[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Removing system accounts on --purge



On Sun, May 16, 2004 at 05:28:34PM -0400, Stephen Gran wrote:
> Hello all,
> 
> I recently filed a bug (http://bugs.debian.org/249354) on a package
> because I felt it did not clean up after itself.  The problem was the
> package creates a system user account, and does not remove it on purge.

"purge" doesn't necessarily remove /everything/. It just removes the
files that were in the package when it was installed plus any
configuration files.

Thing is, the package may be leaving traces behind which should not be
accessible to other users. Things such as logfiles, database files (for
database servers), etc. spring to mind, but there could be more. If the
package is installed, then purged (and its user removed), then another
package is installed which creates a system user, and then the original
package is installed again, it will no longer have the same UID which it
had beforehand, which introduces a possible bug (e.g., a database server
might want to create files with 0600 permissions; in this scenario, the
database server would no longer work). That's silly, and most easily
avoided by ensuring the package will get the same UID after
reinstalling, which can only be done by retaining the UID on the system.

Yes, there may be other ways, but they all introduce extra complexity;
and why do that if there's an easy solution? After all, it's not as if
one UID will break the system...

> The maintainer disagrees, and says that system accounts should never be
> removed by packages.

Well, that's the other end of the spectrum; may be a bit far-fetched.
For sure, some packages might want to remove their system accounts if
getting another UID on reinstall won't break anything; but I don't think
it should be a requirement.

-- 
         EARTH
     smog  |   bricks
 AIR  --  mud  -- FIRE
soda water |   tequila
         WATER
 -- with thanks to fortune

Attachment: signature.asc
Description: Digital signature


Reply to: