#981 UsersAndGroups: Use %sysusers_create_compat macro
Opened 2 months ago by lorbus. Modified 2 months ago
lorbus/packaging-committee sysusers-compat  into  master

@@ -1,3 +1,5 @@ 

+ = Users and Groups

+ 

  This guideline is for packaging cases

  that require creation of users and groups.

  

@@ -133,18 +135,31 @@ 

  

  === Dynamic allocation

  

- To create users and groups in packages using dynamic allocation, use the following:

+ To create users and groups in packages using dynamic allocation, do the following:

+ 

+ Create a `<package-name>.sysusers` file with the user definition and add it to the specfile as a source.

+ For example for the `munge` package, this file contains:

+ ```

+ #Type Name   ID  GECOS                        Home directory  Shell

+ u     munge  -   "Runs Uid 'N' Gid Emporium"  /run/munge      /sbin/nologin

+ ```

+ 

+ In the specfile, install the sysusers file and use the `%sysusers_create_compat` macro to consume it in the `%pre` section

+ (in this example the sysusers file is `Source3` of the specfile):

+ ```

+ [...]

+ %install

+ install -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysusersdir}/munge.conf

  

- ....

- Requires(pre): shadow-utils

- [...] 

+ [...]

  %pre

- getent group GROUPNAME >/dev/null || groupadd -r GROUPNAME

- getent passwd USERNAME >/dev/null || \

-     useradd -r -g GROUPNAME -d HOMEDIR -s /sbin/nologin \

-     -c "Useful comment about the purpose of this account" USERNAME

- exit 0

- ....

+ %sysusers_create_compat %{SOURCE3}

+ 

+ [...]

+ %files

+ %{_sysusersdir}/munge.conf

+ [...]

+ ```

  

  === Soft static allocation

  

@@ -166,22 +181,10 @@ 

  We will try to accommodate on a first-come-first serve basis

  if the UID/GID is available from within the Fedora system UID/GID range.

  

- To create users and groups in packages, use the following:

+ To create users and groups in packages with an allocated UID/GID, add a sysusers file

+ that specifies the ID for the given user and/or group and follow the same steps as in

+ the dynamic allocation section above.

  

- ....

- Requires(pre): shadow-utils

- [...] 

- %pre

- getent group GROUPNAME >/dev/null || groupadd -f -g ALLOCATED_GID -r GROUPNAME

- if ! getent passwd USERNAME >/dev/null ; then

-     if ! getent passwd ALLOCATED_UID >/dev/null ; then

-       useradd -r -u ALLOCATED_UID -g GROUPNAME -d HOMEDIR -s /sbin/nologin -c "Useful comment about the purpose of this account" USERNAME

-     else

-       useradd -r -g GROUPNAME -d HOMEDIR -s /sbin/nologin -c "Useful comment about the purpose of this account" USERNAME

-     fi

- fi

- exit 0

- ....

  

  === Values given to useradd and groupadd

  

Update the guidelines to account for the recent addition of the %sysusers_create_compat macro which should now be used everywhere

Metadata