On Fri, 2014-04-11 at 16:09 +0000, Colin Walters wrote: > On Fri, Apr 11, 2014 at 11:33 AM, Martin Langhoff > <martin.langhoff@xxxxxxxxx> wrote: > > > > If you move in this direction, you have to create files/dirs to be > > owned by the daemon user too. > > That's a really good point. I hadn't thought about that. Urgh. The > way this works in the RPM world is so evil - rpm calls out to > /usr/sbin/useradd which then modifies /etc/passwd, which rpm then > reloads and reads, to use as a source for calling chown() for files on > disk. > > It theoretically avoids rpm knowing about nss, but in practice it's > just a very fragile plugin. If useradd fails for some reason (say > stale lock file), typically the %post have "|| :" to ignore errors so > the files end up owned by root... > > This does make my plans to support package installation on top of a > base tree more complex as we really do need NSS in place during tree > construction. I'll think about this, but I suspect this may end with > ostree understanding the NSS configuration. Keep in mind accounts may not even be in /etc/passwd so you definitely want to understand nsswitch.conf Simo. -- Simo Sorce * Red Hat, Inc * New York -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
