[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#621833: System users: removing them

On Sun, May 29, 2011 at 08:32:21PM +0100, Roger Leigh wrote:
> We could add special behaviour to adduser to unlock the account
> if it already exists when run in the postinst.


>   However, most postinsts wrap the call to adduser with a check for
>   whether the account already exists,

Which would be a bug in the maintainer scripts.

> I dislike the fact that the behaviour of adduser and deluser would,
> in effect, /not/ add or delete users as intended, which is rather
> counter-intuitive.

adduser --system is designed (and, IIRC, documented) to have the
effect of "after the call to adduser --system, the account will exist
and is useable. The only case when adduser --system really errors out
is when the account already exists but is not a system account."

>   Providing that we have consensus on a recommended strategy for
>   locking and unlocking accounts which can go into policy, I think all
>   we need are examples for how maintainer scripts are expected to
>   handle account creation and locking/unlocking.

The would be rather easy. Account creation/unlocking would happen with
an unwrapped call to adduser --system, account locking with a call to
the appropriate back-end command, or we could add an lockuser command
to the adduser package. I think, the latter would be preferable since
we would then be able to add sugar to the locking process. A wishlist
bug against adduser is in order.

Marc, with a rather worn and dusty adduser hat on

Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

Reply to: