On 05/05/2014 03:27 PM, Richard W.M. Jones wrote:
I think it would be better if we could declaratively say which user accounts an RPM needs, and RPM can add or remove users from the system based on this. eg. Apache httpd.spec would contain just: %user apache %group apache
And if we had this, we could apply policy checks, such as ensuring that the user does not already exist as a non-system account.
(This applies to many other current uses of %post, such as enabling services or running ldconfig.)
Indeed. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
