diff --git a/doc/adapting-existing.xml b/doc/adapting-existing.xml index 28cb26fe..5d1e0011 100644 --- a/doc/adapting-existing.xml +++ b/doc/adapting-existing.xml @@ -163,17 +163,20 @@ d /run/media 0755 root root - - /lib/passwd + /usr/lib/passwd - In order to ship an OS that contains both system users and users - dynamically created on client machines, you will need to choose - a solution for /etc/passwd. The core - problem is that if you add a user to the system for a daemon, - the OSTree upgrade process for /etc will simply notice that - because /etc/passwd differs from the - previous default, it will keep the modified config file, and - your new OS user will not be visible. + Unlike traditional package systems, OSTree trees contain + numeric uid and gids. Furthermore, it does + not have a %post type mechanism where + useradd could be invoked. In order to ship + an OS that contains both system users and users dynamically + created on client machines, you will need to choose a solution + for /etc/passwd. The core problem is that + if you add a user to the system for a daemon, the OSTree upgrade + process for /etc will + simply notice that because /etc/passwd + differs from the previous default, it will keep the modified + config file, and your new OS user will not be visible. The solution chosen for the /usr/lib/passwd, and to include a NSS module nss-altfiles - which instructs glibc to read from it. Then, the build system places - all system users there, freeing up /etc/passwd - to be purely a database of local users. + which instructs glibc to read from it. Then, the build system + places all system users there, freeing up + /etc/passwd to be purely a database of + local users. See also a more recent effort from Systemd + stateless.