[Fedora-packaging] Possible UsersAndGroupsDraft
Tom "spot" Callaway
tcallawa at redhat.com
Thu Jun 14 13:44:35 UTC 2007
On Thu, 2007-06-14 at 10:41 +0200, Ralf Corsepius wrote:
> On Wed, 2007-06-13 at 23:45 -0500, Tom "spot" Callaway wrote:
> > I'm not quite sure I'm ready to bring this to the FPC for a vote, but
> > I've been working on a modified version of Ville's draft:
> >
> > http://fedoraproject.org/wiki/TomCallaway/UsersAndGroupsDraft
> >
> > While this is more complicated, I think it more adequately covers the
> > corner cases of adding users and groups. Thoughts?
>
> I am not convinced by your classification of cases:
> <citation>
> * The user/group does not exist on the system
> * The user/group exists from a previous package creating it
> * The user/group is a normal user, overlapping the namespace (e.g.
> amanda)
> * The user/group is pre-created by the administrator with a
> specific UID/GID
> <citation/>
>
> IMO, this is only covers small subset of
>
> * user/group does/does not exist on the system
> * user/group has a privileged/non-privileged uid/gid
> * user/group needs a privileged uid/gid
> * user/group needs a fixed/doesn't need a fixed uid/gid
> * user/group is meant to be used locally/network-wide
If the user exists, do we care (from a package perspective) what the
UID/GID is? I'd argue that we do not, as long as we can determine
whether we added it in a previous update or it came from some other
source. The user/group registries provide that functionality.
If the user/group needs a privileged UID/GID, the admin should add it in
advance. If the user/group needs a fixed UID/GID, the admin should add
it in advance. If the user/group is meant to be used network-wide, the
admin should add it in advance.
A possible improvement I could see would be to change the tool to ask
pam if the user exists, as opposed to simply looking
in /etc/passwd, /etc/group, as that would better cover network user
conflicts.
~spot
More information about the Fedora-packaging
mailing list