Re: F39 Change Proposal: LibuserDeprecation (System Wide)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Jun 22, 2023 at 12:33 PM Aoife Moloney <amoloney@xxxxxxxxxx> wrote:

> The main benefit is to decrease the maintenance and packaging work
> on library that does not bring much value while the functionality is
> provided by another components.

On most (all?) Linux distributions, Puppet relies on libuser in order
to manage group membership as an attribute of a group (1), because
historically the shadow-utils package could not.  There are folks who
use Puppet to manage Fedora systems, and pulling the libuser package
will break the ability of Puppet to manage group membership on Fedora.

Background:

libuser provides the ability to intuitively manage local group
membership as an attribute of the group, instead of attributes of
users.

To add a user to a group:

    lgroupmod -M someuser somegroup

To remove a user from a group:

    lgroupmod -m someuser somegroup

For shadow-utils, adding can be achieved with:

    groupmod -a -U someuser somegroup

But groupmod has no ability to remove a user from a group.

Historically, before shadow-utils 4.10, the only way to remove a user
from a group was to use:

    usermod -G groupset someuser

…where groupset was the set of all supplementary groups for the user
but with somegroup removed.  This was racy and error-prone.

For shadow-utils 4.10 or later, usermod has a new -r option, so it is
possible to construct an equivalent:

    usermod -r -G somegroup someuser

While this is a vast improvement, I would argue this option was added
to the wrong utility: groupmod should have the ability to remove a
user from a group, the same as lgroupmod.  It’s also fairly new (RHEL9
still has shadow-utils 4.9, for example).

I don’t disagree with the reasons for wanting to drop libuser; I just
wish that…

  * the shadow-utils package could provide the equivalent
    functionality in a more intuitive way, and…

  * this change could be pushed to at least Fedora 40, to provide more
    time for downstream consumers of libuser to move away from it.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux