[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the release team: the plans for etch

>>>>> "Javier" == Javier Fernández-Sanguino Peña <jfs@computer.org> writes:

    >> Thus, in most cases, a single call to adduser is all that's
    >> needed to create a system user in postinst.
    Javier> I have yet to see a package that "just" calls
    Javier> adduser. Some remove the user (and fail to check if it was
    Javier> created by the postinst/preinst and not by the alocal
    Javier> admin), some set additional groups, setup its home
    Javier> directory (uneless defined with dpkg-statoverride
    Javier> already). I can provide you a script to show you all the
    Javier> postinst/preinst/postrm of packages that create a user on
    Javier> installation.  You can see for yourself.

If the code "just" calls adduser, this would seem to be a bug, as
adduser will exit with a warning if the user already exists (see
#264570). (If I am mistaken here with the precise details it is
because the man page has mislead me).

So either you have to redirect stderr to /dev/null (this could mask
serious errors too), or just to make sure the user doesn't exist first
(preferred IMHO).

My other opinion on this topic, I feel that purging a package should
remove the user and the home directory created (if any). This means if
you experiment with a package and decide not to use it, you are not
unexpectedly opening up any security holes (consider
$HOME/.ssh/authorized_keys), unexpectedly receiving mail for a system
user that isn't even used (consider $HOME/Maildir), or any number of
other unwanted things.

However, this has to be done carefully, or you end up doing the wrong
thing. e.g. deluser -r $USER, in the past, has been pure evil if the
home directory has been changed to "/"!
Brian May <bam@debian.org>

Reply to: