fedora-atomic discussion point: /usr/lib/passwd
Florian Weimer
fweimer at redhat.com
Mon May 5 13:30:35 UTC 2014
On 05/05/2014 03:27 PM, Richard W.M. Jones wrote:
> I think it would be better if we could declaratively say which user
> accounts an RPM needs, and RPM can add or remove users from the system
> based on this. eg. Apache httpd.spec would contain just:
>
> %user apache
> %group apache
And if we had this, we could apply policy checks, such as ensuring that
the user does not already exist as a non-system account.
> (This applies to many other current uses of %post, such as enabling
> services or running ldconfig.)
Indeed.
--
Florian Weimer / Red Hat Product Security Team
More information about the devel
mailing list