Re: Bug#969631: can base-passwd provide the user _apt?

To: Colin Watson <cjwatson@debian.org>
Cc: Johannes Schauer Marin Rodrigues <josch@debian.org>, 969631@bugs.debian.org, deity@lists.debian.org, debian-devel@lists.debian.org
Subject: Re: Bug#969631: can base-passwd provide the user _apt?
From: Russ Allbery <rra@debian.org>
Date: Sun, 29 Aug 2021 11:31:05 -0700
Message-id: <[🔎] 874kb885na.fsf@hope.eyrie.org>
In-reply-to: <[🔎] YSvJv1mqXvUZWgYr@riva.ucam.org> (Colin Watson's message of "Sun, 29 Aug 2021 18:54:07 +0100")
References: <20200906074826.GA5168@alf.mars> <20200906074826.GA5168@alf.mars> <162987807541.1840.17399477371043520253@localhost> <20200906074826.GA5168@alf.mars> <[🔎] YSvJv1mqXvUZWgYr@riva.ucam.org>

Colin Watson <cjwatson@debian.org> writes:

> I think it's an interesting idea and worth pursuing, but on the face of
> it it seems that this would end up violating policy 9.2.2:

>   "Globally allocated by the Debian project, the same on every Debian
>   system."

> ... because the UID of the _apt user in fact wouldn't be the same on
> every Debian system, and I can imagine that this might cause trouble
> somewhere.

My first reaction is that from a strictly Policy perspective you may be
reading that requirement too strictly.  I would read that as a statement
of intention, not a requirement: the intent is for this UID to be the same
on every Debian system, but this may not be the case in practice due to
upgrades.  (Which seems obviously true or we could never add a new user.)

That said, it does feel weird to switch to this sort of static allocation
and not have a migration strategy for existing systems and leave them on
an old UID.  I know that it's not an explicit design goal of the project,
but I like the idea that continuously upgraded systems will converge on
the state that they would get if they were newly-installed, and that seems
valuable for long-term upgrade support.

My intuition is also that the case where a UID change will cause problems,
namely:

>   I'm mostly just worried about users using file:/ or copy:/ methods
>   and having given _apt access to them, they'd break.

is relatively rare (but maybe I'm wrong about this?), so I'm not sure that
it outweighs the simplicity advantages of converging on the same UID in
the long run.

>   I think it'd be best if we don't change existing _apt users, but only
>   dealt with new systems for now. I mean we could prompt users about
>   changing the uid

This is certainly a gentler migration, but I think the prompt or providing
some simple migration path would be valuable so that, in the long run,
people can converge their systems to the new configuration.  Maybe a
compromise would be to make the prompt have a fairly low urgency level?
We could then tell people in the release notes that if they're not using
_apt in some special way, they can dpkg-reconfigure base-passwd and let it
migrate the UID.

> Of course, another approach to the overall problem might be declarative
> user creation in dpkg, e.g. #685734 and
> https://wiki.debian.org/Teams/Dpkg/Spec/SysUser.  But that's clearly a
> lot of work, and this change wouldn't preclude it.

This does seem like clearly the right solution in the long run for all
problems of this sort, though.  I wouldn't want to add many statically
allocated UIDs.  (But if anything qualifies for one, _apt is a reasonable
candidate.)

-- 
Russ Allbery (rra@debian.org)              <https://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: Bug#969631: can base-passwd provide the user _apt?
  - From: Colin Watson <cjwatson@debian.org>

References:
- Re: Bug#969631: can base-passwd provide the user _apt?
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Re: Bug#969631: can base-passwd provide the user _apt?
Next by Date: Re: Bug#969631: can base-passwd provide the user _apt?
Previous by thread: Re: Bug#969631: can base-passwd provide the user _apt?
Next by thread: Re: Bug#969631: can base-passwd provide the user _apt?
Index(es):
- Date
- Thread