Tom 'spot' Callaway wrote :
On Tue, 2005-09-06 at 16:52 -0500, Steven Pritchard wrote:
> On Tue, Sep 06, 2005 at 04:39:26PM -0500, Tom 'spot' Callaway wrote:
> > Someone recently pointed out to me the existence of useradd -r and
> > groupadd -r (they're Red Hat added functionality). When used, these
> > commands create the first available UID and GID below UID_MAX and
> > GID_MAX, as defined in /etc/login.defs.
> > This seems to be doing roughly the same thing as fedora-usermgt. Does
> > this seem like an acceptable way to create system user/groups in %post?
> My personal feeling (as a sysadmin and a packager) is that doing
> something like this in %pre (not %post, if you want files owned by the
> new user) is the Right Thing:
> if ! id foo > /dev/null 2>&1 ; then
> /usr/sbin/useradd -r -s /sbin/nologin -c 'BAR' [...] foo
> And then just *don't touch the account* on removal. If this is the
> stated policy, then no sysadmin can be surprised by it. If unused
> accounts bother them, they can do "userdel foo" manually.
> If for some reason useradd will not work, doing this in %pre should
> make package installation fail, right? Then the sysadmin can go add
> the user in LDAP/NIS/whatever and reinstall the package.
> IMHO trying to support anything more elaborate than this is going to
> cause more problems than it solves...
This all seems to make sense to me. Agree or disagree?
I tend to agree, and personally dislike the added complexity of this
fedora-usermgmt that got imported from the fedora.us days. But I also
think that in some cases, fixed uid/gids are best, most importantly when
chances of having files shared across machines are high, like with apache
(uid/gid 48) owned files for instance.
Clean custom Red Hat Linux rpm packages : http://freshrpms.net/
Fedora Core release 4 (Stentz) - Linux kernel 2.6.12-1.1447_FC4
Load : 0.14 0.39 0.21