fedora-atomic discussion point: /usr/lib/passwd

Simo Sorce simo at redhat.com
Fri Apr 11 16:23:38 UTC 2014


On Fri, 2014-04-11 at 16:09 +0000, Colin Walters wrote:
> On Fri, Apr 11, 2014 at 11:33 AM, Martin Langhoff 
> <martin.langhoff at gmail.com> wrote:
> > 
> > If you move in this direction, you have to create files/dirs to be
> > owned by the daemon user too.
> 
> That's a really good point.  I hadn't thought about that.  Urgh.  The 
> way this works in the RPM world is so evil - rpm calls out to 
> /usr/sbin/useradd which then modifies /etc/passwd, which rpm then 
> reloads and reads, to use as a source for calling chown() for files on 
> disk.
> 
> It theoretically avoids rpm knowing about nss, but in practice it's 
> just a very fragile plugin.  If useradd fails for some reason (say 
> stale lock file), typically the %post have "|| :" to ignore errors so 
> the files end up owned by root...
> 
> This does make my plans to support package installation on top of a 
> base tree more complex as we really do need NSS in place during tree 
> construction.  I'll think about this, but I suspect this may end with 
> ostree understanding the NSS configuration.

Keep in mind accounts may not even be in /etc/passwd so you definitely
want to understand nsswitch.conf

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York



More information about the devel mailing list