On Tue, Sep 06, 2005 at 04:39:26PM -0500, Tom 'spot' Callaway wrote:
Someone recently pointed out to me the existence of useradd -r and
groupadd -r (they're Red Hat added functionality). When used, these
commands create the first available UID and GID below UID_MAX and
GID_MAX, as defined in /etc/login.defs.
This seems to be doing roughly the same thing as fedora-usermgt. Does
this seem like an acceptable way to create system user/groups in %post?
My personal feeling (as a sysadmin and a packager) is that doing
something like this in %pre (not %post, if you want files owned by the
new user) is the Right Thing:
if ! id foo > /dev/null 2>&1 ; then
/usr/sbin/useradd -r -s /sbin/nologin -c 'BAR' [...] foo
And then just *don't touch the account* on removal. If this is the
stated policy, then no sysadmin can be surprised by it. If unused
accounts bother them, they can do "userdel foo" manually.
If for some reason useradd will not work, doing this in %pre should
make package installation fail, right? Then the sysadmin can go add
the user in LDAP/NIS/whatever and reinstall the package.
IMHO trying to support anything more elaborate than this is going to
cause more problems than it solves...
Steven Pritchard - K&S Pritchard Enterprises, Inc.
Email: steve(a)kspei.com http://www.kspei.com/
Phone: (618)398-3000 Mobile: (618)567-7320