[Fedora-packaging] packages which add user accounts: is fedora-usermgmt the way?
enrico.scholz at informatik.tu-chemnitz.de
Wed Sep 7 10:21:25 UTC 2005
thias at spam.spam.spam.spam.spam.spam.spam.egg.and.spam.freshrpms.net (Matthias Saou) writes:
>> > It is easy to create users with predictable uids and fedora-usermgmt
>> > offers a simple method doing this.
>> IIUC, fedora-usermgmt looks the ID up on some wiki page somewhere ?
>> So, you need a machine connected to the Internet.
>> I think it's a problem.
>> If you really want a fixed ID, why not hardcode it in the package itself ?
> The fixed id is in the package itself (without the offset), which is why I
> fail to see any reason to add a dependency on some custom user management
> scripts when plain useradd/groupadd is sufficient.
Ok, you could do
| useradd -u $[ $(cat /etc/fedora/usermgmt/baseuid) + 23 ] ...
in every %scriptlet also. But when adding sanity checks and fallback
methods for the traditional 'useradd', this will end in >5 lines of
complex and redundant code in the %scriptlets.
'fedora-usermgmt' provides a high grade of customization: by writing
own backends, e.g. you can calculate the final uid/gid by ldap lookups
(which might be needed in environments with a high uid-dense). Writing
scripts like above restricts you to exactly one configuration scheme.
Using the wrapper method (where fedora-usermgmt is a such one) simplifies
the scriptlets significantly in other aspects also. Currently there are
several methods how to add users. Some people use simple
| useradd ... &>/dev/null || :
| grep '<uid>' /etc/password || useradd ...
| id '<uid>' || useradd ...
Using a wrapper like 'fedora-useradd' can do this steps in a common (and
> There are two mixed discussions here :
> - Should we rely on fedora-usermgmt from fedora.us to manage system users?
I do not insist on this implementation, but IMO it is clean and offers
lot of ways to adapt it to your needs.
> - Should some system users have fixed uid/gid pairs?
At the end, it will not make a difference if these are only 'some' or
'all' system users.
More information about the Fedora-packaging