Mailinglist Archive: opensuse-packaging (190 mails)

< Previous Next >
[opensuse-packaging] RFC: package guideline / new system user handling

Hi,

as already announced/discussed two weeks ago on the factory list,
we want to make changes to how system users are created and handled.

The current handling of system accounts on openSUSE is a little bit
"chaotic".
We have aaa_base creating a lot of standard users, but nobody knows
if they are still needed at all. Same for groups. Additional, we have
some accounts, which 99,99% of the users will never need (like uucp),
but will always be created, including the home directories.
And to make the chaos really perfect, we have systemd
(/usr/lib/sysusers.d/basic.conf), which creates system users and groups,
which partly are also part of aaa_base. That's very confusing and error
prune.


I would like to propose the following addition to the "Users and Groups"
section
(https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_Groups):

====
System users, which are used by a variety of applications, by standard
filesystem directories or are standard users which should exist on
every Unix compatible system, should be provided by special RPMs.

This RPMs provides and the user and groups:
```
Provides: user(<name>)
Provides: group(<name>)
```
This RPMs are also responsible to create and provide the home directory.
Applications needing a special system user should require them:
```
Requires(pre): user(<name>)
Requires(pre): group(<name>)
```

With this, the system users will only be created if they are needed.
And an admin can easy find out, if a system user is still required or
can be deleted.

systemd-sysusers (sysusers.d(5)) is used to create this accounts. This
allows to verify how the system account should look like.

An example spec file for the uucp system user should contain the
following lines:
```
Source1: system-user-uucp.conf
BuildRequires: sysuser-tools

%package -n system-user-uucp
Summary: System user and group uucp
%sysusers_requires

%build
%sysusers_generate_pre %{SOURCE1} uucp

%pre -n system-user-uucp -f uucp.pre

%files -n system-user-uucp
%defattr(-,root,root)
%dir %attr(0750,uucp,uucp) %{_sysconfdir}/uucp
```
====

A reference implementation, which I would submit to Factory if approved,
can be found at: https://build.opensuse.org/project/show/home:kukuk:sysusers

Not all system accounts are converted yet, but to start, we don't need
to do that. This will be a moving target, but should be easy and quick
doable for most system user.

Should this replace all usages of useradd? We don't think so. There
is no reason to do so, except one package creates an account a ot of
other packages need, too.

Thanks,
Thorsten

--
Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & CaaSP
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
GF: Felix Imendoerffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nuernberg)
--
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-packaging+owner@xxxxxxxxxxxx

< Previous Next >