recommended procedure to create a user/group during RPM install
Solution 1
The Fedora Project has a list of best practices.
Basically, the idea is that if a package requires a specific group, user/group management should be handled by the rpm install script using useradd
or groupadd
and should use getent
to determine if the user or group it needs already exists. This allows administrators the flexibility to manage system users/groups, e.g. through directory services like LDAP, that might otherwise be managed by a package. Distributions, on the other hand, should pre-allocate UIDs and GIDs for users and groups that will be created by packages to ensure that, if a user/group is installed by a package and not managed by a local admin, that the UIDs and GIDs are consistent across all systems that are running the same platform.
Solution 2
I realize this is an old question, but I came here trying to find how to create groups in an rpm spec file. Hopefully, the following will be helpful.
To check if if a group exists and see which users are part of it, use
getent group root
for group "root" for example.
I also found the following helpful as a standard way to add groups in an rpm spec file: Creating a user and group within a rpm
in the %pre section [of the rpm spec file] make sure you create the users/groups you need in the right way (see "rpm -q --scripts ..." for examples on how RHEL packages do that, you may or may not want to use "system users" (uid < 500), etc.).
I looked at rtkit for an example
rpm -q --scripts rtkit-0.11-10.fc21.x86_64
preinstall scriptlet (using /bin/sh):
getent group rtkit >/dev/null 2>&1 || groupadd -r -g 172 rtkit
davka
Updated on September 18, 2022Comments
-
davka about 1 year
after trying hard to search for RPM best practices guides and finding virtually none, to my surprise, I resort to the community -
I need to ensure that some users and groups exist after the installation, and that the users are members of the groups. Are there a recommended procedure(s) for this?
In the existing rpm spec I see that the required users&groups are removed at the beginning of the %pre script prior to adding them with
useradd
. I am told that this is a common practice. Why is this? Is it better then testing for user existence withid -u
?Some of our clients may want to manage their users themselves, so they would create the users before running our rpm. So to sum up all the above, it seems that the best approach is to test for user existence and to create it if does not exist. Any comments on that? Thanks.
EDIT: RHEL 5.7
-
sunnysideup almost 11 yearsWhat about fedoraproject.org/wiki/Packaging:UsersAndGroups ? It doesn't delete anything
-
davka almost 11 yearsthanks @Ulrich Dangel, I'll have a look but is cross-platform? I am working on RHEL 5.7
-
slm almost 11 yearsYes Fedora, RHEL, and CentOS are all cross platform with each other.
-