Migrate to systemd-sysusers
Currently, packages which add system users call out to useradd (from shadow-utils) in %post. This Change is to use the new systemd-sysusers functionality instead.
- Name: Colin Walters
- Email: email@example.com
- Release notes owner:
- Product: Fedora (all)
- Responsible WG: Fedora Base
- Targeted release: Fedora 22
- Last updated: 2014-07-08
- Tracker bug: None yet
All packages today contain duplicative code to add system users and groups (where applicable) via calls to useradd/groupadd in %post. This Change is to migrate to systemd-sysusers .
Starting with core packages, change them to instead install (usually one) snippet into /usr/lib/sysusers.d, and change their %post to call %sysusers_create.
Benefit to Fedora
The primary benefit is in allowing "factory reset" scenarios, as well as enabling atomic upgrades via mechanisms such as rpm-ostree.
For more details on factory reset, see systemd stateless blog post. With this change for example, it is easier to wipe all system-local changes to /etc.
For more details on atomic upgrades, see this post.
Affects potentially all RPMs that add users or groups.
- Proposal owners:
- Help migrating RPMs and testing systemd-sysusers
- Other developers: N/A
- Release engineering: N/A
- Policies and guidelines: Packaging guidelines should be updated to include recommended syntax
By design, sysusers interoperates with other user/group mechanisms. It has no effect if the user or group already exists.
This may cause issues with live yum upgrades from Fedora 21 if the sysusers functionality changes between 21 and 22. The easy fix for that will be to release an updated systemd in 21.
How To Test
- Install modified RPMs, verify they add the user/group
- Contingency mechanism: (What to do? Who will do it?)
- Back out changes to RPMs.
- Contingency deadline: Beta Freeze
- Blocks release? Yes
- Blocks product? All