On Tue, 2005-09-06 at 16:52 -0500, Steven Pritchard wrote:
On Tue, Sep 06, 2005 at 04:39:26PM -0500, Tom 'spot' Callaway
> Someone recently pointed out to me the existence of useradd -r and
> groupadd -r (they're Red Hat added functionality). When used, these
> commands create the first available UID and GID below UID_MAX and
> GID_MAX, as defined in /etc/login.defs.
> This seems to be doing roughly the same thing as fedora-usermgt. Does
> this seem like an acceptable way to create system user/groups in %post?
My personal feeling (as a sysadmin and a packager) is that doing
something like this in %pre (not %post, if you want files owned by the
new user) is the Right Thing:
if ! id foo > /dev/null 2>&1 ; then
/usr/sbin/useradd -r -s /sbin/nologin -c 'BAR' [...] foo
And then just *don't touch the account* on removal. If this is the
stated policy, then no sysadmin can be surprised by it. If unused
accounts bother them, they can do "userdel foo" manually.
If for some reason useradd will not work, doing this in %pre should
make package installation fail, right? Then the sysadmin can go add
the user in LDAP/NIS/whatever and reinstall the package.
IMHO trying to support anything more elaborate than this is going to
cause more problems than it solves...
This all seems to make sense to me. Agree or disagree?
Tom "spot" Callaway: Red Hat Senior Sales Engineer || GPG ID: 93054260
Fedora Extras Steering Committee Member (RPM Standards and Practices)
Aurora Linux Project Leader: http://auroralinux.org
Lemurs, llamas, and sparcs, oh my!