[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: non fedora-usermgmt user creation



On Tue, 2006-03-07 at 08:35 -0600, Rex Dieter wrote:
> Enrico Scholz wrote:
> > I could create a fedora-usermgmt-devel package shipping
> > /etc/rpm/macros.fedora-usermgmt with the content
> > 
> >               http://ensc.de/fedora/macros.fedora-usermgmt
> > 
> > This should ease the creation of packages supporting both the plain
> > shadow-utils and the fedora-usermgmt methods.
> 
> Something like that would be very beneificial, IMO, and should hopefully 
> satisfy anyone unhappy with the current situation.

If this stuff really must exist in the first place, the above is kind of
a step in the right direction.  However, I'm not at all happy with the
build nor install time dependencies on fedora-usermgmt and I think they
can be easily avoided.

Something like the below should work without any macro magic or unusual
dependencies.  It assumes that fedora-{user,group}add would be modified
to be command line compatible with the normal useradd/groupadd.

    # Note lowest common dependency: no fedora-useradd or mgmt here
    Requires(pre): /usr/sbin/useradd

    %pre
    f=$(test -x /usr/sbin/fedora-useradd && echo fedora-)
    # fedora-useradd transforms 126 to another value according to local 
    # config and then passes the new value with -u to plain useradd, or
    # if fedora-useradd is not installed, we obviously invoke plain
    # useradd directly with -u 126
    /usr/sbin/${f}useradd -r -u 126 ...

The above %pre is a very rarely applicable case for an Extras package
though.  But note that the uid passed to useradd should be one that is
theoretically reasonable even if passed to plain useradd.

A more frequently applicable case would be that there will be semi-fixed
uids/gids when fedora-usermgmt is installed and configured but normal
dynamic ones if not.  There one could use environment variables for
example like FU_[GU]ID_HINT:

    %pre
    f=$(test -x /usr/sbin/fedora-useradd && echo fedora-)
    # fedora-useradd grabs 126 from the environment, transforms it
    # to another value according to local config and calls plain useradd
    # using -u and the new value, or if fedora-useradd is not installed,
    # plain useradd will be invoked without -u
    FU_UID_HINT=126 /usr/sbin/${f}useradd -r ... # no -u in these args

With the above, folks who want the stuff provided by fedora-usermgmt can
just install and configure it before installing other packages and folks
who don't want or don't have it can simply forget about it, both build
and install time.  Something like this is what I'd find acceptable, and
the above examples show that it's not necessarily that intrusive even in
specfiles.

(Use of userdel/groupdel would go the same way but they should still be
banned in packages and left to be handled by local admins, but that's
off topic for this discussion.)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]