[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#621833: System users: removing them

On Sun, May 29, 2011 at 12:09:40PM -0500, Jonathan Nieder wrote:
> (culled cc list of a few people I know read -devel)
> Roger Leigh wrote:
> > Given the need to consider unlocking as well as locking, I'm not sure
> > it's worth adding special support to deluser: the typical logic used
> > to create the user will be insufficient to unlock, so it's no less
> > the effort to add an explict unlock/lock to the maintainer scripts,
> > dropping use of deluser entirely.
> The obvious question then would be whether it's worth adding special
> support to deluser *and* adduser, no?

We could add special behaviour to adduser to unlock the account
if it already exists when run in the postinst.  However, most
postinsts wrap the call to adduser with a check for whether the
account already exists, so it would not be called without an
update to every preinst employing this strategy.  It would also
alter the existing behaviour of adduser, which is to return nonzero
if the user already exists, which could cause breakage.

I dislike the fact that the behaviour of adduser and deluser would,
in effect, /not/ add or delete users as intended, which is rather
counter-intuitive.  Providing that we have consensus on a recommended
strategy for locking and unlocking accounts which can go into policy,
I think all we need are examples for how maintainer scripts are
expected to handle account creation and locking/unlocking.


  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.

Attachment: signature.asc
Description: Digital signature

Reply to: