[Fedora-packaging] Re: Second user/group handling draft

Axel Thimm Axel.Thimm at ATrpms.net
Sat May 12 11:03:28 UTC 2007


On Sat, May 12, 2007 at 12:52:05PM +0300, Ville Skyttä wrote:
> On Saturday 12 May 2007, Axel Thimm wrote:
> > On Sat, May 12, 2007 at 12:18:09PM +0300, Ville Skyttä wrote:
> > > On Friday 11 May 2007, Axel Thimm wrote:
> > > >   "If you think that your package really requires allocation of global
> > > >   static uids/gids (because you need to hardwire these values into the
> > > >   binaries) then contact <the maintainer of "setup"? the fpc? fesco?>
> > > >   and ask for such an allocation. Only very few packages require a
> > > >   global static uid/gid, so verify that you indeed need one before
> > > >   contacting <>".
> > >
> > > Adding users/groups to the "setup" package in the distro is an upgrade
> > > problem - /etc/passwd and friends will end up as *.rpmnew
> [...]
> > We wouldn't change anything in today's procedures, we're just writing
> > them down.
> 
> Note that your phrasing above mentions contacting the maintainer of the setup 
> package.  This implies to me as if adding users/groups to the distro setup 
> package would be a possibility.  That's certainly not today's procedure - 
> there has been no user additions to /etc/passwd since RHL 6.2 (maybe even 
> earlier?), and only the "lock" group was added to /etc/group in 7.2, 
> otherwise no new groups in it since RHL 6.2 either.

Yes, you are right, but still passwd changed as well for other reasons
like the passwd field of root or home of news. So while this package
is being held rather stable (and it will continue to, we are
discouraging static uids if there is not a real need for one) there
are changes made to the files of this package.

OTOH the content of passwd are *always* modified in post install (all
passwd fields are x'd), so you never get a passwd upgrade, which is a
really bad mechanism of the "setup" package, IMHO.

Can we assume that the uid/gids < 100 were always considered sacred to
the users, e.g. only to be set/modified by the vendor and not misused
for local purposes? In other words, can we assume that these uid/gid
are under the authority of the "setup" package?

If we can answer this with yes (which IMHO we should), then we can
have "setup" upgrade passwd/group by removing all uid/gid < 100 in the
files found on the system and insert its fresh ones. This would not
only solve the issues at hand, but is an important mechanism to have
in place for the "setup" package in general.
-- 
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/packaging/attachments/20070512/27158ea7/attachment.bin 


More information about the packaging mailing list