Here's what the XFCE spin of Fedora 38 generates: root:x:0:0:Super User:/root:/bin/bash bin:x:1:1:bin:/bin:/usr/sbin/nologin daemon:x:2:2:daemon:/sbin:/usr/sbin/nologin adm:x:3:4:adm:/var/adm:/usr/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/usr/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/usr/sbin/nologin operator:x:11:0:operator:/root:/usr/sbin/nologin games:x:12:100:games:/usr/games:/usr/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/usr/sbin/nologin nobody:x:65534:65534:Kernel Overflow User:/:/usr/sbin/nologin dbus:x:81:81:System Message Bus:/:/usr/sbin/nologin tss:x:59:59:Account used for TPM access:/:/usr/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/usr/sbin/nologin systemd-oom:x:998:998:systemd Userspace OOM Killer:/:/usr/sbin/nologin systemd-resolve:x:193:193:systemd Resolver:/:/usr/sbin/nologin polkitd:x:997:996:User for polkitd:/:/sbin/nologin avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin geoclue:x:996:995:User for geoclue:/var/lib/geoclue:/sbin/nologin colord:x:995:994:User for colord:/var/lib/colord:/sbin/nologin nm-fortisslvpn:x:994:993:Default user for running openfortivpn spawned by NetworkManager:/:/sbin/nologin rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin pipewire:x:993:992:PipeWire System Daemon:/var/run/pipewire:/sbin/nologin chrony:x:992:991:chrony system user:/var/lib/chrony:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin openvpn:x:991:990:OpenVPN:/etc/openvpn:/sbin/nologin nm-openvpn:x:990:989:Default user for running openvpn spawned by NetworkManager:/:/sbin/nologin nm-openconnect:x:989:988:NetworkManager user for OpenConnect:/:/sbin/nologin unbound:x:988:987:Unbound DNS resolver:/var/lib/unbound:/sbin/nologin setroubleshoot:x:987:986:SELinux troubleshoot server:/var/lib/setroubleshoot:/usr/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin sstpc:x:986:985:Secure Socket Tunneling Protocol(SSTP) Client:/var/run/sstpc:/sbin/nologin lightdm:x:985:984:LightDM daemon:/var/lib/lightdm:/usr/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin vboxadd:x:984:1::/var/run/vboxadd:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/usr/share/empty.sshd:/usr/sbin/nologin dnsmasq:x:983:982:Dnsmasq DHCP and DNS server:/var/lib/dnsmasq:/usr/sbin/nologin tcpdump:x:72:72:tcpdump:/:/usr/sbin/nologin systemd-coredump:x:981:981:systemd Core Dumper:/:/usr/sbin/nologin systemd-timesync:x:980:980:systemd Time Synchronization:/:/usr/sbin/nologin Issues: 1) Entries are not sorted by the ID - I've always been hugely annoyed by that. Please make changes to whatever utilities/libraries are handling `passwd` and `group` entries to always make them sorted by the third field numerically 2) There's a mess of `{/bin|/usr/bin|/sbin|/usr/sbin}/something` as a user shell/command. Please make them all use `/usr/{bin|sbin}/something` 3) I really really hate that some high UIDs != GUIDs, e.g. sstpc's 986 != 985. There's nothing bad or wrong about that but it's sloppy considering it's a brand new system and you can perfectly make them match except for users using other groups IDs, e.g. halt or games. 4) Some users descriptions capitalize each word ("PipeWire System Daemon"), others don't ("Unbound DNS resolver"). Why? Thank you for your attention. And no, I'm not going to file a bug report against each individual package. There are literally hundreds of applications/daemons/services which come with a separate user or/and group.
May I have your attention please?
You state you are not going to file a bug report against each individual package. But this is exactly how this can only be handled. This package just owns the basic passwd file, it is not responsible for the format - tools from shadow-utils or passwd utility write into that file. If you want to pursue that, individual bug report against specific components is imho the only way how to change it...
I'm pretty sure all the applications/servers/services/daemons which update /etc/{passwd|group|shadow|grshadow} do so via some API. I don't think it's going to be too difficult to change this API to make these files sorted.
Until recently all the packages created users/groups directly through the spec file. With sysusers.d introduction: https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format most of the packages on Fedora use sysusers.d file format: https://www.freedesktop.org/software/systemd/man/sysusers.d.html and let systemd create them. So if any sorting should be done, it should be done by systemd-sysusers and RFE should get filled against it. Regarding the other discrepancies (/sbin/nologin instead of /usr/sbin/nologin and GECOS field), individual bugs should get filled against the responsible packages, from the setup package point of view, there is nothing that can be done. Package maintainers should be aware about UsrMove/Usr merge and change it to /usr/sbin/nologin: https://fedoraproject.org/wiki/Features/UsrMove like it was done for setup: https://pagure.io/setup/c/e24038b10525d0037b5e359b541d59f769fa8ca9?branch=master
I hope we answered all your queries. With all the above being said I am closing this as NOTABUG.