fedora-atomic discussion point: /usr/lib/passwd

Colin Walters walters at verbum.org
Fri Apr 11 16:09:27 UTC 2014

On Fri, Apr 11, 2014 at 11:33 AM, Martin Langhoff 
<martin.langhoff at gmail.com> wrote:
> If you move in this direction, you have to create files/dirs to be
> owned by the daemon user too.

That's a really good point.  I hadn't thought about that.  Urgh.  The 
way this works in the RPM world is so evil - rpm calls out to 
/usr/sbin/useradd which then modifies /etc/passwd, which rpm then 
reloads and reads, to use as a source for calling chown() for files on 

It theoretically avoids rpm knowing about nss, but in practice it's 
just a very fragile plugin.  If useradd fails for some reason (say 
stale lock file), typically the %post have "|| :" to ignore errors so 
the files end up owned by root...

This does make my plans to support package installation on top of a 
base tree more complex as we really do need NSS in place during tree 
construction.  I'll think about this, but I suspect this may end with 
ostree understanding the NSS configuration.

More information about the devel mailing list