On Thu, 2007-06-14 at 10:41 +0200, Ralf Corsepius wrote:
On Wed, 2007-06-13 at 23:45 -0500, Tom "spot" Callaway
wrote:
> I'm not quite sure I'm ready to bring this to the FPC for a vote, but
> I've been working on a modified version of Ville's draft:
>
>
http://fedoraproject.org/wiki/TomCallaway/UsersAndGroupsDraft
>
> While this is more complicated, I think it more adequately covers the
> corner cases of adding users and groups. Thoughts?
I am not convinced by your classification of cases:
<citation>
* The user/group does not exist on the system
* The user/group exists from a previous package creating it
* The user/group is a normal user, overlapping the namespace (e.g.
amanda)
* The user/group is pre-created by the administrator with a
specific UID/GID
<citation/>
IMO, this is only covers small subset of
* user/group does/does not exist on the system
* user/group has a privileged/non-privileged uid/gid
* user/group needs a privileged uid/gid
* user/group needs a fixed/doesn't need a fixed uid/gid
* user/group is meant to be used locally/network-wide
If the user exists, do we care (from a package perspective) what the
UID/GID is? I'd argue that we do not, as long as we can determine
whether we added it in a previous update or it came from some other
source. The user/group registries provide that functionality.
If the user/group needs a privileged UID/GID, the admin should add it in
advance. If the user/group needs a fixed UID/GID, the admin should add
it in advance. If the user/group is meant to be used network-wide, the
admin should add it in advance.
A possible improvement I could see would be to change the tool to ask
pam if the user exists, as opposed to simply looking
in /etc/passwd, /etc/group, as that would better cover network user
conflicts.
~spot