[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#274229: System accounts with valid shells

On Fri, Nov 01, 2013 at 12:42:30PM -0700, Russ Allbery wrote:
> Colin Watson <cjwatson@debian.org> writes:
> > However, there's an awkward problem blocking the change, namely #184979.
> > The last time I made any change to passwd.master or group.master that
> > caused update-passwd to prompt everyone to accept it was in December
> > 2004.  Since then, the policy manual has been updated to say that all
> > packages must use debconf for prompting (albeit with an exception for
> > Essential and transitively-Essential packages, but only in that they may
> > have a fallback mechanism).  base-passwd is not in compliance with this
> > policy and it will require an extensive rewrite of update-passwd.c to
> > make it so.
> Ah!  Thank you.  I hadn't realized this was the issue.

I've been terrible at communicating it, so no wonder :-)

> I assume that would mean that update-passwd would need to become a client
> of the libdebconfclient0 library?

That was my thought, yes.  There are probably other ways to do it, but I
think pulling libdebconfclient0 into transitively-Essential is
reasonable at this point (given that it aligns with the long-term plans
for debconf), and is likely to be the simplest change.

> Phillip, given the above background, would you be willing to modify the
> libuuid package to use /bin/false or /usr/sbin/nologin instead of /bin/sh
> for the shell for the libuuid user?  That package doesn't have the same
> issues that base-passwd has.

Right, no reason to couple these.

Colin Watson                                       [cjwatson@debian.org]

Reply to: