[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#969631: can base-passwd provide the user _apt?

[For debian-devel readers; the original stated motivation for this bug
was being able to trim down the de-facto-essential set by removing
adduser from it.]

On Wed, Aug 25, 2021 at 09:54:35AM +0200, Johannes Schauer Marin Rodrigues wrote:
> Quoting Helmut Grohne (2020-09-06 09:48:26)
> > Another benefit of this change (if a static uid is allocated) is that we
> > improve reproducible installations where currently uids may depend on
> > configuration order.
> 
> I'm very interested in having this bug fixed because of the reason above.
> 
> And there is yet another use-case that would be solved by the _apt user being
> shipped by base-passwd: since apt would no longer require adduser, we would
> automatically get DPKG_ROOT support for Essential:yes packages plus apt.
> 
> What do we need to implement this change? I observed that when I apply this
> patch to base-passwd:
> 
> diff -Nru base-passwd-3.5.51/passwd.master base-passwd-3.5.51+nmu1/passwd.master
> --- base-passwd-3.5.51/passwd.master   2021-07-10 13:57:43.000000000 +0200
> +++ base-passwd-3.5.51+nmu1/passwd.master      2021-08-24 20:08:52.000000000 +0200
> @@ -15,4 +15,5 @@
>  list:*:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
>  irc:*:39:39:ircd:/run/ircd:/usr/sbin/nologin
>  gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
> +_apt:*42:42::/nonexistent:/usr/sbin/nologin
>  nobody:*:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
> 
> Then not only will the _apt user be created as expected, but I also observed
> that when upgrading base-passwd on a system with an existing _apt user with uid
> 100 from basepasswd 3.5.51 to my patched 3.5.51+nmu1, the uid of the _apt user
> remained the same as it should.

I think it's an interesting idea and worth pursuing, but on the face of
it it seems that this would end up violating policy 9.2.2:

  "Globally allocated by the Debian project, the same on every Debian
  system."

... because the UID of the _apt user in fact wouldn't be the same on
every Debian system, and I can imagine that this might cause trouble
somewhere.

Is this a serious enough problem to be worth fixing?  I'm not sure, so
CCing debian-devel for wider discussion.  Julian's point earlier in the
bug thread was:

  I'm mostly just worried about users using file:/ or copy:/ methods
  and having given _apt access to them, they'd break.
  
  I think it'd be best if we don't change existing _apt users, but only
  dealt with new systems for now. I mean we could prompt users about
  changing the uid

I can see the issue there.  Adding another prompt that every Debian user
will need to consider on upgrade to the next release is pretty
undesirable, though - I actively try to avoid that in base-passwd
changes.  So maybe the policy violation, i.e. ending up with an
inconsistent _apt UID on upgraded systems, is in fact the better option?

Of course, another approach to the overall problem might be declarative
user creation in dpkg, e.g. #685734 and
https://wiki.debian.org/Teams/Dpkg/Spec/SysUser.  But that's clearly a
lot of work, and this change wouldn't preclude it.

-- 
Colin Watson (he/him)                              [cjwatson@debian.org]
Reply to: