Re: Bits from the release team: the plans for etch

To: Marc Haber <mh+debian-devel@zugschlus.de>, debian-devel@lists.debian.org
Subject: Re: Bits from the release team: the plans for etch
From: Gabor Gombas <gombasg@sztaki.hu>
Date: Wed, 26 Oct 2005 13:53:19 +0200
Message-id: <[🔎] 20051026115319.GE15626@boogie.lpds.sztaki.hu>
In-reply-to: <[🔎] 20051026091100.GA3940@javifsp.no-ip.org>
References: <[🔎] 20051022082324.GC24450@saruman.uio.no> <[🔎] E1ETva4-0005iY-MW@scyw00225.scy001.de> <[🔎] 20051024063245.GE19151@tennyson.dodds.net> <[🔎] 20051024141318.GA23768@javifsp.no-ip.org> <[🔎] E1EU9aO-0001XS-Ui@scyw00225.scy001.de> <[🔎] 20051025105240.GA21436@javifsp.no-ip.org> <[🔎] E1EUOsY-0000Jv-F3@scyw00225.scy001.de> <[🔎] 20051025202118.GA10290@javifsp.no-ip.org> <[🔎] E1EUecU-0004QS-NV@scyw00225.scy001.de> <[🔎] 20051026091100.GA3940@javifsp.no-ip.org>

On Wed, Oct 26, 2005 at 11:11:00AM +0200, Javier Fernández-Sanguino Peńa wrote:

> That really depends on the daemon itself don't you think? There's a number of
> daemons that don't create any file at all or, if they do, are created
> only on a given directory which is removed on purge. In these cases, removing
> the user on postrm's purge might make sense. As I said, that would be an
> option. 

It is still possible that those daemons _read_ some files (e.g. config
files), and the admin did a chown/chgrp to the daemon's user. Removing
the user and reusing the UID/GID will suddenly make those files
accessible for a random new package which may not be intended at all.

IMHO you can safely remove an user/group _only_ if you have made sure
there are no files owned by that uid/group left on any filesystems (and
checking that may be tricky if the system uses ACLs, for example).

And there is also the problem of files restored from a backup being
suddenly owned by some random new user/group...

At the very least you should ask the admin if he wants to remove the
user/group on package purge (with the default being 'no').

Gabor

-- 
     ---------------------------------------------------------
     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences
     ---------------------------------------------------------

Reply to:

Follow-Ups:
- Re: Bits from the release team: the plans for etch
  - From: Olaf van der Spek <olafvdspek@gmail.com>
- Re: Bits from the release team: the plans for etch
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Bits from the release team: the plans for etch
  - From: Thomas Bushnell BSG <tb@becket.net>

References:
- Re: Bits from the release team: the plans for etch
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: Bits from the release team: the plans for etch
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Bits from the release team: the plans for etch
  - From: Steve Langasek <vorlon@debian.org>
- Re: Bits from the release team: the plans for etch
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Bits from the release team: the plans for etch
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Bits from the release team: the plans for etch
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Bits from the release team: the plans for etch
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Bits from the release team: the plans for etch
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Bits from the release team: the plans for etch
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Bits from the release team: the plans for etch
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

Prev by Date: Re: Dependencies of -dev packages
Next by Date: Re: Bits from the release team: the plans for etch
Previous by thread: Re: Bits from the release team: the plans for etch
Next by thread: Re: Bits from the release team: the plans for etch
Index(es):
- Date
- Thread