fedora-atomic discussion point: /usr/lib/passwd
simo at redhat.com
Fri Apr 11 16:23:38 UTC 2014
On Fri, 2014-04-11 at 16:09 +0000, Colin Walters wrote:
> On Fri, Apr 11, 2014 at 11:33 AM, Martin Langhoff
> <martin.langhoff at gmail.com> wrote:
> > If you move in this direction, you have to create files/dirs to be
> > owned by the daemon user too.
> That's a really good point. I hadn't thought about that. Urgh. The
> way this works in the RPM world is so evil - rpm calls out to
> /usr/sbin/useradd which then modifies /etc/passwd, which rpm then
> reloads and reads, to use as a source for calling chown() for files on
> It theoretically avoids rpm knowing about nss, but in practice it's
> just a very fragile plugin. If useradd fails for some reason (say
> stale lock file), typically the %post have "|| :" to ignore errors so
> the files end up owned by root...
> This does make my plans to support package installation on top of a
> base tree more complex as we really do need NSS in place during tree
> construction. I'll think about this, but I suspect this may end with
> ostree understanding the NSS configuration.
Keep in mind accounts may not even be in /etc/passwd so you definitely
want to understand nsswitch.conf
Simo Sorce * Red Hat, Inc * New York
More information about the devel