Bug#621833: System users: removing them

To: Roger Leigh <rleigh@codelibre.net>
Cc: 621833@bugs.debian.org
Subject: Bug#621833: System users: removing them
From: Steve Langasek <vorlon@debian.org>
Date: Sun, 10 Apr 2011 02:25:36 -0700
Message-id: <[🔎] 20110410092536.GA9331@virgil.dodds.net>
Reply-to: Steve Langasek <vorlon@debian.org>, 621833@bugs.debian.org
In-reply-to: <20110409091454.GK20813@codelibre.net>
References: <1301559813.11500.34.camel@havelock.liw.fi> <19860.32563.116133.70976@chiark.greenend.org.uk> <1301947774.2967.114.camel@havelock.liw.fi> <[🔎] 1302338668.2441.60.camel@havelock.liw.fi> <20110409091454.GK20813@codelibre.net>

On Sat, Apr 09, 2011 at 10:14:54AM +0100, Roger Leigh wrote:
> On Sat, Apr 09, 2011 at 09:44:28AM +0100, Lars Wirzenius wrote:
> > Thus, I propose to change 9.2.2 "UID and GID classes", the paragraph on
> > uids in the range 100-999, to add the following sentence to the end of
> > the paragraph:

> >         Packages must not remove system users and groups they have
> >         created.

> This does sound like a sensible addition.  Will the packages be
> responsible for locking the accounts?

I agree that the accounts should not be deleted, but that the packages
should still be responsible for certain forms of cleanup:

 - removing the user home directory (on purge?)
 - locking the account
 - (optional) scanning the filesystem to clean up any other files owned by
   the user

This is the good kind of cleanup to do.  Deleting the account entirely is
the bad kind of cleanup, because you can never guarantee that you've gotten
*all* the files belonging to that user/group, thanks to removable media; so
if the UID is reused, some other account gets access to files it wasn't
meant to.

> I've always found the addition and removal of user accounts in
> maintainer scripts difficult, due to the huge difference in
> practice between packages, and the lack of detailed guidance on
> best practice.  Would it be worth adding explicit examples of
> how to add system users and groups in Policy.  Also, would it
> be worth adding support to debhelper or dpkg-maintscript-helper
> to do the user addition--it would unify the process so that
> packages won't have to reinvent the wheel, and make things
> much more simple and reliable.

I don't think dpkg-maintscript-helper is the right layer of abstraction for
something like this; we already have an imperative interface for account
creation/deletion, which is adduser/deluser, and if that interface isn't
sufficiently straightforward we should remedy that directly.

I'm not sure if debhelper can help here.  I guess we would need a new config
file (debian/users?), but I'm not sure it could be done with a very
debhelper-like syntax.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#621833: System users: removing them
  - From: sean finney <seanius@seanius.net>

References:
- Bug#621833: System users: removing them
  - From: Lars Wirzenius <liw@liw.fi>

Prev by Date: Processed: Re: Bug#609160: debian-policy: include DEP5
Next by Date: Bug#621833: System users: removing them
Previous by thread: Bug#621833: System users: removing them
Next by thread: Bug#621833: System users: removing them
Index(es):
- Date
- Thread