On Wed, Aug 20, 2014 at 02:42:27PM +0200, Alain Kalker wrote:
> On 08/20/2014 02:04 PM, Alain Kalker wrote:
> >Also, why ship the /etc/shadow, /etc/gshadow files at all?
> >AFAIK, nothing is supposed to mess with the shadow files anyway, except
> >pwconv and grpconv (for initially converting a freshly installed,
> >non-shadow system into one using shadow files), after which these files
> >should be managed by the shadow system itself, in response to
> >adding/removing/changing users and groups using the designated tools.
>
> From `man pwconv`:
>
> > Each program acquires the necessary locks before conversion.
Except that sometimes a package installs files owned by a _new_ user. So one
needs some "basic" groups to exist _before_ high-level packages are unpacked.
Shipping these users/groups only in un-shadowed files will lead to pwck/grck
complaints...
HTH,
--
Leonid Isaev
GPG fingerprints: DA92 034D B4A8 EC51 7EA6 20DF 9291 EE8A 043C B8C4
C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
Attachment:
pgpcdvYDSbWe_.pgp
Description: PGP signature
