Re: Create user during installation

To: debian-mentors@lists.debian.org
Cc: Debian-Mentors <debian-mentors@lists.debian.org>
Subject: Re: Create user during installation
From: Shachar Shemesh <debian@shemesh.biz>
Date: Fri, 01 Apr 2005 10:32:15 +0300
Message-id: <[🔎] 424CF8FF.9060202@shemesh.biz>
In-reply-to: <1112301522.2087.6.camel@mother.subnetz.org>
References: <424C5B0D.5060702@shemesh.biz> <1112301522.2087.6.camel@mother.subnetz.org>

Tilman Koschnick wrote:

On Thu, 2005-03-31 at 22:18 +0200, Shachar Shemesh wrote:
Hi all,
This question is about a package that will likely not make it intoDebian (too specific). I even suspect this has some relevance.
I would like to install a package that creates it's own special user andgroup during installation. I have utterly and totally failed to find aready made package that does that, with the sole exception of qmail-src(from non-free) that creates them in the 655xx area. Not exactly what Iwould like to do.
How do I create said user and group? How do I tell between useradd oradduser failing due to user already existing, and other unrelatedreasons? Do I at all need to care about that?
Hi,

grep for 'adduser' in /var/lib/dpkg/info/*postinst to see some examples.
You can use getent(1) to check for the existence of a user.

Here is what I do (package gpsd):

postinst:
|        # create user gpsd
|        getent passwd gpsd > /dev/null || \
|                adduser --system \
|                        --home "/nonexistent" --no-create-home \
|                        --disabled-password --ingroup dialout \
|                        --gecos "GPS daemon user" gpsd

postrm:
| if [ "x$1" = "xpurge" ] ; then
|         getent passwd gpsd > /dev/null && deluser gpsd
| fi

Cheers, Til

Ok, I'll explain a bit on what I'm trying to do.

I have a web application which needs to perform actual tasks in thesystem. These tasks do not require root access, and so I would muchrather not give it root access. I would also prefer not to give itaccess to everything that runs under the web server.

The solution was to put up a helper program that asks for password andperforms the actual operations. This program would be suid to a new userin the system dedicated to that task.

Now here's the thing I'm trying to figure out. I need to create severalfiles owned by this new user I'm creating, with one of them actuallysuid. In addition, I need to set the group of the suid file according towhatever group whichever process that runs my web server is running as.

One way to do it would be to perform all permissions change in thepostinst. I know that this is what ssh does with ssh-agent. Anotherpackage I looked at was qmail. It stores the file qmail-queue with fullpermissions inside the package, but it creates the users inqmail.preinst, and hardcodes the uids into it. I guess this is not anoption.

Now it may very well be that creating the file ownership and permissionat postinst is the only way. If that's the case, I'll just do it. I justwanted to make sure.


            Shachar

--
Shachar Shemesh
Lingnu Open Source Consulting ltd.
Have you backed up today's work? http://www.lingnu.com/backup.html

Reply to:

Next by Date: Re: what's a sponsor ?
Next by thread: Re: Create user during installation
Index(es):
- Date
- Thread