Re: Bug#621833: System users: removing them

To: Roger Leigh <rleigh@codelibre.net>, 621833@bugs.debian.org
Cc: Jonathan Nieder <jrnieder@gmail.com>, sean finney <seanius@seanius.net>, debian-devel@lists.debian.org
Subject: Re: Bug#621833: System users: removing them
From: Marc Haber <mh+debian-packages@zugschlus.de>
Date: Mon, 30 May 2011 10:47:08 +0200
Message-id: <[🔎] 20110530084708.GC27807@torres.zugschlus.de>
In-reply-to: <[🔎] 20110529193221.GY6333@codelibre.net>
References: <1301947774.2967.114.camel@havelock.liw.fi> <1302338668.2441.60.camel@havelock.liw.fi> <19874.64686.98445.806467@chiark.greenend.org.uk> <1302630070.29407.16.camel@havelock.liw.fi> <20110412193147.GA15850@cobija.connexer.com> <[🔎] 20110501074903.GC11712@virgil.dodds.net> <[🔎] 19901.26824.984819.316632@chiark.greenend.org.uk> <[🔎] 20110529110430.GA31128@codelibre.net> <[🔎] 20110529170940.GA6574@elie> <[🔎] 20110529193221.GY6333@codelibre.net>

On Sun, May 29, 2011 at 08:32:21PM +0100, Roger Leigh wrote:
> We could add special behaviour to adduser to unlock the account
> if it already exists when run in the postinst.

Yes.

>   However, most postinsts wrap the call to adduser with a check for
>   whether the account already exists,

Which would be a bug in the maintainer scripts.

> I dislike the fact that the behaviour of adduser and deluser would,
> in effect, /not/ add or delete users as intended, which is rather
> counter-intuitive.

adduser --system is designed (and, IIRC, documented) to have the
effect of "after the call to adduser --system, the account will exist
and is useable. The only case when adduser --system really errors out
is when the account already exists but is not a system account."

>   Providing that we have consensus on a recommended strategy for
>   locking and unlocking accounts which can go into policy, I think all
>   we need are examples for how maintainer scripts are expected to
>   handle account creation and locking/unlocking.

The would be rather easy. Account creation/unlocking would happen with
an unwrapped call to adduser --system, account locking with a call to
the appropriate back-end command, or we could add an lockuser command
to the adduser package. I think, the latter would be preferable since
we would then be able to add sugar to the locking process. A wishlist
bug against adduser is in order.

Greetings
Marc, with a rather worn and dusty adduser hat on

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

Reply to:

Follow-Ups:
- Re: Bug#621833: System users: removing them
  - From: Jan Hauke Rahm <jhr@debian.org>

References:
- Re: Bug#621833: System users: removing them
  - From: Steve Langasek <vorlon@debian.org>
- Re: Bug#621833: System users: removing them
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Bug#621833: System users: removing them
  - From: Roger Leigh <rleigh@codelibre.net>
- Re: System users: removing them
  - From: Jonathan Nieder <jrnieder@gmail.com>
- Re: Bug#621833: System users: removing them
  - From: Roger Leigh <rleigh@codelibre.net>

Prev by Date: Re: Bug#621833: System users: removing them
Next by Date: Re: Bug#621833: System users: removing them
Previous by thread: Re: Bug#621833: System users: removing them
Next by thread: Re: Bug#621833: System users: removing them
Index(es):
- Date
- Thread