On Wed, Aug 20, 2014 at 02:42:27PM +0200, Alain Kalker wrote:
> On 08/20/2014 02:04 PM, Alain Kalker wrote:
> >Also, why ship the /etc/shadow, /etc/gshadow files at all?
> >AFAIK, nothing is supposed to mess with the shadow files anyway, except
> >pwconv and grpconv (for initially converting a freshly installed,
> >non-shadow system into one using shadow files), after which these files
> >should be managed by the shadow system itself, in response to
> >adding/removing/changing users and groups using the designated tools.
> 
> From `man pwconv`:
> 
> > Each program acquires the necessary locks before conversion.

Except that sometimes a package installs files owned by a _new_ user. So one
needs some "basic" groups to exist _before_ high-level packages are unpacked.

Shipping these users/groups only in un-shadowed files will lead to pwck/grck
complaints...

HTH,
-- 
Leonid Isaev
GPG fingerprints: DA92 034D B4A8 EC51 7EA6  20DF 9291 EE8A 043C B8C4
                  C0DF 20D0 C075 C3F1 E1BE  775A A7AE F6CB 164B 5A6D

Attachment: pgpaI_A9p0_qL.pgp
Description: PGP signature

Reply via email to