A System and Service Manager
4ab2887d57
Without this parameter, we would allow user@ to start if the user has no password (i.e. the password is "locked"). But when the user does have a password, and it is marked as expired, we would refuse to start the service. There are other authentication mechanisms and we should not tie this service to the password state. The documented way to disable an *account* is to call 'chage -E0'. With a disabled account, user@.service will still refuse to start: systemd[16598]: PAM failed: User account has expired systemd[16598]: PAM failed: User account has expired systemd[16598]: user@1005.service: Failed to set up PAM session: Operation not permitted systemd[16598]: user@1005.service: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation n ot permitted systemd[1]: user@1005.service: Main process exited, code=exited, status=224/PAM systemd[1]: user@1005.service: Failed with result 'exit-code'. systemd[1]: Failed to start user@1005.service. systemd[1]: Stopping user-runtime-dir@1005.service... RHEL-only Resolves: #2059553 |
||
|---|---|---|
| tests | ||
| .gitignore | ||
| .zuul.yaml | ||
| 10-oomd-defaults.conf | ||
| 10-oomd-root-slice-defaults.conf | ||
| 10-oomd-user-service-defaults.conf | ||
| 20-grubby.install | ||
| 20-yama-ptrace.conf | ||
| 0001-logind-set-RemoveIPC-to-false-by-default.patch | ||
| 0002-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch | ||
| 0003-Copy-40-redhat.rules-from-RHEL-8.patch | ||
| 0004-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch | ||
| 0005-unit-don-t-add-Requires-for-tmp.mount.patch | ||
| 0006-units-add-Install-section-to-tmp.mount.patch | ||
| 0007-rc-local-order-after-network-online.target.patch | ||
| 0008-ci-drop-CIs-irrelevant-for-downstream.patch | ||
| 0009-ci-reconfigure-Packit-for-RHEL-9.patch | ||
| 0010-ci-run-unit-tests-on-z-stream-branches-as-well.patch | ||
| 0011-random-util-increase-random-seed-size-to-1024.patch | ||
| 0012-journal-don-t-enable-systemd-journald-audit.socket-b.patch | ||
| 0013-journald.conf-don-t-touch-current-audit-settings.patch | ||
| 0014-Revert-udev-remove-WAIT_FOR-key.patch | ||
| 0015-Really-don-t-enable-systemd-journald-audit.socket.patch | ||
| 0016-rules-add-elevator-kernel-command-line-parameter.patch | ||
| 0017-units-don-t-enable-tmp.mount-statically-in-local-fs..patch | ||
| 0018-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch | ||
| 0019-set-core-ulimit-to-0-like-on-RHEL-7.patch | ||
| 0020-ci-use-C9S-chroots-in-Packit.patch | ||
| 0021-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch | ||
| 0022-Treat-EPERM-as-not-available-too.patch | ||
| 0023-test-copy-portable-profiles-into-the-image-if-they-d.patch | ||
| 0024-test-introduce-get_cgroup_hierarchy-helper.patch | ||
| 0025-test-require-unified-cgroup-hierarchy-for-TEST-56.patch | ||
| 0026-tests-rework-test-macros-to-not-take-code-as-paramet.patch | ||
| 0027-test-allow-to-set-NULL-to-intro-or-outro.patch | ||
| 0028-udev-net-setup-link-change-the-default-MACAddressPol.patch | ||
| 0029-man-mention-System-Administrator-s-Guide-in-systemct.patch | ||
| 0030-Net-naming-scheme-for-RHEL-9.0.patch | ||
| 0031-core-decrease-log-level-of-messages-about-use-of-Kil.patch | ||
| 0032-ci-replace-apt-key-with-signed-by.patch | ||
| 0033-ci-fix-clang-13-installation.patch | ||
| gating.yaml | ||
| inittab | ||
| libsystemd-shared.abignore | ||
| macros.sysusers | ||
| nocache.conf | ||
| owner-check.sh | ||
| owner-check.template | ||
| purge-nobody-user | ||
| rc.local | ||
| rpminspect.yaml | ||
| sources | ||
| split-files.py | ||
| sysctl.conf.README | ||
| systemd-journal-gatewayd.xml | ||
| systemd-journal-remote.xml | ||
| systemd-udev-trigger-no-reload.conf | ||
| systemd-user | ||
| systemd.rpmlintrc | ||
| systemd.spec | ||
| sysusers.attr | ||
| sysusers.generate-pre.sh | ||
| sysusers.prov | ||
| triggers.systemd | ||
| yum-protect-systemd.conf | ||