Bug#621833: locking system users on package removal

[Roger Leigh <rleigh@codelibre.net>]

On Sat, Jun 30, 2012 at 02:12:45PM +0100, Simon McVittie wrote:
> On 30/06/12 13:24, Stephan Springl wrote (on Bug #679642):
> > quake-server does neither install nor purge properly on systems
> > without shadow password because usermod gives an error for its
> > e option in this case.
> 
> I took this use of usermod from the discussion on debian-devel regarding
> Policy bug #621833 (where it was originally suggested by Roger Leigh),
> so this potentially affects quite a few packages.
> 
> Stephan's proposed patch (below) makes me think we really need a script
> (or dpkg-maintscript-helper subcommand) that locks and unlocks system
> users, in which we can make changes like this once and have them affect
> every relevant package, rather than individually patching every
> maintainer script.
> 
> Roger: does the change below look appropriate?
> 
> [in the preinst]
> > -    usermod -U -e '' quake-server
> > +    if [ -f /etc/shadow ]; then
> > +      usermod -U -e '' quake-server
> > +    else
> > +      usermod -U quake-server
> > +    fi
> [in the postrm]
> >      # Lock account on purge
> > -    usermod -L -e 1 quake-server
> > +    if [ -f /etc/shadow ]; then
> > +        usermod -L -e 1 quake-server
> > +    else
> > +        usermod -L quake-server
> > +    fi

It looks sane to me.  Having a dh_ command or some other dpkg
maintscript helper shell function to do this automatically would
IMO be a very nice improvement.


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux    http://people.debian.org/~rleigh/
 `. `'   schroot and sbuild  http://alioth.debian.org/projects/buildd-tools
   `-    GPG Public Key      F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800