RE: Editfiles convergence bug

[Jamie Wilkinson]

Quoting "David J. Bianco" <bianco@jlab.org>:

> On Tue, 2003-02-18 at 11:28, Andrews, Martin wrote:
> > Special support for password entries seems wrong - though a relaxing of
> the
> > ReplaceAll might be in order. 
> 
> Just out of curiousity, in what way does it seem wrong?  I don't really
> see how it's different than having, say, a defaultroute: action to 
> manage the system routing table.  In fact, I'd say that it's more apt
> to be used.  System accounts need managing, too, so I think an account:
> action or something like it would be a valuable addition.

Agreed.  I was thinking about this on the way to work this morning, it would be
very hadny to ensure certain system users and groups existed.

I was thinking of "user:"  but I guess that could then confuse the usage of
"group:".. so "account:" soudns good.

account:

    webserver::

        user apache
            type=system
            home=/var/www/html

    cvsserver::
        
        group dev
            type=user

and so on.

I imaging the "type" option to tell cfengine how to create an uid -- some OSes
such as Debian and Red Hat have guidelines as to which uid ranges are reserved
for locally created system users and for human users -- letting cfengine know
what sort is being created would allow it to create the user along with those
guidelines.

For example, on a Debian machine, cfengine might call "adduser" or "adduser
--system" depending on that flag, whereas on Red Hat it might call "useradd -r"
for a system user.

Does that sound sane?  I think it'll be useful in my deployment of cfengine.

Jamie