https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format == Summary == Files in sysusers.d format will be used to declare systems users so it will be possible to introspect system users. Users will still be created using old-style useradd calls. == Owner == * Name: [[User:zbyszek| Zbigniew Jędrzejewski-Szmek]] * Email: zbyszek at in waw pl == Detailed Description == Many packages define their own user. Right now, those users are created in %pre by calling getent, useradd, and groupadd ([https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation guidelines]). This will be changed to define users in the [https://www.freedesktop.org/software/systemd/man/sysusers.d.html sysusers.d format]. A macro will be provided to generate a %pre scriptlet that will call useradd and groupadd similarly to the scriptlets that are currently required by the packaging guidelines. In this proposal, systemd-sysusers will not be used to create the user. Using the sysusers.d format makes it easy to switch to systemd-sysusers as the implementation, and to experiment with different way to actually create the users based on the declarative syntax. This approach is heavily based on OpenSUSE's ([https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_Groups guidelines]), but does not use separate rpm packages. I think using a %pre macro is good enough. == Benefit to Fedora == System users are declared by packages using a uniform syntax. The scriptlet part is standardized. Current implementation of creating users and groups is not changed, but may be switched easily in the future. For example, for container images, the macro may be replaced by a noop implementation, and the users created externally without installing the user creation tools in the container. Admins may easily introspect the system user list and which packages require users. Admins may easily override definitions of system users by providing appropriate sysusers.d files with higher priority. The difference between Fedora and other distros like OpenSUSE is reduced. == Scope == * Proposal owners: ** provide the macro and any helper tools ** submit a proposal to FPC ** convert a subset of packages * Other developers: ** FPC: review (and accept ;)) the guidelines changes ** other maintainers: convert other packages * Release engineering: n/a * Policies and guidelines: a pull request will be submitted * Trademark approval: N/A (not needed for this Change) == Upgrade/compatibility impact == None. This change should be backwards and forwards compatible, i.e. unconverted packages can be still installed on new systems, and converted packages can be installed on older systems. == How To Test == This change should be mostly invisible to users. During installation, users should be created as appropriate before packages are installed. For packages that carry files owned by the user, check that the files are created with appropriate ownership by rpm. == User Experience == <code>systemd-analyze cat-config sysusers.d/</code> shows the definitions of system users (incl. local overrides). == Dependencies == N/A == Contingency Plan == * Contingency mechanism: Revert to previous mechanism. This will require a revert of changes to the spec file and a rebuild of the package. * Contingency deadline: beta freeze * Blocks release? No * Blocks product? No == Documentation == TBD. == Release Notes == Not needed. -- Ben Cotton He / Him / His Fedora Program Manager Red Hat TZ=America/Indiana/Indianapolis _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
