysusers.d/10-groups-basic.conf
 create mode 100644 overlay.d/15fcos/usr/lib/sysusers.d/10-groups-static-extra.conf

diff --git a/overlay.d/15fcos/usr/lib/sysusers.d/00-group-nobody.conf b/overlay.d/15fcos/usr/lib/sysusers.d/00-group-nobody.conf
new file mode 100644
index 0000000000..a186791dd2
--- /dev/null
+++ b/overlay.d/15fcos/usr/lib/sysusers.d/00-group-nobody.conf
@@ -0,0 +1,3 @@
+# CoreOS mismatch: https://github.com/coreos/fedora-coreos-tracker/issues/1201
+# g nobody 65534
+g nobody 99
diff --git a/overlay.d/15fcos/usr/lib/sysusers.d/00-groups-coreos-static.conf b/overlay.d/15fcos/usr/lib/sysusers.d/00-groups-coreos-static.conf
new file mode 100644
index 0000000000..1a51660445
--- /dev/null
+++ b/overlay.d/15fcos/usr/lib/sysusers.d/00-groups-coreos-static.conf
@@ -0,0 +1,16 @@
+g cgred 996
+g chrony 992
+g cockpit-ws 987
+g dockerroot 986
+g etcd 997
+g input 104
+g kube 994
+g nfsnobody 65534
+g polkitd 998
+g ssh_keys 999
+g sssd 993
+g sudo 16
+g systemd-bus-proxy 988
+g systemd-network 990
+g systemd-resolve 989
+g systemd-timesync 991
diff --git a/overlay.d/15fcos/usr/lib/sysusers.d/10-groups-basic.conf b/overlay.d/15fcos/usr/lib/sysusers.d/10-groups-basic.conf
new file mode 100644
index 0000000000..9faac4a665
--- /dev/null
+++ b/overlay.d/15fcos/usr/lib/sysusers.d/10-groups-basic.conf
@@ -0,0 +1,23 @@
+g adm 4
+g audio 63
+g bin 1
+g cdrom 11
+g daemon 2
+g dialout 18
+g disk 6
+g floppy 19
+g ftp 50
+g games 20
+g kmem 9
+g lock 54
+g lp 7
+g mail 12
+g man 15
+g mem 8
+g root 0
+g sys 3
+g tape 33
+g tty 5
+g users 100
+g video 39
+g wheel 10
diff --git a/overlay.d/15fcos/usr/lib/sysusers.d/10-groups-static-extra.conf b/overlay.d/15fcos/usr/lib/sysusers.d/10-groups-static-extra.conf
new file mode 100644
index 0000000000..df8c48080b
--- /dev/null
+++ b/overlay.d/15fcos/usr/lib/sysusers.d/10-groups-static-extra.conf
@@ -0,0 +1,12 @@
+g avahi-autoipd 170
+g ceph 167
+g dbus 81
+g dip 40
+g rpc 32
+g rpcuser 29
+g sshd 74
+g systemd-journal 190
+g tcpdump 72
+g tss 59
+g utempter 35
+g utmp 22