Add Technical_Decomp_Accounts
parent
f669d3c6b9
commit
9a6ba651c5
1 changed files with 27 additions and 0 deletions
27
Technical_Decomp_Accounts.md
Normal file
27
Technical_Decomp_Accounts.md
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
## enroll/accounts.py
|
||||
|
||||
### UserRecord (dataclass)
|
||||
|
||||
Purpose: represents one “human” (non-system) user found on the machine.
|
||||
|
||||
Fields:
|
||||
|
||||
- name, uid, gid, gecos, home, shell: parsed from /etc/passwd
|
||||
- primary_group: resolved from /etc/group by matching the user’s primary gid
|
||||
- supplementary_groups: any other groups where the user appears in the group member list
|
||||
- ssh_files: list of safe-to-copy SSH public material, currently only:
|
||||
- ~/.ssh/authorized_keys if it exists and isn’t a symlink
|
||||
|
||||
### Lifecycle / where it’s used:
|
||||
|
||||
Constructed in `collect_non_system_users()`.
|
||||
|
||||
`harvest.harvest()` converts it into a plain dict list (`users_list`) which is stored inside the `UsersSnapshot` and ultimately serialized into `state.json`.
|
||||
|
||||
The actual ssh_files are also copied into `artifacts/users/...` as managed files (subject to ignore/exclude policy), and recorded as `ManagedFile` entries.
|
||||
|
||||
### Important semantics:
|
||||
|
||||
- A “human” user is determined by UID_MIN from `/etc/login.defs` (default 1000), and shell not being nologin/false.
|
||||
-
|
||||
- root and nobody are explicitly skipped.
|
||||
Loading…
Add table
Add a link
Reference in a new issue