Comment # 1 on bug 1162360 from Michal Suchanek

 %pre
-# the same user is employed by trousers (and was employed by the old
-# resourcemgr shipped with the tpm2-0-tss package):
-#
-# trousers just needs those accounts for dropping privileges to. The service
-# starts as root and uses set*id to drop to tss, after the tpm device has been
-# opened.
-#
-# tpm2-abrmd has no set*id handling and thus requires /dev/tpm to be owned
-# by the tss user. Therefore we also need to install a udev rule file.
-#
-# trousers was here first and created the user like this, also giving it a
-# home in /var/lib/tpm. I don't think the home directory is used by any of
-# both packages ATM. Trousers is keeping state there, but the directory is
-# owned by root and files are opened before dropping privileges. The passwd
-# entry seems not to be evaluated.
-#
-# so I guess we can share the account between the two packages for now.
-%_bindir/getent group tss >/dev/null || %{_sbindir}/groupadd -g 98 tss
-%_bindir/getent passwd tss >/dev/null || \
-       %{_sbindir}/useradd -u 98 -o -g tss -s /bin/false -c "TSS daemon" \
-       -d %{_localstatedir}/lib/tpm tss