Re: Bits from the release team: the plans for etch
>>>>> "Javier" == Javier Fernández-Sanguino Peña <firstname.lastname@example.org> writes:
>> Thus, in most cases, a single call to adduser is all that's
>> needed to create a system user in postinst.
Javier> I have yet to see a package that "just" calls
Javier> adduser. Some remove the user (and fail to check if it was
Javier> created by the postinst/preinst and not by the alocal
Javier> admin), some set additional groups, setup its home
Javier> directory (uneless defined with dpkg-statoverride
Javier> already). I can provide you a script to show you all the
Javier> postinst/preinst/postrm of packages that create a user on
Javier> installation. You can see for yourself.
If the code "just" calls adduser, this would seem to be a bug, as
adduser will exit with a warning if the user already exists (see
#264570). (If I am mistaken here with the precise details it is
because the man page has mislead me).
So either you have to redirect stderr to /dev/null (this could mask
serious errors too), or just to make sure the user doesn't exist first
My other opinion on this topic, I feel that purging a package should
remove the user and the home directory created (if any). This means if
you experiment with a package and decide not to use it, you are not
unexpectedly opening up any security holes (consider
$HOME/.ssh/authorized_keys), unexpectedly receiving mail for a system
user that isn't even used (consider $HOME/Maildir), or any number of
other unwanted things.
However, this has to be done carefully, or you end up doing the wrong
thing. e.g. deluser -r $USER, in the past, has been pure evil if the
home directory has been changed to "/"!
Brian May <email@example.com>