On Tue, 2005-07-19 at 02:26 -0600, Bob Proulx wrote: > Dax Kelson wrote: > > Bob Proulx wrote: > > > if ! grep -q '^myuser:' /etc/group; then > > > groupadd -g 26 myuser 2>/dev/null || true > > > fi > > > if ! grep -q '^myuser:' /etc/passwd; then > > > useradd -u 26 -o -g 26 -c Myuser -d /var/myuser -s /bin/false myuser 2>/dev/null || true > > > fi > > > > A better check that takes into account LDAP/NIS, etc is to use the > > "gentent" command. > > I am thinking that the most portable way would be to actually chgrp > and chown something and create the group and user if it fails. Ugly. When I first started doing the getent checks, I examined many different UNIX flavors from the open source BSDs, to Solaris, HP-UX and several Linux distros going back to 1998. They all had getent. That is portable enough for me. > On at least one of my systems the useradd command fails if the user > exists in NIS/YP regardless of it not existing in /etc/passwd. Probably because useradd is doing the same getpwent/getgrent calls that getent is doing. > Which > I think is not good IMNHO because later if you disable NIS you are > left without a user for the daemon. Arguably this is a problem with > the useradd implementation and not something your package script can > do anything about though. [But it leads me to want to stop nis before > running the test and then enabling it afterward. Not a good idea for > other reasons but I have desired to do it to get the entry in the > /etc/passwd file.] Only root can disable NIS/LDAP. A network failure could make it unavailable as well. As you said, I would argue that this problem space is not something that a RPM script should care about. Dax Kelson Guru Labs
