recommended procedure to create a user/group during RPM install

14,766

Solution 1

The Fedora Project has a list of best practices.

Basically, the idea is that if a package requires a specific group, user/group management should be handled by the rpm install script using useradd or groupadd and should use getent to determine if the user or group it needs already exists. This allows administrators the flexibility to manage system users/groups, e.g. through directory services like LDAP, that might otherwise be managed by a package. Distributions, on the other hand, should pre-allocate UIDs and GIDs for users and groups that will be created by packages to ensure that, if a user/group is installed by a package and not managed by a local admin, that the UIDs and GIDs are consistent across all systems that are running the same platform.

Solution 2

I realize this is an old question, but I came here trying to find how to create groups in an rpm spec file. Hopefully, the following will be helpful.

To check if if a group exists and see which users are part of it, use

getent group root

for group "root" for example.

I also found the following helpful as a standard way to add groups in an rpm spec file: Creating a user and group within a rpm

in the %pre section [of the rpm spec file] make sure you create the users/groups you need in the right way (see "rpm -q --scripts ..." for examples on how RHEL packages do that, you may or may not want to use "system users" (uid < 500), etc.).

I looked at rtkit for an example

rpm -q --scripts rtkit-0.11-10.fc21.x86_64

preinstall scriptlet (using /bin/sh):
getent group rtkit >/dev/null 2>&1 || groupadd -r -g 172 rtkit
Share:
14,766
davka
Author by

davka

Updated on September 18, 2022

Comments

  • davka
    davka about 1 year

    after trying hard to search for RPM best practices guides and finding virtually none, to my surprise, I resort to the community -

    I need to ensure that some users and groups exist after the installation, and that the users are members of the groups. Are there a recommended procedure(s) for this?

    In the existing rpm spec I see that the required users&groups are removed at the beginning of the %pre script prior to adding them with useradd. I am told that this is a common practice. Why is this? Is it better then testing for user existence with id -u?

    Some of our clients may want to manage their users themselves, so they would create the users before running our rpm. So to sum up all the above, it seems that the best approach is to test for user existence and to create it if does not exist. Any comments on that? Thanks.

    EDIT: RHEL 5.7

    • sunnysideup
      sunnysideup almost 11 years
      What about fedoraproject.org/wiki/Packaging:UsersAndGroups ? It doesn't delete anything
    • davka
      davka almost 11 years
      thanks @Ulrich Dangel, I'll have a look but is cross-platform? I am working on RHEL 5.7
    • slm
      slm almost 11 years
      Yes Fedora, RHEL, and CentOS are all cross platform with each other.