1 |
On Fri, 27 Jan 2017 12:54:07 -0500 |
2 |
Michael Orlitzky <mjo@g.o> wrote: |
3 |
|
4 |
> We approved GLEP 27 (https://wiki.gentoo.org/wiki/GLEP:27) in 2004 but |
5 |
> never implemented it. I'm wondering what are the explicit requirements |
6 |
> that we have for user and group management? |
7 |
|
8 |
I don't think GLEP 27 could be really considered approved if it hasn't |
9 |
seen any action for 12 years. |
10 |
|
11 |
> What I'm really wondering is, instead of the proposal in GLEP27, if we |
12 |
> couldn't simply handle users like any other package. For example, |
13 |
> net-dns/djbdns needs, |
14 |
> |
15 |
> pkg_preinst() { |
16 |
> # The nofiles group is no longer provided by baselayout. |
17 |
> # Share it with qmail if possible. |
18 |
> enewgroup nofiles 200 |
19 |
> |
20 |
> enewuser dnscache -1 -1 -1 nofiles |
21 |
> enewuser dnslog -1 -1 -1 nofiles |
22 |
> enewuser tinydns -1 -1 -1 nofiles |
23 |
> } |
24 |
> |
25 |
> Instead of that, why couldn't we have something like, |
26 |
> |
27 |
> (R)DEPEND="sys-user/dnscache |
28 |
> sys-user/dnslog |
29 |
> sys-user/tinydns" |
30 |
> |
31 |
> and then in each of those packages, |
32 |
> |
33 |
> (R)DEPEND="sys-group/nofiles" |
34 |
|
35 |
At a first glance it seems like a lot of effort for a problem that's |
36 |
already well-solved on the eclass level. However, it probably makes |
37 |
sense when you consider users/groups created by multiple packages. |
38 |
|
39 |
> That satisfies most of the requirements that *I* have for user and group |
40 |
> management on the system. Compared to the GLEP: |
41 |
> |
42 |
> * EUSERS + EGROUPS: replaced by (R)DEPEND. |
43 |
> * Defining Accounts: anyone can add a new package already. |
44 |
> * FEATURES=noautoaccts: use package.provided instead. |
45 |
> * Local Overrides: use an overlay. |
46 |
> * users-update: cleanup can be done with --depclean now. |
47 |
|
48 |
Err, cleanup is never easy. You shouldn't really remove a user if it |
49 |
owns any files. I guess you could abuse pkg_prerm() for that but |
50 |
depclean will be terribly slow then. |
51 |
|
52 |
> You don't really have to care what UID/GID is assigned, because each |
53 |
> user/group will only be created once and referenced by name (as $PN). By |
54 |
> default, we could pick the first available UID in most packages. |
55 |
> I haven't thought much about the src_install implementation, but it |
56 |
> couldn't be *that* hard. Maybe install a $uid file to /var/lib/portage |
57 |
> somewhere to catch UID conflicts, and keep doing what user.eclass is |
58 |
> doing otherwise. |
59 |
|
60 |
Let's invent /etc/passwd.d and /etc/group.d ;-P. |
61 |
|
62 |
-- |
63 |
Best regards, |
64 |
Michał Górny |
65 |
<http://dev.gentoo.org/~mgorny/> |