Bug 702972

Summary:	acct-user.eclass does not honor the CONFIG_PROTECT variable
Product:	Gentoo Linux	Reporter:	Wilson M. Michaels <thebitpit>
Component:	Eclasses	Assignee:	Michał Górny <mgorny>
Status:	RESOLVED INVALID
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	All
Whiteboard:
Package list:		Runtime testing required:	---

Description Wilson M. Michaels 2019-12-15 07:51:51 UTC

Changes are made to files in /etc without allowing the user to accept or reject them after the emerge is complete.

acct-user/mythtv modifies the existing user if that user is not logged 
in. No ._cfg0000_filename is installed.

Reproducible: Always

Steps to Reproduce:
1. Create a user mythtv with non default UID
2. Add some groups to this user
3. emerge acct-user/mythtv
Actual Results:  
The user is modified to the default UID and groups

Expected Results:  
The mythtv user is not changed.
._cfg0000_<filename> files installed so etc-update can be used to accept or reject updates to files in /etc

This is a hard problem for the variety of operating systems supported by gentoo.

Workaround:
Add an eclass variable [i.e. ACCT_USER_NO_MODIFY] that will create the user and groups if the user is missing, otherwise it does nothing or maybe prints an information message listing the default UID and groups.

Alternative workaround:
ebuild has a USE flag to control dependency on acct-user/<...>.
ebuild has a way to test for an existing user<...> so acct-user/<...> can be called on new installations one time even when the USE flag is would otherwise prevent this.

Comment 1 Michał Górny archtester

2019-12-15 13:09:57 UTC

CONFIG_PROTECT protects installed files, not implicit effects of NSS calls.  All user and group management is done via system tools that may or may not use files in /etc, /var or any local or remote location.

I'm going to repeat myself: if you need special behavior, use a local overlay.  That's how it's been designed and that's how it works.