| 1 |
On 12/26/19 9:41 AM, Thomas Deutschmann wrote: |
| 2 |
> |
| 3 |
> which would remove nginx from myapp group to match ACCT_USER_GROUPS set |
| 4 |
> in acct-*/nginx ebuild which would break my application server. Does |
| 5 |
> that really happen? |
| 6 |
|
| 7 |
Yes; if we want to be able to add/remove groups in acct-user ebuilds, |
| 8 |
then that's the only possible thing it could do. |
| 9 |
|
| 10 |
|
| 11 |
> And would I really have to create my own acct-*/nginx user+group ebuild |
| 12 |
> to mirror my myapp use case? In other words: Thanks to GLEP 81, in |
| 13 |
> Gentoo, you can no longer use known default Linux utilities like usermod |
| 14 |
> to maintain your system and make changes to users/groups created by |
| 15 |
> packages, instead you will always have to 'fork' involved acct-*/<user> |
| 16 |
> package and adjust for your needs? |
| 17 |
|
| 18 |
That's right, but you're making it sound worse than it is. You also |
| 19 |
cannot use known default tools like rm, mv, cp, and your text editor to |
| 20 |
change things installed by system packages, because those changes will |
| 21 |
get overwritten the next time that the package is upgraded or |
| 22 |
reinstalled. Now user/group management works the same way. |
| 23 |
|
| 24 |
If you want to change something that belongs to the system, you override |
| 25 |
and tweak the package that installs it. It's consistent, and you don't |
| 26 |
have to tell people to install puppet/salt/etc. as a special case just |
| 27 |
to make users work like everything else. Those were always band-aids for |
| 28 |
the lack of a better way to do it. |
| 29 |
|
| 30 |
|
| 31 |
> |
| 32 |
> Things like |
| 33 |
> |
| 34 |
> https://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html |
| 35 |
> https://docs.ansible.com/ansible/latest/modules/user_module.html |
| 36 |
> |
| 37 |
> which are commonly used to apply configurations can't be used anymore?! |
| 38 |
|
| 39 |
You don't need them any more, there's a better way to do it. |
| 40 |
|
| 41 |
|
| 42 |
> Which will become funny if you are maintaining multiple systems: On one |
| 43 |
> system you have said "myapp", but on another system you would have a |
| 44 |
> second application named "myapp2". So you cannot even share repositories |
| 45 |
> between your systems anymore or would have to ensure somehow that system |
| 46 |
> A which acts as application server for "myapp" will only get |
| 47 |
> acct-*/<user>-<numeric-identifier-for-myapp-cfg> and system B which will |
| 48 |
> act as application server for "myapp2" will get |
| 49 |
> acct-*/<user>-<numerc-identifier-for-another-myapp2-cfg> instead?! Not |
| 50 |
> to mention what will happen if you get a third system which will be able |
| 51 |
> to run multiple nginx instances, one for myapp and one for myapp2... ;] |
| 52 |
|
| 53 |
I don't completely understand your example, but it doesn't sound like |
| 54 |
something that should be particularly hard. Can you elaborate before I |
| 55 |
stick my foot in my mouth? |
Archives