| 1 |
We approved GLEP 27 (https://wiki.gentoo.org/wiki/GLEP:27) in 2004 but |
| 2 |
never implemented it. I'm wondering what are the explicit requirements |
| 3 |
that we have for user and group management? |
| 4 |
|
| 5 |
What I'm really wondering is, instead of the proposal in GLEP27, if we |
| 6 |
couldn't simply handle users like any other package. For example, |
| 7 |
net-dns/djbdns needs, |
| 8 |
|
| 9 |
pkg_preinst() { |
| 10 |
# The nofiles group is no longer provided by baselayout. |
| 11 |
# Share it with qmail if possible. |
| 12 |
enewgroup nofiles 200 |
| 13 |
|
| 14 |
enewuser dnscache -1 -1 -1 nofiles |
| 15 |
enewuser dnslog -1 -1 -1 nofiles |
| 16 |
enewuser tinydns -1 -1 -1 nofiles |
| 17 |
} |
| 18 |
|
| 19 |
Instead of that, why couldn't we have something like, |
| 20 |
|
| 21 |
(R)DEPEND="sys-user/dnscache |
| 22 |
sys-user/dnslog |
| 23 |
sys-user/tinydns" |
| 24 |
|
| 25 |
and then in each of those packages, |
| 26 |
|
| 27 |
(R)DEPEND="sys-group/nofiles" |
| 28 |
|
| 29 |
That satisfies most of the requirements that *I* have for user and group |
| 30 |
management on the system. Compared to the GLEP: |
| 31 |
|
| 32 |
* EUSERS + EGROUPS: replaced by (R)DEPEND. |
| 33 |
* Defining Accounts: anyone can add a new package already. |
| 34 |
* FEATURES=noautoaccts: use package.provided instead. |
| 35 |
* Local Overrides: use an overlay. |
| 36 |
* users-update: cleanup can be done with --depclean now. |
| 37 |
|
| 38 |
You don't really have to care what UID/GID is assigned, because each |
| 39 |
user/group will only be created once and referenced by name (as $PN). By |
| 40 |
default, we could pick the first available UID in most packages. |
| 41 |
I haven't thought much about the src_install implementation, but it |
| 42 |
couldn't be *that* hard. Maybe install a $uid file to /var/lib/portage |
| 43 |
somewhere to catch UID conflicts, and keep doing what user.eclass is |
| 44 |
doing otherwise. |
| 45 |
|
| 46 |
There isn't a ton of motivation in that GLEP, so I'm not sure what other |
| 47 |
use cases I might have overlooked. |
Archives