On Tue, Nov 01, 2005 at 12:14:58PM +0100, Jonas Meurer wrote: > On 31/10/2005 Javier Fernández-Sanguino Peña wrote: > > After the feedback of the recent d-d thread, I've adapted the section I wrote > > on the best practices related to system users and groups, it is currently > > available at: > > http://www.debian.org/doc/manuals/developers-reference/ch-best-pkging-practices.en.html#s-bpp-lower-privs > > the group deletion has currently a problem. From 6.5.1.3 'Removing system > users': (...) > > first, the 'if [ -n "$FIST_USER_GID" ] then' should better be > 'if [ -n "$FIRST_USER_GID"]; then' (two small typos). Fixed in CVS. Actually, the $FIST typo was in other places as well. > second, and more important, the default GID for the group 'users' is 100 > for adduser, so the check above will always fail. system groups created > via 'addgroup --system' have GIDs between 100 and 199. Hmm.. You are right. That's not properly documented, I assumed USERS_GID was not used for system users but it is. > in my eyes it would be more sane to check for FIRST_SYSTEM_GID instead > of USERS_GID. There was no FIRST_SYSTEM_GID in my adduser.conf file (probably because of an upgrade, when was this one introduced?), and it's not documented in the manpage so I missed it. of my adduser.conf file). I've changed the code in CVS to use both FIRST_SYSTEM_GID and LAST_SYSTEM_GID (and to define them if not present) and adjusted the delgroup code to make it similar to the deluser code. Thanks for the comments Javier
Attachment:
signature.asc
Description: Digital signature