tcallawa@xxxxxxxxxx ("Tom 'spot' Callaway") writes:
>> Is there an official policy for what packages that add users for their
>> processes to run as ought to do? I notice the recent clamav package still
>> uses fedora-usrmgmt, but I can't find any reference to that in the current
>> wiki, and that package still has the obsolete fedora.us wiki as its URL.
>>
>> What's the Right Thing here?
Good question... IMO, in mid- to longterm, this should be abstracted by
some rpm mechanism. Another question might be whether created users
shall be removed at package removal or not.
> It seems like all fedora-usermgmt was doing is as follows:
>
> - Reserve a UID for a package to use.
> - Add 30000 to that UID.
Not exactly 30000... but see below.
> Why don't we just have packagers request a UID for a package on a wiki
> page, starting at 30012 (fedora.us had 30000 - 30011)? Then, use the
> normal tools to create the user.
That's not possible. Only the range 0-99 is reserved for fixed user
ids. All other ranges are free for local uses. For example the range
100-499 mentioned in another posting: every third party package which
adds user, or just a simple 'useradd -r' will assign the next unused
uid in this area. So you can not assign fixed UIDs in this range as it
*will* cause conflicts.
Using another UID range will be similarly; it may be/is possible that
this range is used on some system.
That's why, fedora-usermgmt was written. It creates an UID relative to a
configurable base (the value in /etc/fedora/usermgmt/base[gu]id). How
you fill an entry into this file is your thing... I use cfengine for it
and it works well.
> Alternately, we could just keep using fedora-usermgmt. I'd assume it
> made its way into the FE repo, since clamav is using it?
I created it for other packages also. See
http://www.fedora.us/wiki/PackageUserRegistry
for list of packages and
http://www.fedora.us/wiki/PackageUserCreation
http://www.fedora.us/wiki/PackageDynamicUserCreationConsideredBad
for other information about fedora-usermgmt.
Enrico
Attachment:
pgp7qF9c7FH6G.pgp
Description: PGP signature
-- Fedora-packaging mailing list Fedora-packaging@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-packaging
