Just saw this. Here's how to do it via brute force. I have the user "ovirtagent" on one of my boxes, and wanted to find out who provided it. So I did the following: rpm --qf "%{NAME}\n" -qa | while read rname ; do if rpm -q --scripts ${rname} | grep -q ovirtagent ; then echo $rname ; fi ; done It's not efficient, but it works. -I On Thu, Jun 27, 2013 at 12:36 PM, Rob Townley <rob.townley at gmail.com> wrote: > --scripts is helpful, the following returns a great deal of package scripts > having to do with users and groups, but ideally would return just the > package names involved in creating the user or group. > > rpm -qa --scripts | egrep 'user|group|id\s|getent|pass' > > rpm -qa --scripts | less does not seem to list any package names, but may > be a more formal rpm would help: > > rpm --queryformat "%{FILEUSERNAME} %{TRIGGERSCRIPTS} > %{TRIGGERSCRIPTPROG}\n" --query httpd > > does not return a script name and i do not see anything else in rpm > --querytags that would help. > > Has to be a way, but not today. > > > > > On Thu, Jun 27, 2013 at 1:52 PM, Leon Fauster <leonfauster at googlemail.com > >wrote: > > > Am 27.06.2013 um 20:36 schrieb Rob Townley <rob.townley at gmail.com>: > > > Given a particular user or particular group, is there a rpm command > that > > > returns what package created that particular user or particular group? > > > > > > Analogous to `rpm -q --whatprovides /etc/security/limits.conf` returns > > the > > > package "pam". > > > Is there an rpm command that returns what package generated a > particular > > > user? > > > > > > Most of us already know that the httpd package is associated with the > > user > > > apache. But there are passwd and group entries that i would like to > > verify > > > and want to know exactly how they got on my system. Further i would > like > > > to know which the security implications of adding another group to a > user > > > account. > > > > > > Something like the following command: > > > `rpm --query --user apache` would return "httpd" > > > `rpm --query --group pulse-access` might return pulseaudio > > > > > > take a look at the pre/post-script parts of the rpms > > > > rpm -q --scripts httpd > > > > other users/groups are "installed" via centos setup (anaconda). > > > > -- > > LF > > > > > > > > > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >