[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: NMU'ing for wishlist bugs? (aka: intent to NMU bind9)

Why should the bind user be added to a newly installed system?  Bind is
not a typically installed packaged, except in a few cases (dns server
in which maradns/djbdns/etc are not desired); just like maradns, mysql,
apache, etc.  Those add the user (usually named after the package, except
for apache) to the system in the postinst script.  There's no need for a
fresh debian installation to have 200 system users, when chances are, it's
only going to require less than 10 of those users. 

If you truly believe that per-package users should be set up by
base-passwd, then I suggest you get something amended to policy that
says: all users added to the system in postinst scripts must also be in
the default passwd file, in a freshly installed system.  Since this isn't
policy, and I personally disagree w/ it, I don't plan on doing it
(unless you can give me some good reasons _why_ it should be done).

On Fri, Sep 13, 2002 at 04:41:10PM +0200, Javier Fernández-Sanguino Peña wrote:
> On Thu, Sep 12, 2002 at 01:07:29PM -0400, Andres Salomon wrote:
> > Eh?  Check postinst.in.  It does the user addition, checks to see
> > whether it should change permissions, etc.  postinst is created at 
> > build time.
> What do you do that for (automatically creating a user) ? You say that the
> maintainer does not read the BTS, but neither do you read Bug #157245 [0]
> too? 
> I do not see the merit of adding a user without talking with base-passwd
> first and applying a patch that will (probably) not be more than a
> quick-fix and not a long-time patch. Automatic creation of a user for
> named is *not* the way to go.
> Obviously IMHO
> Javier 
> PS: For there record, I also wrote about this in the "Securing Debian
> Manual" [1] but it seems nobody has read it :(
> [0] For the lazy:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=157245&repeatmerged=yes
> [1]
> http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s-sec-bind
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Buying a Unix machine guarantees you a descent into Hell. It starts when
you plug the computer in and it won't boot. Yes, they really did sell you
a $10,000 computer with an unformatted disk drive.
	-- Philip Greenspun

Reply to: