Fixed upgrade process for groups/users add

[kayrus]

/cc @robszumski @marineam @crawford Fixes issue when it is impossible to add rkt group to custom user after CoreOS upgrade

[marineam]

It looks like these will append a new entry if the one in /etc is modified at all (e.g. setting a password or adding a user to a group). If we want to fix this we should just start migrating to systemd-sysusers instead, the split /etc and /usr scheme was created before systemd-sysusers existed and I didn't want to write a comprehensive tool like sysusers myself.

[antrik]

This needs some clarification. So the idea is to migrate all users/groups from /usr/share/baselayout/ to sysusers.d? (And consequently also drop the first-run script manually creating /etc/passwd & co.?)

If so, this will require several enhancements to systemd-sysusers, because in order to create all the users currently present in CoreOS, we need to be able to:

• create users with a login shell different than nologin
• create users with a primary group different than the user itself
• create users/groups with mismatching IDs

Otherwise, there is a total of around ten users that cannot be migrated. A partial migration would only make the whole situation even more messy I believe.

Shall we propose the necessary changes to systemd-sysusers?