Re: Bug#274229: System accounts with valid shells
On Fri, Nov 01, 2013 at 12:42:30PM -0700, Russ Allbery wrote:
> Colin Watson <email@example.com> writes:
> > However, there's an awkward problem blocking the change, namely #184979.
> > The last time I made any change to passwd.master or group.master that
> > caused update-passwd to prompt everyone to accept it was in December
> > 2004. Since then, the policy manual has been updated to say that all
> > packages must use debconf for prompting (albeit with an exception for
> > Essential and transitively-Essential packages, but only in that they may
> > have a fallback mechanism). base-passwd is not in compliance with this
> > policy and it will require an extensive rewrite of update-passwd.c to
> > make it so.
> Ah! Thank you. I hadn't realized this was the issue.
I've been terrible at communicating it, so no wonder :-)
> I assume that would mean that update-passwd would need to become a client
> of the libdebconfclient0 library?
That was my thought, yes. There are probably other ways to do it, but I
think pulling libdebconfclient0 into transitively-Essential is
reasonable at this point (given that it aligns with the long-term plans
for debconf), and is likely to be the simplest change.
> Phillip, given the above background, would you be willing to modify the
> libuuid package to use /bin/false or /usr/sbin/nologin instead of /bin/sh
> for the shell for the libuuid user? That package doesn't have the same
> issues that base-passwd has.
Right, no reason to couple these.
Colin Watson [firstname.lastname@example.org]