Hi Alec, On Aug 18, 2015, at 19:02 , Alec T. Habig wrote: > Hi folks, > > I want to add some new machines, running 7.1, into an ldap managed > cluster consisting of 6.x machines. 7 wants system accounts numbered > under 1000, 6 was happy with under 500. Many users and countless files > over a number of machines have uids between 500 and 1000: a global > migration to the new scheme would be A Lot Of Work. This fedora > features proposal page: > > https://fedoraproject.org/wiki/Features/1000SystemAccounts > > suggests dropping in a tweaked /etc/login.defs file in kickstart's %pre > section for people in my situation. > > Unfortunately, the filesystem doesn't exist yet in %pre, so that's too > early to pull in a tweaked file. In %post, all the system accounts are > already made and many config files have pulled the UID min and max > values from the default login.defs file already, so that's too late. ah, the kids struck again. Reminds me of "let's change the output of 'uname -r' to allow a single user requesting it to share the /boot partition of his laptop between 32-/64-bit Fedora installations". > Only way forward seems to be build my own shadow-utils rpm with the > tweaked UID ranges, then build my own install image with this > replacement rpm. Given that the above URL, which was the official point > of discussion when the feature was introduced, suggests something that's > not actually possible - something which surely has bitten every other > site moving from 6->7 - is this really the best way to do it? This bit us much earlier... we actually remap system accounts clashing with ours during installation and change user/group ownership of affected files. > I'm hoping that in my kickstart ignorance there's some intermediate > stage between %pre and %post, where the official suggestion actually > works! How about an rpm triggering on "filesystem" and bringing that file into existence? Something like %triggerin -- filesystem install -m -0644 /usr/share/%{name}/login.defs.nokids /etc/login.defs The problem is that you need to make sure this gets installed before any package creating a problematic account. Stephan -- Stephan Wiesand DESY -DV- Platanenenallee 6 15738 Zeuthen, Germany