useradd -r option

To: lsb-spec@lists.linuxbase.org, lsb-test@lists.linuxbase.org, debian-lsb@lists.debian.org
Subject: useradd -r option
From: Matt Taggart <taggart@carmen.fc.hp.com>
Date: Thu, 13 Oct 2005 03:52:08 -0600
Message-id: <[🔎] 20051013095208.E46C837F83@carmen.fc.hp.com>

Hi lsb-spec lsb-test and debian-lsb,

Tonight I encountered a 3rd party application with a post-install script 
that was calling useradd with a '-r' option. This broke on Debian because 
it does not support that option.

Spec
====
Checking the LSB spec,

http://www.linuxbase.org/spec//booksets/LSB-Core-generic/LSB-Core-generic/us
eradd.html

we see that,

  -r	creates a system account, that is, a user with a User ID in the
        range reserved for system account users. If there is not a User
	ID free in the reserved range the command will fail.

So the LSB specifies it.

* Debian's useradd is provided by their 'passwd' binary package (4.0.12-6) 
which comes from the 'shadow' source package, it does not support '-r' (and 
there's no bug in the BTS).  The source package is based on the upstream 
source available at,

 ftp://ftp.pld.org.pl/software/shadow/

* The latest version of that upstream source (4.0.13) does not support the 
'-r' flag.

* Red Hat rhel4's useradd is provided by the shadow-utils binary/source 
package and supports '-r'. That source package is based on the same 
upstream source, but forked from a much older version, 4.0.3 released in 
March 2002. So Red Hat added the '-r' to their version but either did not 
contribute it upstream, or upstream did not accept it and Red Hat kept it, 
effectively forking from upstream. I could not find the source for the 
package (they tend to make that hard due to their business model for rhel).

# Fedora is newer, based on 4.0.7, and also supports '-r'. I found the 
shadow-utils source package and it adds '-r' support via a patch named 
'shadow-4.0.7-redhat.patch' applied to the upstream tarball as part of the 
package.

* SuSE sles9's useradd is their own creation, from the pwdutils package 
written by Thorsten Kukuk. It supports '-r'.

Had it been in place at the time, the LSB criteria should not have 
prevented the addition of this option since it wasn't universally available 
in the distros and from the canonical upstream provider. But it's in now. 
If upstream can be convinced to add it, I'm sure Debian and anyone else 
missing it can adopt it and then it can stay in the LSB. Otherwise it needs 
to go.

I don't think this is a fixable bug in Debian until upstream is willing to 
accept it.

Testing
=======
It occurred to me I've never seen this fail in my LSB testing. It looks 
like the tests don't cover '-r'. I assume it should be in

  tests/lsb-runtime-test/usersgroups/tset/LSB.usersgroups/commands/misc/comm
and_tests.sh

in cvs at,

  http://cvs.gforge.freestandards.org/cgi-bin/cvsweb.cgi/%7echeckout%7e/test
s/lsb-runtime-test/modules/usersgroups/tset/LSB.usersgroups/commands/misc/co
mmand_tests.sh?rev=1.28&contenttype=text/plain&cvsroot=lsb

So the tests need to be improved. I don't think any new test should be used 
for certification until the above spec issues are resolved.

FYI - This same post-install script used useradd with '-M' as well, but 
that's not in the LSB spec. So that's the developer's fault for using a 
non-portable option, but maybe '-M' should be considered (assuming it meets 
the LSB criteria).

Thanks,

-- 
Matt Taggart        Open Source & Linux Organization R&D
taggart@fc.hp.com   Hewlett-Packard

Reply to:

Follow-Ups:
- Re: [lsb-spec] useradd -r option
  - From: Matt Taggart <taggart@carmen.fc.hp.com>

Prev by Date: Re: Naming of init.d scripts and the LSB
Next by Date: Bug#333706: useradd lacks -r option
Previous by thread: Re: Delegation for trademark negotiatons with the DCCA
Next by thread: Re: [lsb-spec] useradd -r option
Index(es):
- Date
- Thread