Tom 'spot' Callaway wrote : > On Tue, 2005-09-06 at 16:52 -0500, Steven Pritchard wrote: > > On Tue, Sep 06, 2005 at 04:39:26PM -0500, Tom 'spot' Callaway wrote: > > > Someone recently pointed out to me the existence of useradd -r and > > > groupadd -r (they're Red Hat added functionality). When used, these > > > commands create the first available UID and GID below UID_MAX and > > > GID_MAX, as defined in /etc/login.defs. > > > > > > This seems to be doing roughly the same thing as fedora-usermgt. Does > > > this seem like an acceptable way to create system user/groups in %post? > > > > My personal feeling (as a sysadmin and a packager) is that doing > > something like this in %pre (not %post, if you want files owned by the > > new user) is the Right Thing: > > > > %pre > > if ! id foo > /dev/null 2>&1 ; then > > /usr/sbin/useradd -r -s /sbin/nologin -c 'BAR' [...] foo > > fi > > > > And then just *don't touch the account* on removal. If this is the > > stated policy, then no sysadmin can be surprised by it. If unused > > accounts bother them, they can do "userdel foo" manually. > > > > If for some reason useradd will not work, doing this in %pre should > > make package installation fail, right? Then the sysadmin can go add > > the user in LDAP/NIS/whatever and reinstall the package. > > > > IMHO trying to support anything more elaborate than this is going to > > cause more problems than it solves... > > This all seems to make sense to me. Agree or disagree? I tend to agree, and personally dislike the added complexity of this fedora-usermgmt that got imported from the fedora.us days. But I also think that in some cases, fixed uid/gids are best, most importantly when chances of having files shared across machines are high, like with apache (uid/gid 48) owned files for instance. Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora Core release 4 (Stentz) - Linux kernel 2.6.12-1.1447_FC4 Load : 0.14 0.39 0.21 -- Fedora-packaging mailing list Fedora-packaging@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-packaging
