On Wed, Jun 5, 2019 at 3:52 AM Thorsten Kukuk kukuk@suse.com wrote:
Hi,
On Tue, Jun 04, Dusty Mabe wrote:
On 6/3/19 8:27 AM, Neal Gompa wrote:
Also, in general, it seems we really don't have a good way to handle users and groups. I know that there was a proposal from Stephen and Harald[3] that was intended to try to improve this for adding and removing them, but it doesn't really address the problem of giving people a way to have coherent files to look at the whole state.
My thought here was that we could have an SSSD plugin that combines the partial passwd(5), shadow(5), and group(5) files in /usr/share/sysconfig and /etc and spits out "full" transient ones in /run that people can look at. This makes it easier to support stateless systems that are also a mix of local and remote users managed through systems like IdM.
I know Jonathan and Colin have mentioned something called systemd-sysusers a lot when problems around users/groups have come up in Atomic Host/Silverblue/CoreOS Maybe that is the answer. Someone more familiar would have to comment. See:
We did evaluate systemd-sysusers already 3 years ago as solution, but there is one big problem: if files in the RPM are owned by the user, you need to create the user before you are able to install the RPM. But systemd-sysuser only runs at the next boot. So we would need a service, which is running afterwards, to "fix" the ownership of this files. In some cases, this can lead to a deadlock.
So currently we are using systemd-sysusers config file for new users, but have a macro, which creates this accounts based on the sysusers file with help of useradd/groupadd (systemd has far too many dependencies and thus installed too late during an initial install).
I know that this is a bit of an FHS-ish discussion, but I'd like to see us get firmer agreements on what we'd like to do between RH/Fedora CoreOS and openSUSE MicroOS before we go and propose something to be included in the FHS.
We already have the pending /usr/lib/sysimage thing, and I'd like to get a location in place for configuration data too.
Anyway, I'd appreciate it if you took a look into it yourself and let us know what you think!
I'd be interested in other FCOS community member thoughts here. I'd also be interested to know what you think are good next steps for this initiative?
From discussions with the openSUSE community: find a location below /usr for the configuration files. That's the most blocking issue and would allow immeaditly to move first configuration files.
There should be one location everybody is using, so /usr/share is already bad, as this means shareable between different hosts, which is not true for all configuration data. /usr/lib is already overcrowed and with too many things (bug would be acceptable for me, if we decide on one subdirectory, where we move everything). /usr/etc is still a directory used most often today, not only on Linux systems. But quite some people don't like it. So we need something new, where I like from all proposals /usr/sysconfig best.
Else, currently it looks like, as if openSUSE will do it if other distributions join.
I agree about /usr/lib. Moreover, I think /usr/lib has been misused quite a lot for configuration files lately. The idea of a /usr/sysconfig makes a lot more sense to me. For the first time in a while, we're getting a descriptive name for it, and it's easily discoverable.
If I could wave a wand, I'd move all of the stuff we'd been putting in /usr/lib into /usr/sysconfig. :)