[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Best practices on system users and groups



On Tue, Nov 01, 2005 at 11:14:59AM +0200, Lars Wirzenius wrote:
> ma, 2005-10-31 kello 22:03 +0100, Javier Fernández-Sanguino Peña
> kirjoitti:
> > After the feedback of the recent d-d thread, I've adapted the section I wrote
> > on the best practices related to system users and groups, it is currently
> > available at:
> > http://www.debian.org/doc/manuals/developers-reference/ch-best-pkging-practices.en.html#s-bpp-lower-privs
> > 
> > I would like developers to review and provide feedback for that section,
> > specially in form of patches. I'm considering doing a bug hunt for:
> 
> DON'T do this:
> 
> 	addgroup --quiet --system $SERVER_GROUP 2>/dev/null ||true
> 
> When (not if!) addgroup fails, the poor system administrator gets no
> indication of it. This is a bug, and a pretty bad one. 

FWIW, that's partially based on what some package's postinst do (exim4-base, fetchmail,
ntp-simple, and proftp, for example). I've fixed the sample code to not 
redirect error messages (that probably should have been a '>/dev/null' and 
removed the '|| true' too.

> If adduser isn't quiet enough with --quiet, then fix that, don't hide
> real errors. Remove both the redirect and the "|| true".

Done in CVS.

Javier

Attachment: signature.asc
Description: Digital signature


Reply to: