Bug#621833: System users: removing them
Adding a copy to the bug report.
Everyone please Cc firstname.lastname@example.org if replying to this subhtread.
On la, 2011-04-09 at 10:14 +0100, Roger Leigh wrote:
> On Sat, Apr 09, 2011 at 09:44:28AM +0100, Lars Wirzenius wrote:
> > Package: debian-policy
> > Version: 126.96.36.199
> > thanks
> > Background for the policy list: see thread starting at
> > http://lists.debian.org/debian-devel/2011/03/msg01174.html
> > and continuing in April at
> > http://lists.debian.org/debian-devel/2011/04/msg00210.html
> > On ma, 2011-04-04 at 21:09 +0100, Lars Wirzenius wrote:
> > > > The current default is not to delete the user because packages don't
> > > > generally do so, surely ?
> > >
> > > I ran the attached script (same as the one I attached to my previous
> > > mail, to the bash thread) to unpack all amd64 sid/main binary packages,
> > > and then grepped for use of adduser or deluser in maintainer scripts:
> > >
> > > find pool -name postinst -o -name preinst -o -name postrm -o
> > > -name prerm | xargs grep adduser > adduser.list
> > >
> > > And the same, replacing adduser with deluser. The lists are a few tens
> > > of kilobytes in total, so I won't attach them to the mailing list, but
> > > I've put them on the web:
> > >
> > > http://files.liw.fi/temp/adduser.list
> > > http://files.liw.fi/temp/deluser.list
> > >
> > > There seem to be 106 maintainer scripts that mention deluser, in 103
> > > packages. (I did not manually verify that they're all actually calling
> > > deluser.)
> > >
> > > I think this would be a good point to have a discussion and set policy
> > > on how to deal with this. The policy manual seems to currently be silent
> > > about removing users created by the package at installation time.
> > >
> > > * We can decide that packages may not remove the accounts they
> > > create, ever. In that case, we should amend Policy to say this
> > > explicitly, do an MBF on the packages in the deluser.list above,
> > > and add a lintian warning against calling deluser in maintainer
> > > scripts.
> > Ian and Tollef and Scott Kitterman are against removal of system users,
> > and nobody (except, very mildly, me) is for their removal, so I guess
> > the consensus on -devel is clear: we should not remove system users,
> > ever, in maintainer scripts. If an admin wants to do it manually, that
> > is, of course, OK.
> > Thus, I propose to change 9.2.2 "UID and GID classes", the paragraph on
> > uids in the range 100-999, to add the following sentence to the end of
> > the paragraph:
> > Packages must not remove system users and groups they have
> > created.
> This does sound like a sensible addition. Will the packages be
> responsible for locking the accounts?
> I've always found the addition and removal of user accounts in
> maintainer scripts difficult, due to the huge difference in
> practice between packages, and the lack of detailed guidance on
> best practice. Would it be worth adding explicit examples of
> how to add system users and groups in Policy. Also, would it
> be worth adding support to debhelper or dpkg-maintscript-helper
> to do the user addition--it would unify the process so that
> packages won't have to reinvent the wheel, and make things
> much more simple and reliable.
Blog/wiki/website hosting with ikiwiki (free for free software):