Axel Thimm <Axel.Thimm@xxxxxxxxxx> writes: >> Won't work. 'rpm' in RHEL is too old and misses features required by >> fedora-usermgmt. > > what exactly does this tool solve? I require it in the following cases: * lot of servers are sharing a bind-mounted directory with unix(7)-sockets (e.g. sendmail-mta and milter servers); access restrictions are solved best with filesystem permissions and this requires consistent uids in each server * the 'apache-dav' user which writes on an NFS share; NFS4 was promised as a solution years ago but I never got it to run correctly * consistent output in logfiles (e.g. iptables -j LOG --log-uid) * there does not exist a reliable way to add system users manually; nightly 'yum upgrade' can add new users silently and repository can not be queried which/whether users will be added Then, I like it, when: * machines with identical setup are having identical uid <-> user mappings; e.g. two kickstart installations should create the same output but do not have to depend on package order (which might be different due to updated packages) * I do not have to 'chown -R -h' partitions when I reinstall a system Then, 'fedora-usermgmt' was designed in a way which would allow things like adding the new user to an LDAP directory instead into the local /etc/passwd. But this is an exotic feature since system users should not be kept in NIS/LDAP. For FC4/5, some workarounds were added which solved problems with incorrect nscd cache-invalidating. The FC6 version got some enhancements which removed error-prone stuff (e.g. 'test "$1" = 0' checks, correct 'Requires(...):') from the scriptlets which have to be written by the packagers. Same enhancements are making it possible to establish rules like 'do not remove user during uninstallation'. I admit, that rpm should handle user creation completely without manual scripts. But because this thread is about EPEL, this is not an option. > Especially if this defaults to normal useradd -r behaviour (does it > really default to this behaviour?), yes, it does. > which means that it is not really *required*. Is Fedora or ATrpm really *required*? Fact is, 'fedora-usermgmt' solves some of my problems and does not have technical drawbacks. > If it tries to solve the need for *fixed* system uid/gid then we need > to find another solution than a flaotion uid/gid window. I can not imagine which solution this could be. The only available window for fixed system uids (0-99) is nearly full. Rest was/is free for everybody's use and probably every single uid between 100 and 65535 exists on some system. We could have more luck in the upper 2^32 range, but I guess this breaks interaction with other Unixes. Enrico
Attachment:
pgp14CJU0CL2P.pgp
Description: PGP signature
-- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers
-- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
