Modifying an existing user is a bad default and makes Gentoo special because it is common for system administrators to make modifications to user (i.e. putting an user into another service's group to allow that user to access service in question) and it would be unexpected to see these changes reverted during normal world upgrade (which could break services).
This commit will make Gentoo behave like any other Linux distribution by respecting any user modifications by default. However, we will retain the functionality to reset system user and groups and users interested in this feature can opt-in by setting ACCT_USER_ALLOW_EXISTING_USER_TO_BE_MODIFIED to a non-zero value in their make.conf. Signed-off-by: Thomas Deutschmann <whi...@gentoo.org> --- eclass/acct-user.eclass | 40 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass index 22b0038fbff7..d60b1e53b4bb 100644 --- a/eclass/acct-user.eclass +++ b/eclass/acct-user.eclass @@ -72,6 +72,11 @@ readonly ACCT_USER_NAME # Overlays should set this to -1 to dynamically allocate UID. Using -1 # in ::gentoo is prohibited by policy. +# @ECLASS-VARIABLE: ACCT_USER_ALREADY_EXISTS +# @INTERNAL +# @DESCRIPTION: +# Status variable which indicates if user already exists. + # @ECLASS-VARIABLE: ACCT_USER_ENFORCE_ID # @DESCRIPTION: # If set to a non-null value, the eclass will require the user to have @@ -79,6 +84,13 @@ readonly ACCT_USER_NAME # the UID is taken by another user, the install will fail. : ${ACCT_USER_ENFORCE_ID:=} +# @ECLASS-VARIABLE: ACCT_USER_ALLOW_EXISTING_USER_TO_BE_MODIFIED +# @DESCRIPTION: +# If set to a non-null value, the eclass is allowed to make changes +# to an already existing user which will include overriding any +# changes made by system administrator. +: ${ACCT_USER_ALLOW_EXISTING_USER_TO_BE_MODIFIED:=} + # @ECLASS-VARIABLE: ACCT_USER_SHELL # @DESCRIPTION: # The shell to use for the user. If not specified, a 'nologin' variant @@ -266,8 +278,8 @@ eunlockuser() { # << Phase functions >> -EXPORT_FUNCTIONS pkg_pretend src_install pkg_preinst pkg_postinst \ - pkg_prerm +EXPORT_FUNCTIONS pkg_pretend pkg_setup src_install pkg_preinst \ + pkg_postinst pkg_prerm # @FUNCTION: acct-user_pkg_pretend # @DESCRIPTION: @@ -309,6 +321,20 @@ acct-user_pkg_pretend() { fi } +# @FUNCTION: acct-user_pkg_setup +# @DESCRIPTION: +# Initialize internal environment variable(s). +acct-user_pkg_setup() { + debug-print-function ${FUNCNAME} "${@}" + + # check if user already exists + ACCT_USER_ALREADY_EXISTS= + if [[ -n $(egetent passwd "${ACCT_USER_NAME}") ]]; then + ACCT_USER_ALREADY_EXISTS=yes + fi + readonly ACCT_USER_ALREADY_EXISTS +} + # @FUNCTION: acct-user_src_install # @DESCRIPTION: # Installs a keep-file into the user's home directory to ensure it is @@ -379,6 +405,16 @@ acct-user_pkg_postinst() { return 0 fi + if [[ -z ${ACCT_USER_ALLOW_EXISTING_USER_TO_BE_MODIFIED} && -n ${ACCT_USER_ALREADY_EXISTS} ]] ; then + eunlockuser "${ACCT_USER_NAME}" + + einfo "User ${ACCT_USER_NAME} already exists; Not touching existing user." + einfo "NOTE: If you want to allow package manager to reset user settings" + einfo " like home, shell, groups... set ACCT_USER_ALLOW_EXISTING_USER_TO_BE_MODIFIED" + einfo " to a non-null value in your make.conf." + return 0 + fi + # NB: eset* functions check current value esethome "${ACCT_USER_NAME}" "${ACCT_USER_HOME}" esetshell "${ACCT_USER_NAME}" "${ACCT_USER_SHELL}" -- 2.30.0