On Wed, 2005-09-07 at 00:29 +0200, Enrico Scholz wrote:
steve(a)silug.org (Steven Pritchard) writes:
> My personal feeling (as a sysadmin and a packager) is that doing
> something like this in %pre (not %post, if you want files owned by
> the new user) is the Right Thing:
> if ! id foo > /dev/null 2>&1 ; then
> /usr/sbin/useradd -r -s /sbin/nologin -c 'BAR' [...] foo
This does not solve the problem that users will have different UIDs on
Note the -r. We are talking about system accounts.
I fail to see why system accounts should be shared across networks and
why there is any need to force unique UIDs on them.
IMO, system users must be local, only.
> And then just *don't touch the account* on removal.
This rule is ok with me.
Not OK with me.
The only reason for not wanting to remove accounts on package removal to
me is "accounts leaving stray files somewhere".
However, rpms should have always have control over all files it owns.
> If for some reason useradd will not work, doing this in %pre
> make package installation fail, right? Then the sysadmin can go add
> the user in LDAP/NIS/whatever and reinstall the package.
IMO, managing service-accounts with LDAP/NIS is a bad idea.