On 05/05/2014 03:27 PM, Richard W.M. Jones wrote:
I think it would be better if we could declaratively say which user
accounts an RPM needs, and RPM can add or remove users from the system
based on this. eg. Apache httpd.spec would contain just:
%user apache
%group apache
And if we had this, we could apply policy checks, such as ensuring that
the user does not already exist as a non-system account.
(This applies to many other current uses of %post, such as enabling
services or running ldconfig.)
Indeed.
--
Florian Weimer / Red Hat Product Security Team
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
