On Wed, Aug 20, 2014 at 02:42:27PM +0200, Alain Kalker wrote: > On 08/20/2014 02:04 PM, Alain Kalker wrote: > >Also, why ship the /etc/shadow, /etc/gshadow files at all? > >AFAIK, nothing is supposed to mess with the shadow files anyway, except > >pwconv and grpconv (for initially converting a freshly installed, > >non-shadow system into one using shadow files), after which these files > >should be managed by the shadow system itself, in response to > >adding/removing/changing users and groups using the designated tools. > > From `man pwconv`: > > > Each program acquires the necessary locks before conversion.
Except that sometimes a package installs files owned by a _new_ user. So one
needs some "basic" groups to exist _before_ high-level packages are unpacked.
Shipping these users/groups only in un-shadowed files will lead to pwck/grck
complaints...
HTH,
--
Leonid Isaev
GPG fingerprints: DA92 034D B4A8 EC51 7EA6 20DF 9291 EE8A 043C B8C4
C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
pgpaI_A9p0_qL.pgp
Description: PGP signature
