Re: Policy on Account creation and deletion?
On Sat, 13 Mar 2004, Marc Haber wrote:
> Most packages create their account in postinst. exim4 uses getent to
> determin whether the account already exists (this has shown to be
> unreliable, see #237657), and bind9 touches a file in /var/run and
If getent is unreliable, the system is hosed. An account exists if
getent passwd <accountname> can get to it. OTOH, doing getent passwd | grep
(enumerating all the accounts) is something you REALLY should not be doing.
> I am wondering what a package should do if the account already exists:
> * use this account verbatim?
If it is a system account, yes. If it is not, well, I think we should
bang out with an error, and my packages do just that. But that's IMHO.
> (3) Deletion
> I think that the account should be deleted when the package is
> uninstalled. dpkg documentation says that the only difference between
> remove and purge is that remove doesn't delete conffiles while purge
> does. This can be interpreted as a requirement to remove the account
> even on remove, which might lead to files becoming unowned.
IMHO, we should go with the spirit of the thing. If you need the account
there to keep the conffiles in a sane state, then don't remove it on package
removal. Otherwise, do as you wish.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Reply to: