On Sun, May 16, 2004 at 05:28:34PM -0400, Stephen Gran wrote: > Hello all, > > I recently filed a bug (http://bugs.debian.org/249354) on a package > because I felt it did not clean up after itself. The problem was the > package creates a system user account, and does not remove it on purge. "purge" doesn't necessarily remove /everything/. It just removes the files that were in the package when it was installed plus any configuration files. Thing is, the package may be leaving traces behind which should not be accessible to other users. Things such as logfiles, database files (for database servers), etc. spring to mind, but there could be more. If the package is installed, then purged (and its user removed), then another package is installed which creates a system user, and then the original package is installed again, it will no longer have the same UID which it had beforehand, which introduces a possible bug (e.g., a database server might want to create files with 0600 permissions; in this scenario, the database server would no longer work). That's silly, and most easily avoided by ensuring the package will get the same UID after reinstalling, which can only be done by retaining the UID on the system. Yes, there may be other ways, but they all introduce extra complexity; and why do that if there's an easy solution? After all, it's not as if one UID will break the system... > The maintainer disagrees, and says that system accounts should never be > removed by packages. Well, that's the other end of the spectrum; may be a bit far-fetched. For sure, some packages might want to remove their system accounts if getting another UID on reinstall won't break anything; but I don't think it should be a requirement. -- EARTH smog | bricks AIR -- mud -- FIRE soda water | tequila WATER -- with thanks to fortune
Attachment:
signature.asc
Description: Digital signature