2008/8/4 Ricky Zhou <ricky@xxxxxxxxxxxxxxxxx>: >> Googling for "uid policy fedora -selinux" (or redhat) does not yield >> anything particularly interesting. > Searching around on the wiki, I found the following pages: > http://fedoraproject.org/wiki/Packaging/UsersAndGroups > https://fedoraproject.org/wiki/Packaging/UserCreation > https://fedoraproject.org/wiki/PackageUserRegistry Thanks for the pointers! The docs on fedora-groupadd / useradd seem to be just what I have been looking for. Except that it doesn't seem to work - both on F7 and F9 I get $ cat /etc/fedora/usermgmt/basegid 300 $ sudo /usr/sbin/fedora-groupadd 3 testing ## expecting 303 here - $ grep testing /etc/group testing:x:501: Now, it's a bash script - and it _seems_ to be doing the right thing. Almost. Mostly. See below: $ sudo bash -x /usr/sbin/fedora-groupadd 3 testing + PATH=/usr/bin:/bin:/sbin:/usr/sbin:/usr/local/sbin + BASE_DIR=/etc/fedora/usermgmt + ARGS=("$0" "$@") + test -r /etc/fedora/usermgmt/baseuid ++ cat /etc/fedora/usermgmt/baseuid + BASE_UID=300 + test -r /etc/fedora/usermgmt/basegid ++ cat /etc/fedora/usermgmt/basegid + BASE_GID=300 ++ basename /usr/sbin/fedora-groupadd + skin=fedora-groupadd + skin=groupadd + exec_name= + for i in '"$BASE_DIR/scripts/$skin"' '"$BASE_DIR/$skin"' + test -x /etc/fedora/usermgmt/scripts/groupadd + exec_name=/etc/fedora/usermgmt/scripts/groupadd + break + case $skin in + test 3 '!=' --help + test 2 -ge 2 + validateHint v 300 3 + local tmp + let tmp=31 + test 31 -ne 0 + let tmp=300+3 + test 303 -ge 0 + eval 'v=$tmp' ++ v=303 + shift + set -- 303 testing + log=/etc/fedora/usermgmt/log + test -e /etc/fedora/usermgmt/log -a -L /etc/fedora/usermgmt/log + test -n /etc/fedora/usermgmt/scripts/groupadd + invalidateCache + local rc=0 + return 1 + /etc/fedora/usermgmt/scripts/groupadd 303 testing #### THIS LOOKS CORRECT + rc=0 + invalidateCache + local rc=0 + return 1 + invalidateCache + local rc=0 + return 1 + test 0 -eq 0 + exit 0 and then... hrm... $ sudo bash -x /etc/fedora/usermgmt/scripts/groupadd 303 testing + shift + exec /usr/sbin/groupadd testing The first param to fedora-(user|group)add is supposed to be uid, which should get added do base (g|u)id and should also get prefixed with --uid for useradd and --gid for groupadd. When should the option name be added I am not sure, but it should happen *somewhere*. <curious>Is this toolchain in use? cheers, m -- martin.langhoff@xxxxxxxxx martin@xxxxxxxxxx -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
