Hi,
On Tue, Jun 04, Dusty Mabe wrote:
> On 6/3/19 8:27 AM, Neal Gompa wrote:
> > Also, in general, it seems we really don't have a good way to handle
> > users and groups. I know that there was a proposal from Stephen and
> > Harald[3] that was intended to try to improve this for adding and
> > removing them, but it doesn't really address the problem of giving
> > people a way to have coherent files to look at the whole state.
> >
> > My thought here was that we could have an SSSD plugin that combines
> > the partial passwd(5), shadow(5), and group(5) files in
> > /usr/share/sysconfig and /etc and spits out "full" transient ones in
> > /run that people can look at. This makes it easier to support
> > stateless systems that are also a mix of local and remote users
> > managed through systems like IdM.
>
> I know Jonathan and Colin have mentioned something called systemd-sysusers
> a lot when problems around users/groups have come up in Atomic
Host/Silverblue/CoreOS
> Maybe that is the answer. Someone more familiar would have to comment. See:
>
>
https://github.com/projectatomic/rpm-ostree/issues/49
We did evaluate systemd-sysusers already 3 years ago as solution, but
there is one big problem: if files in the RPM are owned by the user,
you need to create the user before you are able to install the RPM.
But systemd-sysuser only runs at the next boot. So we would need a
service, which is running afterwards, to "fix" the ownership of this
files. In some cases, this can lead to a deadlock.
So currently we are using systemd-sysusers config file for new users,
but have a macro, which creates this accounts based on the sysusers
file with help of useradd/groupadd (systemd has far too many dependencies
and thus installed too late during an initial install).
> > I know that this is a bit of an FHS-ish discussion, but I'd like to
> > see us get firmer agreements on what we'd like to do between RH/Fedora
> > CoreOS and openSUSE MicroOS before we go and propose something to be
> > included in the FHS.
> >
> > We already have the pending /usr/lib/sysimage thing, and I'd like to
> > get a location in place for configuration data too.
> >
> > Anyway, I'd appreciate it if you took a look into it yourself and let
> > us know what you think!
>
> I'd be interested in other FCOS community member thoughts here. I'd also
> be interested to know what you think are good next steps for this initiative?
From discussions with the openSUSE community: find a location below /usr
for the configuration files. That's the most blocking issue and would
allow immeaditly to move first configuration files.
There should be one location everybody is using, so /usr/share is already
bad, as this means shareable between different hosts, which is not true
for all configuration data. /usr/lib is already overcrowed and with too many
things (bug would be acceptable for me, if we decide on one subdirectory,
where we move everything). /usr/etc is still a directory used most often
today, not only on Linux systems. But quite some people don't like it.
So we need something new, where I like from all proposals /usr/sysconfig
best.
Else, currently it looks like, as if openSUSE will do it if other
distributions join.
I agree about /usr/lib. Moreover, I think /usr/lib has been misused
quite a lot for configuration files lately. The idea of a
/usr/sysconfig makes a lot more sense to me. For the first time in a
while, we're getting a descriptive name for it, and it's easily
discoverable.
If I could wave a wand, I'd move all of the stuff we'd been putting in
/usr/lib into /usr/sysconfig. :)
--
真実はいつも一つ!/ Always, there's only one truth!