doc: adapting-existing: Update story on latest /usr/lib/passwd bits

diff --git a/doc/adapting-existing.xml b/doc/adapting-existing.xml
index 28cb26feba2565d4e1338c431b6080c76f6d83b7..5d1e001140b0dc89a27e7d039f60ee12157a58cf 100644 (file)
--- a/doc/adapting-existing.xml
+++ b/doc/adapting-existing.xml
@@ -163,17 +163,20 @@ d /run/media 0755 root root -
   </chapter>
 
   <chapter id="lib-passwd">
-    <title>/lib/passwd</title>
+    <title>/usr/lib/passwd</title>
     <para>
-      In order to ship an OS that contains both system users and users
-      dynamically created on client machines, you will need to choose
-      a solution for <filename>/etc/passwd</filename>.  The core
-      problem is that if you add a user to the system for a daemon,
-      the OSTree upgrade process for <filename
-      class='directory'>/etc</filename> will simply notice that
-      because <filename>/etc/passwd</filename> differs from the
-      previous default, it will keep the modified config file, and
-      your new OS user will not be visible.
+      Unlike traditional package systems, OSTree trees contain
+      <emphasis>numeric</emphasis> uid and gids.  Furthermore, it does
+      not have a <literal>%post</literal> type mechanism where
+      <filename>useradd</filename> could be invoked.  In order to ship
+      an OS that contains both system users and users dynamically
+      created on client machines, you will need to choose a solution
+      for <filename>/etc/passwd</filename>.  The core problem is that
+      if you add a user to the system for a daemon, the OSTree upgrade
+      process for <filename class='directory'>/etc</filename> will
+      simply notice that because <filename>/etc/passwd</filename>
+      differs from the previous default, it will keep the modified
+      config file, and your new OS user will not be visible.
     </para>
     <para>
       The solution chosen for the <ulink
@@ -182,9 +185,12 @@ d /run/media 0755 root root -
       <filename>/usr/lib/passwd</filename>, and to include a NSS
       module <ulink
       url="https://github.com/aperezdc/nss-altfiles">nss-altfiles</ulink>
-      which instructs glibc to read from it.  Then, the build system places
-      all system users there, freeing up <filename>/etc/passwd</filename>
-      to be purely a database of local users.
+      which instructs glibc to read from it.  Then, the build system
+      places all system users there, freeing up
+      <filename>/etc/passwd</filename> to be purely a database of
+      local users.  See also a more recent effort from <ulink
+      url="http://0pointer.de/blog/projects/stateless.html">Systemd
+      stateless</ulink>.
     </para>
   </chapter>