| 1 |
On Fri, 27 Jan 2017 12:54:07 -0500 |
| 2 |
Michael Orlitzky <mjo@g.o> wrote: |
| 3 |
|
| 4 |
> We approved GLEP 27 (https://wiki.gentoo.org/wiki/GLEP:27) in 2004 but |
| 5 |
> never implemented it. I'm wondering what are the explicit requirements |
| 6 |
> that we have for user and group management? |
| 7 |
|
| 8 |
I don't think GLEP 27 could be really considered approved if it hasn't |
| 9 |
seen any action for 12 years. |
| 10 |
|
| 11 |
> What I'm really wondering is, instead of the proposal in GLEP27, if we |
| 12 |
> couldn't simply handle users like any other package. For example, |
| 13 |
> net-dns/djbdns needs, |
| 14 |
> |
| 15 |
> pkg_preinst() { |
| 16 |
> # The nofiles group is no longer provided by baselayout. |
| 17 |
> # Share it with qmail if possible. |
| 18 |
> enewgroup nofiles 200 |
| 19 |
> |
| 20 |
> enewuser dnscache -1 -1 -1 nofiles |
| 21 |
> enewuser dnslog -1 -1 -1 nofiles |
| 22 |
> enewuser tinydns -1 -1 -1 nofiles |
| 23 |
> } |
| 24 |
> |
| 25 |
> Instead of that, why couldn't we have something like, |
| 26 |
> |
| 27 |
> (R)DEPEND="sys-user/dnscache |
| 28 |
> sys-user/dnslog |
| 29 |
> sys-user/tinydns" |
| 30 |
> |
| 31 |
> and then in each of those packages, |
| 32 |
> |
| 33 |
> (R)DEPEND="sys-group/nofiles" |
| 34 |
|
| 35 |
At a first glance it seems like a lot of effort for a problem that's |
| 36 |
already well-solved on the eclass level. However, it probably makes |
| 37 |
sense when you consider users/groups created by multiple packages. |
| 38 |
|
| 39 |
> That satisfies most of the requirements that *I* have for user and group |
| 40 |
> management on the system. Compared to the GLEP: |
| 41 |
> |
| 42 |
> * EUSERS + EGROUPS: replaced by (R)DEPEND. |
| 43 |
> * Defining Accounts: anyone can add a new package already. |
| 44 |
> * FEATURES=noautoaccts: use package.provided instead. |
| 45 |
> * Local Overrides: use an overlay. |
| 46 |
> * users-update: cleanup can be done with --depclean now. |
| 47 |
|
| 48 |
Err, cleanup is never easy. You shouldn't really remove a user if it |
| 49 |
owns any files. I guess you could abuse pkg_prerm() for that but |
| 50 |
depclean will be terribly slow then. |
| 51 |
|
| 52 |
> You don't really have to care what UID/GID is assigned, because each |
| 53 |
> user/group will only be created once and referenced by name (as $PN). By |
| 54 |
> default, we could pick the first available UID in most packages. |
| 55 |
> I haven't thought much about the src_install implementation, but it |
| 56 |
> couldn't be *that* hard. Maybe install a $uid file to /var/lib/portage |
| 57 |
> somewhere to catch UID conflicts, and keep doing what user.eclass is |
| 58 |
> doing otherwise. |
| 59 |
|
| 60 |
Let's invent /etc/passwd.d and /etc/group.d ;-P. |
| 61 |
|
| 62 |
-- |
| 63 |
Best regards, |
| 64 |
Michał Górny |
| 65 |
<http://dev.gentoo.org/~mgorny/> |
Archives