(In reply to comment #5)
<snip>
> Not sure I agree with this one.
> Yes, we should filter on the login shell. But that doesn't mean that we should
> ignore the minimal uid
The minimal UID is only useful to create new users, nothing else. In fact it creates problems with perfectly normal administration policies (like adding new users should start from UID 5000, but users local to the machine get 500 and above, for example).
(In reply to comment #6)
> Just looking at my /etc/passwd, there's odd things like sync and halt, which
> are not /sbin/nologin
They're already ignored, see the daemon->priv->exclusions hash_table that has every item in default_excludes[] added.
(In reply to comment #5)
<snip>
> Not sure I agree with this one.
> Yes, we should filter on the login shell. But that doesn't mean that we should
> ignore the minimal uid
The minimal UID is only useful to create new users, nothing else. In fact it creates problems with perfectly normal administration policies (like adding new users should start from UID 5000, but users local to the machine get 500 and above, for example).
(In reply to comment #6)
> Just looking at my /etc/passwd, there's odd things like sync and halt, which
> are not /sbin/nologin
They're already ignored, see the daemon- >priv-> exclusions hash_table that has every item in default_excludes[] added.
The same scheme work for GDM in the past.