[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: System users: removing them

On Sat, Apr 09, 2011 at 09:44:28AM +0100, Lars Wirzenius wrote:
> Package: debian-policy
> Version:
> thanks
> Background for the policy list: see thread starting at
> http://lists.debian.org/debian-devel/2011/03/msg01174.html
> and continuing in April at
> http://lists.debian.org/debian-devel/2011/04/msg00210.html
> On ma, 2011-04-04 at 21:09 +0100, Lars Wirzenius wrote:
> > > The current default is not to delete the user because packages don't
> > > generally do so, surely ?
> > 
> > I ran the attached script (same as the one I attached to my previous
> > mail, to the bash thread) to unpack all amd64 sid/main binary packages,
> > and then grepped for use of adduser or deluser in maintainer scripts:
> > 
> >         find pool -name postinst -o -name preinst -o -name postrm -o
> >         -name prerm | xargs grep adduser > adduser.list
> >         
> > And the same, replacing adduser with deluser. The lists are a few tens
> > of kilobytes in total, so I won't attach them to the mailing list, but
> > I've put them on the web:
> > 
> > http://files.liw.fi/temp/adduser.list
> > http://files.liw.fi/temp/deluser.list
> > 
> > There seem to be 106 maintainer scripts that mention deluser, in 103
> > packages. (I did not manually verify that they're all actually calling
> > deluser.)
> > 
> > I think this would be a good point to have a discussion and set policy
> > on how to deal with this. The policy manual seems to currently be silent
> > about removing users created by the package at installation time.
> > 
> >       * We can decide that packages may not remove the accounts they
> >         create, ever. In that case, we should amend Policy to say this
> >         explicitly, do an MBF on the packages in the deluser.list above,
> >         and add a lintian warning against calling deluser in maintainer
> >         scripts.
> Ian and Tollef and Scott Kitterman are against removal of system users,
> and nobody (except, very mildly, me) is for their removal, so I guess
> the consensus on -devel is clear: we should not remove system users,
> ever, in maintainer scripts. If an admin wants to do it manually, that
> is, of course, OK.
> Thus, I propose to change 9.2.2 "UID and GID classes", the paragraph on
> uids in the range 100-999, to add the following sentence to the end of
> the paragraph:
>         Packages must not remove system users and groups they have
>         created.

This does sound like a sensible addition.  Will the packages be
responsible for locking the accounts?

I've always found the addition and removal of user accounts in
maintainer scripts difficult, due to the huge difference in
practice between packages, and the lack of detailed guidance on
best practice.  Would it be worth adding explicit examples of
how to add system users and groups in Policy.  Also, would it
be worth adding support to debhelper or dpkg-maintscript-helper
to do the user addition--it would unify the process so that
packages won't have to reinvent the wheel, and make things
much more simple and reliable.


  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.

Attachment: signature.asc
Description: Digital signature

Reply to: