[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Best practices on system users and groups



On Tue, Nov 01, 2005 at 12:14:58PM +0100, Jonas Meurer wrote:
> On 31/10/2005 Javier Fernández-Sanguino Peña wrote:
> > After the feedback of the recent d-d thread, I've adapted the section I wrote
> > on the best practices related to system users and groups, it is currently
> > available at:
> > http://www.debian.org/doc/manuals/developers-reference/ch-best-pkging-practices.en.html#s-bpp-lower-privs
> 
> the group deletion has currently a problem. From 6.5.1.3 'Removing system
> users':

(...)

> 
> first, the 'if [ -n "$FIST_USER_GID" ] then' should better be
> 'if [ -n "$FIRST_USER_GID"]; then' (two small typos).

Fixed in CVS. Actually, the $FIST typo was in other places as well.

> second, and more important, the default GID for the group 'users' is 100
> for adduser, so the check above will always fail. system groups created
> via 'addgroup --system' have GIDs between 100 and 199.

Hmm.. You are right. That's not properly documented, I assumed USERS_GID was
not used for system users but it is.

> in my eyes it would be more sane to check for FIRST_SYSTEM_GID instead
> of USERS_GID.

There was no FIRST_SYSTEM_GID in my adduser.conf file (probably because of an
upgrade, when was this one introduced?), and it's not documented in the
manpage so I missed it.  of my adduser.conf file). I've changed the code
in CVS to use both FIRST_SYSTEM_GID and LAST_SYSTEM_GID (and to define them
if not present) and adjusted the delgroup code to make it similar to the
deluser code.

Thanks for the comments

Javier

Attachment: signature.asc
Description: Digital signature


Reply to: