An idea on extending the "Package users" approach

Eric Herman eric at
Wed Jan 7 01:52:31 PST 2009

Angel Tsankov wrote:
> In his hint "Package users" Matthias Benkmann recommends to name the
> primary group of a package user after the user name.  But why
> duplicate information instead of extending it?!  Couldn't we name the

I continue to find the simple "duplicate info" of user and group to very

Having given some thought to what I might want to do with the
opportunity (create sub-groups or whatever), I eventually decided that
there was nothing that was as useful and the simplicity of the same user
  and group approach.

Of course the command line duplication when installing a new package is
irritating, so if you know that's the approach you're going to use,
modify the script to only pass in the variable once.

But, probably the most interesting extension of package users that I
feel others might benefit from is an idea I had for dealing with ldconfig.

It's quite simple really. Create a special user for ldconfig, and set
the suid bit so any member of the install group can run /sbin/ldconfig
and make sure that /etc/ is owned by the ldconfig user.
(ldconfig is a member of the install group)

root:/# ls -l /sbin/ldconfig
-rwsr-xr-- 1 ldconfig install 866314 Aug  4 19:44 /sbin/ldconfig
root:/# ls -l /etc/
-rw-r--r-- 1 ldconfig glibc 7908 Dec 20 12:46 /etc/

Oddly, because the group is recorded, we can see that glibc was the last
user to run ldconfig.


Eric Herman, Software Developer
Mobile: +31 62 071 9662

More information about the lfs-chat mailing list