No group write API: do not remove note
Hello George,
I am not happy with the following spec change:
/ lsb / spec / gLSB / usersgroups
Revision 1.5 /
Branch: MAIN
CVS Tags: LSB_0_9, HEAD
Changes since 1.4: +0 -9 lines
Diff to previous 1.4
Removed the NOTE comment about there not being a user/group write API.
The wording of the paragraph is now:
The group(5) user database should only be red from the following APIs:
getgrent(3), setgrent(3), sendgrent(3), and groups(1).
The layout of the group(5) file is not specified by this standard, because
it is access via an API.
In the next chapter we say,
There are many APIs in this specification that read, write,
and/or create password and group entries;
In other words, we say you can use the group database via an API.
But this is true only for reading the database, there
are no group write APIs.
I feel it very clear (and I am ready to bet same beers)
that third party application developers WILL directly
write to /etc/group if LSB does not say "Please dont".
We already listed commands in the spec, which allow to
make all needed group changes. These are:
o groupadd
o groupdel
o groupmod
o usermod (allows to specify, which supplementary groups a user has)
So we really should discourage direct
manipulation off the group database.
The benefits are great, as a System can abstract away
its group database behind the API and the commands.
There has been a long discussion before this paragraph came in to the spec.
If you are unhappy with the wording, ask me for a new draft.
--
______ ___
/ ___/__/ / Caldera (Deutschland) GmbH
/ /_/ _ / /__ Naegelsbachstr. 49c, 91052 Erlangen, Germany
/_____/_/ /____/ software developer / lsb project
==== /____/ ===== Dipl. Inf. Johannes Poehlmann, mail: jhp@caldera.de
Caldera OpenLinux phone: ++49 9131 7192 335, fax: ++49 9131 7192 399
Reply to: