adduser/deluser on postinst
Hi !
I need some advice on bug #435671. I agree with the bug reporter that
the user handling part of xrdp should be rewritten. I have looked at
what is done in other packages and in most of them gentent is used to
check the user existence but there is no check that this is really a
system user (so the user can be unrelated to the package). Because of
this, some package (ntp) just skip the test and use adduser with
--quiet.
On deletion, some package do not use --system option of deluser, so
delete a legit non-system user without warning. On my system, there is
gdm, openntpd, openssh and vde2.
In summary, I think a package should just use adduser --quiet --system
in postinst and deluser --quiet --system on purge without checking for
existence. It would be convenient for adduser --quiet --system to return
an error if the user exists but is not a system user (actually, without
--quiet, it says the user exists and is a user system, I will report the
bug).
What do you think ?
--
BOFH excuse #45:
virus attack, luser responsible
Reply to: