Re: [RFC] adding system users: which is the best way??

To: Debian Devel Mailing List <debian-devel@lists.debian.org>
Subject: Re: [RFC] adding system users: which is the best way??
From: Fabio Massimo Di Nitto <fabbione@fabbione.net>
Date: Sun, 30 Nov 2003 08:54:29 +0100 (CET)
Message-id: <[🔎] Pine.LNX.4.58.0311300847040.17326@trider-g7.ext.fabbione.net>
In-reply-to: <[🔎] 20031130033708.GD27398@snoopy.apana.org.au>
References: <[🔎] Pine.LNX.4.58.0311291701260.15716@trider-g7.ext.fabbione.net> <[🔎] 20031129150546.296959c2.david@eelf.ddts.net> <[🔎] 20031130020735.GW23960@marvin.sbg.palfrader.org> <[🔎] 20031130033708.GD27398@snoopy.apana.org.au>

Hi Brian,

On Sun, 30 Nov 2003, Brian May wrote:

> On Sun, Nov 30, 2003 at 03:07:35AM +0100, Peter Palfrader wrote:
> > Some packages remove the user when they are purged.  This is even worse
> > I think.
>
> Presumable, if you purge the package, then the user is no longer needed.
>
> So shouldn't the user be deleted?
>
> (just don't use the option to deluser/userdel to automatically remove
> the users home directory in the maintainer scripts...)

adduser foo
Adding user foo...
Adding new group foo (1001).
Adding new user foo (1001) with group foo.
Creating home directory /home/foo.

deluser foo
Removing user foo...
done.

adduser bar
Adding user bar...
Adding new group bar (1001).
Adding new user bar (1001) with group bar.
Creating home directory /home/bar.

ls -asld /home/foo /home/bar
   1 drwxr-xr-x    2 bar      bar          1024 Nov 30 08:46 /home/bar
   1 drwxr-xr-x    2 bar      bar          1024 Nov 30 08:46 /home/foo

If i don't remove the home dir than we have a possible security issue
since user bar will be able to access foo dirs/files.

So somehow we need to find a way to handle this situation in a better way.

Fabio

-- 
Our mission: make IPv6 the default IP protocol
"We are on a mission from God" - Elwood Blues

http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp00004.html

Reply to:

Follow-Ups:
- Re: [RFC] adding system users: which is the best way??
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>

References:
- [RFC] adding system users: which is the best way??
  - From: Fabio Massimo Di Nitto <fabbione@fabbione.net>
- Re: [RFC] adding system users: which is the best way??
  - From: David B Harris <david@eelf.ddts.net>
- Re: [RFC] adding system users: which is the best way??
  - From: Peter Palfrader <weasel@debian.org>
- Re: [RFC] adding system users: which is the best way??
  - From: Brian May <bam@debian.org>

Prev by Date: KDE broken in sarge repository
Next by Date: Re: more details on the recent compromise of debian.org machines
Previous by thread: Re: [RFC] adding system users: which is the best way??
Next by thread: Re: [RFC] adding system users: which is the best way??
Index(es):
- Date
- Thread