On 2022-03-08 17:49:04, Marc Haber wrote:
(1a) would it be necessary to handle --system accounts differently? I
think yes.
I think it would be helpful to define "system account" and "normal user".
Neither adduser(8) nor useradd(8) provide a sufficient definition,
especially wrt the existing network directory services (LDAP, AD, etc).
Is a "system user" supposed to be a local account, defined in /etc/passwd
only?
Related question: How are naming collisions between local entries and
the entries in a network directory service supposed to be handled?
Something like
passwd: files sss
in /etc/nsswitch.conf is not helpful, if a postinst script fails to
create a local account due to the entry it has found in freeipa, for
example. Not to mention that such a service might fail at boot time,
if the directory service is not available (yet).
Regards
Harri
