fedora-atomic discussion point: /usr/lib/passwd
Colin Walters
walters at verbum.org
Fri Apr 11 16:09:27 UTC 2014
On Fri, Apr 11, 2014 at 11:33 AM, Martin Langhoff
<martin.langhoff at gmail.com> wrote:
>
> If you move in this direction, you have to create files/dirs to be
> owned by the daemon user too.
That's a really good point. I hadn't thought about that. Urgh. The
way this works in the RPM world is so evil - rpm calls out to
/usr/sbin/useradd which then modifies /etc/passwd, which rpm then
reloads and reads, to use as a source for calling chown() for files on
disk.
It theoretically avoids rpm knowing about nss, but in practice it's
just a very fragile plugin. If useradd fails for some reason (say
stale lock file), typically the %post have "|| :" to ignore errors so
the files end up owned by root...
This does make my plans to support package installation on top of a
base tree more complex as we really do need NSS in place during tree
construction. I'll think about this, but I suspect this may end with
ostree understanding the NSS configuration.
More information about the devel
mailing list