[Fedora-packaging] packages which add user accounts: is fedora-usermgmt the way?
Ralf Corsepius
rc040203 at freenet.de
Wed Sep 7 05:32:58 UTC 2005
On Wed, 2005-09-07 at 00:29 +0200, Enrico Scholz wrote:
> steve at silug.org (Steven Pritchard) writes:
>
> > My personal feeling (as a sysadmin and a packager) is that doing
> > something like this in %pre (not %post, if you want files owned by
> > the new user) is the Right Thing:
> >
> > %pre
> > if ! id foo > /dev/null 2>&1 ; then
> > /usr/sbin/useradd -r -s /sbin/nologin -c 'BAR' [...] foo
> > fi
>
> This does not solve the problem that users will have different UIDs on
> different machines.
Note the -r. We are talking about system accounts.
I fail to see why system accounts should be shared across networks and
why there is any need to force unique UIDs on them.
IMO, system users must be local, only.
> > And then just *don't touch the account* on removal.
>
> This rule is ok with me.
Not OK with me.
Cf. above.
The only reason for not wanting to remove accounts on package removal to
me is "accounts leaving stray files somewhere".
However, rpms should have always have control over all files it owns.
> > If for some reason useradd will not work, doing this in %pre should
> > make package installation fail, right? Then the sysadmin can go add
> > the user in LDAP/NIS/whatever and reinstall the package.
>
> IMO, managing service-accounts with LDAP/NIS is a bad idea.
ACK.
Ralf
More information about the Fedora-packaging
mailing list