Add Technical_Decomp_Accounts
parent
f669d3c6b9
commit
9a6ba651c5
1 changed files with 27 additions and 0 deletions
27
Technical_Decomp_Accounts.md
Normal file
27
Technical_Decomp_Accounts.md
Normal file
|
|
@ -0,0 +1,27 @@
|
||||||
|
## enroll/accounts.py
|
||||||
|
|
||||||
|
### UserRecord (dataclass)
|
||||||
|
|
||||||
|
Purpose: represents one “human” (non-system) user found on the machine.
|
||||||
|
|
||||||
|
Fields:
|
||||||
|
|
||||||
|
- name, uid, gid, gecos, home, shell: parsed from /etc/passwd
|
||||||
|
- primary_group: resolved from /etc/group by matching the user’s primary gid
|
||||||
|
- supplementary_groups: any other groups where the user appears in the group member list
|
||||||
|
- ssh_files: list of safe-to-copy SSH public material, currently only:
|
||||||
|
- ~/.ssh/authorized_keys if it exists and isn’t a symlink
|
||||||
|
|
||||||
|
### Lifecycle / where it’s used:
|
||||||
|
|
||||||
|
Constructed in `collect_non_system_users()`.
|
||||||
|
|
||||||
|
`harvest.harvest()` converts it into a plain dict list (`users_list`) which is stored inside the `UsersSnapshot` and ultimately serialized into `state.json`.
|
||||||
|
|
||||||
|
The actual ssh_files are also copied into `artifacts/users/...` as managed files (subject to ignore/exclude policy), and recorded as `ManagedFile` entries.
|
||||||
|
|
||||||
|
### Important semantics:
|
||||||
|
|
||||||
|
- A “human” user is determined by UID_MIN from `/etc/login.defs` (default 1000), and shell not being nologin/false.
|
||||||
|
-
|
||||||
|
- root and nobody are explicitly skipped.
|
||||||
Loading…
Add table
Add a link
Reference in a new issue