On 2025-08-03 14:09:41 (+0200), Robin Candau wrote: > Hi, > > I've been working on a significant rework of the zabbix split package [1] > over the past few days, introducing a fair amount of changes and > improvements. > > One key change consists of replacing the multiple sysusers historically > created for each zabbix components with a single shared "zabbix" user: > > - It aligns better with the intended upstream standard and the way other > distributions does this (see [2] for more details). > > - The previous historical approach was somewhat *hacky*, e.g. relying on > unnecessarily static UID:GID for each user and running some `chown` during > `package()` rather than relying on systemd sysusers.d / tmpfiles.d. > > That said, this change *may* require manual intervention from users. > > While I'm aware that Zabbix component usage on Arch Linux might be > relatively low, I believe that monitoring components are critical enough to > warrant a news entry about this change and the potential impact it implies. > Of course, feel free to let me know if you think otherwise. > > News draft below. > Pad available at [3].
Kudos for cleaning this up! I've fixed a few typos in the pad, but otherwise this looks fine to me. Somewhat related to your change, I think it would also be good to not run the PHP frontend as the http user [a], as the webserver runs as that. With nextcloud and other web applications we have also switched to separate users, but as this may require a bit more setup and change party, it's probably better to do this in a follow-up. Best, David [a] https://gitlab.archlinux.org/archlinux/packaging/packages/zabbix/-/blob/35e4473490f17e26374655c88d88bdf63f1af033/PKGBUILD#L164 -- https://sleepmap.de
signature.asc
Description: PGP signature
