[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Best practices on system users and groups



On 01/11/2005 To Debian-Devel wrote:
> the group deletion has currently a problem. From 6.5.1.3 'Removing system
> users':
> 
> # Remove system group if is a system group
> CREATEDGROUP=server_group
> if [ -r /etc/adduser.conf ] ; then
>   FIRST_USER_GID=`grep ^USERS_GID /etc/adduser.conf | cut -f2 -d '='`
> else
>   FIRST_USER_GID=1000
> fi
> if [ -n "$FIST_USER_GID" ] then
>   if GROUPGID=`getent group $CREATEDGROUP | cut -f 3 -d ':'`; then
>     if [ -n "$GROUPGID" ]; then
>       if [ "$FIST_USER_GID" -gt "$GROUPGID" ]; then
>         echo -n "Removing $CREATEDGROUP group.."
> 	delgroup --only-if-empty $CREATEDGROUP || true
> 	echo "..done"
>       fi
>     fi
>   fi
> fi
> 
> second, and more important, the default GID for the group 'users' is 100
> for adduser, so the check above will always fail. system groups created
> via 'addgroup --system' have GIDs between 100 and 199.
> in my eyes it would be more sane to check for FIRST_SYSTEM_GID instead
> of USERS_GID.

sorry, i mean LAST_SYSTEM_GID. best would be:

FIRST_SYSTEM_GID=`grep ^FIRST_SYSTEM_GID /etc/adduser.conf | cut -f2 -d '='`
LAST_SYSTEM_GID=`grep ^LAST_SYSTEM_GID /etc/adduser.conf | cut -f2 -d '='`
[...]
if [ "$LAST_SYSTEM_GID" -gt "$GROUPGID" ] && [ "$FIRST_SYSTEM_GID" -lt "$GROUPGID" ]; then
  [...]
fi

...
 jonas

Attachment: signature.asc
Description: Digital signature


Reply to: