[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Removing system accounts on --purge



This one time, at band camp, Wouter Verhelst said:
> On Sun, May 16, 2004 at 05:28:34PM -0400, Stephen Gran wrote:
> > Hello all,
> > 
> > I recently filed a bug (http://bugs.debian.org/249354) on a package
> > because I felt it did not clean up after itself.  The problem was
> > the package creates a system user account, and does not remove it on
> > purge.
> 
> "purge" doesn't necessarily remove /everything/. It just removes the
> files that were in the package when it was installed plus any
> configuration files.
> 
> Thing is, the package may be leaving traces behind which should not be
> accessible to other users. Things such as logfiles, database files
> (for database servers), etc. spring to mind, but there could be more.

Note that log files are explicitly mentioned as something to be removed
on purge:
10.8 Log files:
Log files should be removed when the package is purged (but not when it
is only removed). 

Not trying to be pedantic, but just pointing out purge is *purge* -
remove is for removal.

> If the package is installed, then purged (and its user removed), then
> another package is installed which creates a system user, and then the
> original package is installed again, it will no longer have the same
> UID which it had beforehand, which introduces a possible bug (e.g., a
> database server might want to create files with 0600 permissions; in
> this scenario, the database server would no longer work). That's
> silly, and most easily avoided by ensuring the package will get the
> same UID after reinstalling, which can only be done by retaining the
> UID on the system.

I understand, although I think in this case the admin should have used 
remove and not purge, but that's probably a debatable, and flammable, 
subject :)  If an application really needs a dependable uid present on
the system so that it can have things present on the filesystem with a
coherent ownership, regardless of whether or not the package is
installed, that sounds like sometign that should go in base-passwd.
Otherwise, it sounds like the admin's responsibility to use remove
instead of purge if they think they're going to need that database
again, and they don't want to go to the trouble of backing it up and
running chown -R afterwards.

Thanks,
-- 
 -----------------------------------------------------------------
|   ,''`.					     Stephen Gran |
|  : :' :					 sgran@debian.org |
|  `. `'			Debian user, admin, and developer |
|    `-					    http://www.debian.org |
 -----------------------------------------------------------------

Attachment: pgpOB53B2AMQt.pgp
Description: PGP signature


Reply to: