Marc Haber:
On Sun, Dec 14, 2025 at 08:47:37AM +0100, Niels Thykier wrote:[...]
Hi Marc, Thanks for providing a concrete example. :)
For example, mariadb. This is not a clear example of perfect usage of adduser, but it creates its user in preinst, then mkdirs /var/lib/mysql and /var/log/mysql and chowns the directories to that user.exim does the same in postinst: adduser, install -d /var/log/exim4, / var/sppol/exim4, /var/spool/exim4/*.How would those package do their job with plain debhelper, systemd- sysusers and systemd-tmpfiles? Would those package have to list their certainly non-temporary data and log directories in tmpfiles.d?
My understanding is people indeed use `tmpfiles` plus `sysusers` solve this problem in the general case (creation of static or factory-state files/directories + chown + chmod).
What if those directories need to be filled with some preliminary data before the daemon can be started?
>
[...] Greetings Marc
I do not have practical experience with this case. However, I assume people would use `tmpfiles` with factory state preliminary data. I read `tmpfiles.d(5)` and the `C` (or `C+`) facility looks rather promising assuming you have a source file/directory if you are dealing with static data (the "factory state" if you will).
For good measure, I checked the `exim4` `postinst` and I think the root problem for your cases here would be database migration / upgrades as those are not covered by the above approach (db creation "could" be mashed into the above pattern). My go to example for complex cases is PostgreSQL, but does not it perform upgrade in place like exim4. Instead the admin is expected to do that post upgrade to perform tests and control the down time with the old major and new major version being installed side-by-side. For minor upgrades, new versions of PostgreSQL can read and work reliable with the files from a old minor version, so they would not need migration. It is not clear to me how to handle the `exim4` case given it does not match any of my reference solutions. Though, I suspect a `ExecStartPre` or `ExecCondition` hook in the service might be the `systemd` vision on how to handle some that. That being said, I think the `systemd` maintainers might be a better (more authoritative) source on best practices on that matter. I would be happy being CC on that discussion.
Again, thanks for providing a concrete example. Without that, I would not have considered the database migration part, which I suspect is a crucial part of what you are looking for.
Best regards, Niels
OpenPGP_signature.asc
Description: OpenPGP digital signature
