Re: NMU'ing for wishlist bugs? (aka: intent to NMU bind9)
Why should the bind user be added to a newly installed system? Bind is
not a typically installed packaged, except in a few cases (dns server
in which maradns/djbdns/etc are not desired); just like maradns, mysql,
apache, etc. Those add the user (usually named after the package, except
for apache) to the system in the postinst script. There's no need for a
fresh debian installation to have 200 system users, when chances are, it's
only going to require less than 10 of those users.
If you truly believe that per-package users should be set up by
base-passwd, then I suggest you get something amended to policy that
says: all users added to the system in postinst scripts must also be in
the default passwd file, in a freshly installed system. Since this isn't
policy, and I personally disagree w/ it, I don't plan on doing it
(unless you can give me some good reasons _why_ it should be done).
On Fri, Sep 13, 2002 at 04:41:10PM +0200, Javier Fernández-Sanguino Peña wrote:
>
> On Thu, Sep 12, 2002 at 01:07:29PM -0400, Andres Salomon wrote:
> > Eh? Check postinst.in. It does the user addition, checks to see
> > whether it should change permissions, etc. postinst is created at
> > build time.
>
> What do you do that for (automatically creating a user) ? You say that the
> maintainer does not read the BTS, but neither do you read Bug #157245 [0]
> too?
>
> I do not see the merit of adding a user without talking with base-passwd
> first and applying a patch that will (probably) not be more than a
> quick-fix and not a long-time patch. Automatic creation of a user for
> named is *not* the way to go.
>
> Obviously IMHO
>
> Javier
>
> PS: For there record, I also wrote about this in the "Securing Debian
> Manual" [1] but it seems nobody has read it :(
>
>
> [0] For the lazy:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=157245&repeatmerged=yes
> [1]
> http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s-sec-bind
>
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
Buying a Unix machine guarantees you a descent into Hell. It starts when
you plug the computer in and it won't boot. Yes, they really did sell you
a $10,000 computer with an unformatted disk drive.
-- Philip Greenspun
Reply to: