Re: Create user during installation
Tilman Koschnick wrote:
On Thu, 2005-03-31 at 22:18 +0200, Shachar Shemesh wrote:
This question is about a package that will likely not make it into
Debian (too specific). I even suspect this has some relevance.
I would like to install a package that creates it's own special user and
group during installation. I have utterly and totally failed to find a
ready made package that does that, with the sole exception of qmail-src
(from non-free) that creates them in the 655xx area. Not exactly what I
would like to do.
How do I create said user and group? How do I tell between useradd or
adduser failing due to user already existing, and other unrelated
reasons? Do I at all need to care about that?
grep for 'adduser' in /var/lib/dpkg/info/*postinst to see some examples.
You can use getent(1) to check for the existence of a user.
Here is what I do (package gpsd):
| # create user gpsd
| getent passwd gpsd > /dev/null || \
| adduser --system \
| --home "/nonexistent" --no-create-home \
| --disabled-password --ingroup dialout \
| --gecos "GPS daemon user" gpsd
| if [ "x$1" = "xpurge" ] ; then
| getent passwd gpsd > /dev/null && deluser gpsd
Ok, I'll explain a bit on what I'm trying to do.
I have a web application which needs to perform actual tasks in the
system. These tasks do not require root access, and so I would much
rather not give it root access. I would also prefer not to give it
access to everything that runs under the web server.
The solution was to put up a helper program that asks for password and
performs the actual operations. This program would be suid to a new user
in the system dedicated to that task.
Now here's the thing I'm trying to figure out. I need to create several
files owned by this new user I'm creating, with one of them actually
suid. In addition, I need to set the group of the suid file according to
whatever group whichever process that runs my web server is running as.
One way to do it would be to perform all permissions change in the
postinst. I know that this is what ssh does with ssh-agent. Another
package I looked at was qmail. It stores the file qmail-queue with full
permissions inside the package, but it creates the users in
qmail.preinst, and hardcodes the uids into it. I guess this is not an
Now it may very well be that creating the file ownership and permission
at postinst is the only way. If that's the case, I'll just do it. I just
wanted to make sure.
Lingnu Open Source Consulting ltd.
Have you backed up today's work? http://www.lingnu.com/backup.html