Re: Policy on Account creation and deletion?

To: debian-devel@lists.debian.org
Subject: Re: Policy on Account creation and deletion?
From: Matthias Urlichs <smurf@smurf.noris.de>
Date: Sun, 14 Mar 2004 11:21:54 +0100
Message-id: <[🔎] pan.2004.03.14.10.21.51.176828@smurf.noris.de>
References: <[🔎] E1B24Pf-0007NH-AS@q.bofh.de>

Hi, Marc Haber wrote:

> Hi,
> 
> some packages dynamically create system accounts during installation. This
> has been increasingly popular since nowadays you don't like to run
> unrelated subsystems with the same privileges.
> 
> I didn't find any policy documentation how a package should handle this,
> and I'd like to have this discusses for future reference.
> 
> (1) Account Name
> This has been discussed in the past, with no real consensus being reached.
> It is clear that we should use a namespace that doesn't clash with names
> that our users my use on their systems since we might remove an account
> that the local administrator manually created. Possibilities include _foo,
> foo_, Debian-foo and foo-Debian, with the only package I am aware of that
> already does this being exim4 (using Debian-exim, and receiving gazillion
> of bug reports "this account name is ugly").
> 
> (2) Creation
> Most packages create their account in postinst. exim4 uses getent to
> determin whether the account already exists (this has shown to be
> unreliable, see #237657), and bind9 touches a file in /var/run and tries
> to chown the file to the account name before creating the account (with a
> comment basically saying that there is no other way to detect account
> existence).
> 
Sure there is.
# id smurf
uid=501(smurf) gid=501(smurf) groups=501(smurf),40(src),100(users),200(urlichs),230(sbuild)
# id fhzruiqhfiuqw
id: fhzruiqhfiuqw: No such user
# echo $?
1

Q.E.D.

>    * use this account verbatim?
>      This might be undesireable as the account might be in use for
>      something else.

Idea: check the account's home directory; ask if it's "wrong".

> (3) Deletion
> I think that the account should be deleted when the package is
> uninstalled.

I'd do it on purge.

> dpkg documentation says that the only difference between
> remove and purge is that remove doesn't delete conffiles while purge does.

Deleting an /etc/passwd entry would fall under that restriction, I'd say.

> For the record: exim4 does remove its user in postrm on purge, bind9
> leaves the user on the system.
> 
IMHO both are valid.


-- 
Matthias Urlichs

Reply to:

Follow-Ups:
- Re: Policy on Account creation and deletion?
  - From: Marc Haber <mh+debian-devel@zugschlus.de>

References:
- Policy on Account creation and deletion?
  - From: Marc Haber <mh+debian-devel@zugschlus.de>

Prev by Date: Re: Bug#237925: ITP: cdemu -- CD drive emulator for Linux
Next by Date: Re: Bug#237925: ITP: cdemu -- CD drive emulator for Linux
Previous by thread: Re: Policy on Account creation and deletion?
Next by thread: Re: Policy on Account creation and deletion?
Index(es):
- Date
- Thread