This article is being considered for deletion! Reason: This is duplication of openSUSE:Packaging_guidelines#Users_and_Groups and doesn't belong into the main name space. Please do not blank, merge, or move this article, or remove this notice. Refer to this article's discussion page and our deletion policy for more information.

Users and groups

Creating users and groups during package install is one of the major parts for packages containing daemons. If you package contains a daemon, consider creating a special user/group running this daemon to improve security.

Specfile snipplets

Creating group during package install =

Requires(Pre): pwdutils
%define        daemon_group bar
Provides:      group(%{daemon_group})
...
%pre
# create daemon group, if not existing
if
    getent group %{daemon_group} >/dev/null
then
    : OK group %{daemon_group} already present
else
    groupadd -r %{daemon_group}  2>/dev/null || :
fi

Creating user during package install

Please note that this example uses a special group that was created before via the snipplet above.

Users should get a home directory with at least read access. Sometimes it makes also sense to use a directory that is writable by the daemon user. This makes debugging easier (think about a "su - $daemon_user").

Requires(Pre): pwdutils
%define        daemon_user foo
Provides:      user(%{daemon_user})
...
%pre
# create daemon user, if not existing
if
    getent passwd %{daemon_user} >/dev/null
then
    : OK user %{daemon_user} already present
else
    useradd  -r -o -g %{daemon_group} -s /bin/false -c "FOO daemon" -d %{_var}/lib/%{name} %{daemon_user} 2> /dev/null || :
fi

List of already used users and groups

A list of currently allowed users and groups in openSUSE Factory can be found inside the "config" file of the package rpmlint.