On Thu, Jun 14, 2007 at 01:43:29PM -0400, Simo Sorce wrote:
> So while I think it is possible but rare to find an admin to create a
> directory that conflicts with a package it is instead plausible he find
> a name in the user db that conflicts.
Well, we were talking about split administration where one local admin
is not aware of the user the master admin manages.
And then the same master admin injects amada under
/usr/local/{bin,lib,...} and the local install (of a different
version) calls half under /usr and half under /usr/local (and remember
/usr/local takes precedence).
This scenario is just as plausible as the one with an amanda user (I'd
argue that a master admin centrally installing a backup solution is
far more common than having Amanda Lear with her first name in any
account), still we will not make loops and hardwire /usr everywhere,
the sources, specfiles etc.
> > > I think at least a check to see if the "amanda" user is < 1000 would
> > > make a lot of sense.
> >
> > Then maybe it makes more sense to have "useradd -r" fail when the user
> > is > 500, e.g. outside the desired -r switch instead of obscuring the
> > specfiles with wrappers, scripts, registries and all that. :)
>
> dunno, maybe this is really better, but limiting system user to 500
> could be a problem.
That's a different story, we can't chose that number, that's given by
the FHS.
> To be honest I think the username should always be configurable and
> configuration be made by a config script run by the admin so that the
> admin can take a conscious decision, but we are stuck with the fact that
> rpm "owns" file (-V) and that it can't be interactive.
You mean to choose at installtion time that httpd is not using the
user apache but say Donald? What about all the other packages that
make their bits owned by apache then? How would these packages know
what the base package is using for users and groups?
--
Axel.Thimm at ATrpms.net
Attachment:
pgp5XljQqWQgp.pgp
Description: PGP signature
-- Fedora-packaging mailing list Fedora-packaging@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-packaging
