Status: draft

Last-Updated: 2016-10


We need declarative system user and group handling. This should be done from dpkg itself, because eventually it will also be aware of the files metadata which includes users/group information.

Analysis of pre-existing implementations

Using adduser is not satisfactory because:

I've checked the systemd sysusers.conf stuff, and it also seems unsatisfactory, because it lacks things from the list below. Also being tied to what systemd might or might not agree with does not seem wise.


What we'd need from this new interface and declarative file would be:

This would be either implemented by a new dpkg command or internally, because in theory everything above would be expressable with the declarative file format, so there should be no need to call anything explicitly?

If this is implemented by a new command then the actions could probably be:

For sysadmins, shadow and or adduser would still be the interface to use, as those are really fine for those jobs.

For a first iteration I guess we could use the shadow commands as backend, but ideally this should be implemented natively in dpkg, to make it "portable". But there's no standard API to handle the gshadow file, if it even exists. :(