Re: [Fedora-packaging] packages which add user accounts: is fedora-usermgmt the way?
On Wed, 2005-07-06 at 07:31 -0400, Matthew Miller wrote:
I often upgrade by preserving /home and a few key config files but wiping
the system disk. Much faster than the anaconda upgrade option, with cleaner
results. But if I do that, and the UIDs used by packages at install time
change, there will be mis-owned files on the system.
A system service should NOT have a home directory in /home so all of the
UIG/GID in /home should be above 500.
> For machines that share data, IMHO the proper way is to put all accounts
> with distributed files in a UID management thing like LDAP or NIS. It
As previously mentioned, that's not the right thing for system accounts. For
example, it doesn't help the above situation.
system accounts should not have home directories in /home anyway.
If someone packages a fedora or extras package that uses a system
account and has a directory in /home that is a packaging bug.
But really - just like you need to preserve your ssl keys, a sysadmin
should preserve /etc/passwd and /etc/group. I never personally
save /etc/shadow - I just use the saved /etc/passwd to recreate users
keeping uid/gid the same.