From 6d066acbb16452e1befc2f384d2f14bab9f54361 Mon Sep 17 00:00:00 2001 From: Christian Glombek Date: Dec 10 2020 17:07:31 +0000 Subject: UsersAndGroups: Use %sysusers_create_compat macro --- diff --git a/guidelines/modules/ROOT/pages/UsersAndGroups.adoc b/guidelines/modules/ROOT/pages/UsersAndGroups.adoc index 44c91aa..7363a31 100644 --- a/guidelines/modules/ROOT/pages/UsersAndGroups.adoc +++ b/guidelines/modules/ROOT/pages/UsersAndGroups.adoc @@ -135,18 +135,35 @@ In these cases, apply only the `+groupadd+` parts of the below recipes. === Dynamic allocation -To create users and groups in packages using dynamic allocation, use the following: - -.... -Requires(pre): shadow-utils -[...] +To create users and groups in packages using dynamic allocation, do the following: + +Create a `.sysusers` file with the user definition and add it to the specfile as a source. +For example for the `munge` package, this file contains: +``` +#Type Name ID GECOS Home directory Shell +u munge - "Runs Uid 'N' Gid Emporium" /run/munge /sbin/nologin +``` + +In the specfile, add a BuildRequires for systemd-rpm-macros, install the sysusers file, + and use the `%sysusers_create_compat` macro to consume it in the `%pre` section +(in this example the sysusers config file is `Source3` of the specfile): +``` +[...] +BuildRequires: systemd-rpm-macros + +[...] +%install +install -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysusersdir}/munge.conf + +[...] %pre -getent group GROUPNAME >/dev/null || groupadd -r GROUPNAME -getent passwd USERNAME >/dev/null || \ - useradd -r -g GROUPNAME -d HOMEDIR -s /sbin/nologin \ - -c "Useful comment about the purpose of this account" USERNAME -exit 0 -.... +%sysusers_create_compat %{SOURCE3} + +[...] +%files +%{_sysusersdir}/munge.conf +[...] +``` === Soft static allocation @@ -168,22 +185,10 @@ or the one used by other distributions). We will try to accommodate on a first-come-first serve basis if the UID/GID is available from within the Fedora system UID/GID range. -To create users and groups in packages, use the following: +To create users and groups in packages with an allocated UID/GID, add a sysusers file +that specifies the ID for the given user and/or group and follow the same steps as in +the dynamic allocation section above. -.... -Requires(pre): shadow-utils -[...] -%pre -getent group GROUPNAME >/dev/null || groupadd -f -g ALLOCATED_GID -r GROUPNAME -if ! getent passwd USERNAME >/dev/null ; then - if ! getent passwd ALLOCATED_UID >/dev/null ; then - useradd -r -u ALLOCATED_UID -g GROUPNAME -d HOMEDIR -s /sbin/nologin -c "Useful comment about the purpose of this account" USERNAME - else - useradd -r -g GROUPNAME -d HOMEDIR -s /sbin/nologin -c "Useful comment about the purpose of this account" USERNAME - fi -fi -exit 0 -.... === Values given to useradd and groupadd