1 |
On Sun, Jan 3, 2021 at 8:35 PM Thomas Deutschmann <whissi@g.o> wrote: |
2 |
> |
3 |
> Modifying an existing user is a bad default and makes Gentoo |
4 |
> special because it is common for system administrators to make |
5 |
> modifications to user (i.e. putting an user into another service's |
6 |
> group to allow that user to access service in question) and it |
7 |
> would be unexpected to see these changes reverted during normal |
8 |
> world upgrade (which could break services). |
9 |
> |
10 |
> This commit will make Gentoo behave like any other Linux distribution |
11 |
> by respecting any user modifications by default. However, we will retain |
12 |
> the functionality to reset system user and groups and users interested |
13 |
> in this feature can opt-in by setting |
14 |
> ACCT_USER_ALLOW_EXISTING_USER_TO_BE_MODIFIED to a non-zero value in |
15 |
> their make.conf. |
16 |
|
17 |
So the main problem I see with doing this is that it becomes |
18 |
impossible to reliably make changes to a user in later ebuild |
19 |
revisions. Developers may want/need to deploy changes to user |
20 |
attributes. Changing group memberships seems like the best example, |
21 |
but I could foresee a want/need to change DESCRIPTION, HOME, or SHELL |
22 |
as well. |
23 |
|
24 |
Because of this, I think the new behavior should be opt-in, and people |
25 |
who use it should be aware that they will need to pay attention if any |
26 |
account changes are rolled out in new ebuild versions. |
27 |
|
28 |
> diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass |
29 |
> index 22b0038fbff7..d60b1e53b4bb 100644 |
30 |
> --- a/eclass/acct-user.eclass |
31 |
> +++ b/eclass/acct-user.eclass |
32 |
> @@ -309,6 +321,20 @@ acct-user_pkg_pretend() { |
33 |
> fi |
34 |
> } |
35 |
> |
36 |
> +# @FUNCTION: acct-user_pkg_setup |
37 |
> +# @DESCRIPTION: |
38 |
> +# Initialize internal environment variable(s). |
39 |
> +acct-user_pkg_setup() { |
40 |
> + debug-print-function ${FUNCNAME} "${@}" |
41 |
> + |
42 |
> + # check if user already exists |
43 |
> + ACCT_USER_ALREADY_EXISTS= |
44 |
> + if [[ -n $(egetent passwd "${ACCT_USER_NAME}") ]]; then |
45 |
> + ACCT_USER_ALREADY_EXISTS=yes |
46 |
> + fi |
47 |
> + readonly ACCT_USER_ALREADY_EXISTS |
48 |
> +} |
49 |
|
50 |
I don't think this pkg_setup function is necessary; you could do this |
51 |
in pkg_preinst instead, before enewuser gets called. |