SPECS: mysqlstat.spec - with user mysqlstat

Thu Dec 2 15:35:13 CET 2004

Elan =?iso-8859-1?q?Ruusam=E4e?= wrote:
> On Thursday 02 December 2004 15:38, Andrzej Krzysztofowicz wrote:
> > From: Andrzej Krzysztofowicz <ankry at green.mif.pg.gda.pl>
> > Message-Id: <200412021322.iB2DMp0F023631 at green.mif.pg.gda.pl>
> > To: pld-devel-en at pld-linux.org
> > Date: Thu, 2 Dec 2004 14:22:51 +0100 (CET)
> > Subject: Re: SPECS: mysqlstat.spec - with user mysqlstat
> >
> > glen wrote:
> > > +Requires: group(http)
> >
> > Hmmm... daes this package require a webserver?
> > If no, I suggest P: group(http) and try to add it in %pre
> so it is ok that multiple packages provide group http?
> 
> ah. probably it is, now that it come to topic.

Yes. And the only reason the P: user/gruop(...) were added is to be able to
manage user/group adding/removing (yes, it _needs_ to be documented).

The %user/groupremove macros remove user/group when and only when it is not
"provided" (i.e. used in fact) by any package.

So adding a group/user to any package that uses it is safe and suggested.

> > If requires, it is not enough: R(pre,postun) might be necessary.
> > Or even PreReq. ((un)installation sequence while installing many packages
> > at once matters, IMO)
> i wasn't certain myself too. and the current solution bothers me too
> 
> the application consists of two parts
> 1. data gather
> 2. data display
> 
> for 1) there's no need for webserver
> for 2) the webserver should be able to *read* datafiles produced in 1)
> 
> i was thinking of splitting it to two packages, main package and -cgi
> 
> 
> > > +%pre
> > > +[ "`/bin/id -u mysqlstat 2>/dev/null`" ] || \
> > > + /usr/sbin/useradd -u %{userid} -d /usr/share/mysqlstat \
> > > +  -s /bin/false -g http -c "MySQL Statistics" mysqlstat
> >
> > Eg.: you cannot remove a group being primary group of a user...
> >
> > > -%attr(700,root,root) %dir %{_sysconfdir}
> > > -%attr(600,root,root) %config(noreplace) %verify(not size mtime md5)
> > > %{_sysconfdir}/* -%dir %attr(710,root,http) /var/lib/%{name}
> > > +%attr(700,mysqlstat,root) %dir %{_sysconfdir}
> > > +%attr(600,mysqlstat,root) %config(noreplace) %verify(not size mtime md5)
> > > %{_sysconfdir}/*
> >
> > What is the role of this user? Why does he need write access to config
> > files?
> the idea was that that user owns the config files and can write to /var
> because the program forces restriction that config should be 600 permission 
> (so using group permission wouldn't work)

So why not 400/500 ?
Does the user need to be able to modify configs ?
Or are they modified only by root ?

-- 
=======================================================================
  Andrzej M. Krzysztofowicz               ankry at mif.pg.gda.pl
  phone (48)(58) 347 14 61
Faculty of Applied Phys. & Math.,   Gdansk University of Technology