tcallawa(a)redhat.com ("Tom 'spot' Callaway") writes:
> Is there an official policy for what packages that add users for
their
> processes to run as ought to do? I notice the recent clamav package still
> uses fedora-usrmgmt, but I can't find any reference to that in the current
> wiki, and that package still has the obsolete fedora.us wiki as its URL.
>
> What's the Right Thing here?
Good question... IMO, in mid- to longterm, this should be abstracted by
some rpm mechanism. Another question might be whether created users
shall be removed at package removal or not.
It seems like all fedora-usermgmt was doing is as follows:
- Reserve a UID for a package to use.
- Add 30000 to that UID.
Not exactly 30000... but see below.
Why don't we just have packagers request a UID for a package on a
wiki
page, starting at 30012 (fedora.us had 30000 - 30011)? Then, use the
normal tools to create the user.
That's not possible. Only the range 0-99 is reserved for fixed user
ids. All other ranges are free for local uses. For example the range
100-499 mentioned in another posting: every third party package which
adds user, or just a simple 'useradd -r' will assign the next unused
uid in this area. So you can not assign fixed UIDs in this range as it
*will* cause conflicts.
Using another UID range will be similarly; it may be/is possible that
this range is used on some system.
That's why, fedora-usermgmt was written. It creates an UID relative to a
configurable base (the value in /etc/fedora/usermgmt/base[gu]id). How
you fill an entry into this file is your thing... I use cfengine for it
and it works well.
Alternately, we could just keep using fedora-usermgmt. I'd assume
it
made its way into the FE repo, since clamav is using it?
I created it for other packages also. See
http://www.fedora.us/wiki/PackageUserRegistry
for list of packages and
http://www.fedora.us/wiki/PackageUserCreation
http://www.fedora.us/wiki/PackageDynamicUserCreationConsideredBad
for other information about fedora-usermgmt.
Enrico