Gentoo Archives: gentoo-dev

From: Michael Orlitzky <mjo@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] [PATCH 2/4] acct-user/jenkins: Add jenkins user, UID 473
Date: Thu, 26 Dec 2019 15:28:22
In Reply to: Re: [gentoo-dev] [PATCH 2/4] acct-user/jenkins: Add jenkins user, UID 473 by Thomas Deutschmann
1 On 12/26/19 9:41 AM, Thomas Deutschmann wrote:
2 >
3 > which would remove nginx from myapp group to match ACCT_USER_GROUPS set
4 > in acct-*/nginx ebuild which would break my application server. Does
5 > that really happen?
7 Yes; if we want to be able to add/remove groups in acct-user ebuilds,
8 then that's the only possible thing it could do.
11 > And would I really have to create my own acct-*/nginx user+group ebuild
12 > to mirror my myapp use case? In other words: Thanks to GLEP 81, in
13 > Gentoo, you can no longer use known default Linux utilities like usermod
14 > to maintain your system and make changes to users/groups created by
15 > packages, instead you will always have to 'fork' involved acct-*/<user>
16 > package and adjust for your needs?
18 That's right, but you're making it sound worse than it is. You also
19 cannot use known default tools like rm, mv, cp, and your text editor to
20 change things installed by system packages, because those changes will
21 get overwritten the next time that the package is upgraded or
22 reinstalled. Now user/group management works the same way.
24 If you want to change something that belongs to the system, you override
25 and tweak the package that installs it. It's consistent, and you don't
26 have to tell people to install puppet/salt/etc. as a special case just
27 to make users work like everything else. Those were always band-aids for
28 the lack of a better way to do it.
31 >
32 > Things like
33 >
34 >
35 >
36 >
37 > which are commonly used to apply configurations can't be used anymore?!
39 You don't need them any more, there's a better way to do it.
42 > Which will become funny if you are maintaining multiple systems: On one
43 > system you have said "myapp", but on another system you would have a
44 > second application named "myapp2". So you cannot even share repositories
45 > between your systems anymore or would have to ensure somehow that system
46 > A which acts as application server for "myapp" will only get
47 > acct-*/<user>-<numeric-identifier-for-myapp-cfg> and system B which will
48 > act as application server for "myapp2" will get
49 > acct-*/<user>-<numerc-identifier-for-another-myapp2-cfg> instead?! Not
50 > to mention what will happen if you get a third system which will be able
51 > to run multiple nginx instances, one for myapp and one for myapp2... ;]
53 I don't completely understand your example, but it doesn't sound like
54 something that should be particularly hard. Can you elaborate before I
55 stick my foot in my mouth?


Subject Author
Re: [gentoo-dev] [PATCH 2/4] acct-user/jenkins: Add jenkins user, UID 473 Thomas Deutschmann <whissi@g.o>