Bug#621833: System user handling in packages: status of discussion

To: Lars Wirzenius <liw@liw.fi>, 621833@bugs.debian.org, 621833-submitter@bugs.debian.org
Subject: Bug#621833: System user handling in packages: status of discussion
From: Marc Haber <mh+debian-packages@zugschlus.de>
Date: Sun, 1 Jul 2012 12:00:25 +0200
Message-id: <[🔎] 20120701100025.GD7924@torres.zugschlus.de>
Reply-to: Marc Haber <mh+debian-packages@zugschlus.de>, 621833@bugs.debian.org
In-reply-to: <20110610091220.GA3071@havelock.liw.fi>
References: <20110610091220.GA3071@havelock.liw.fi>

On Fri, Jun 10, 2011 at 10:12:20AM +0100, Lars Wirzenius wrote:
> * To create an user, a maintainer script should call
>   "adduser --system foo". It is not necessary to wrap this in
>   a check for whether the user exists.

It would be a bug to do so. Add --quiet to the adduser call if you
don't want to show the resulting warning to your users, but I'd
recommend to leave the warning active.

> * When the package is removed, the user should be locked:
>   "lockuser foo".
> * lockuser is a still-hypothetical tool, which needs to be added
>   to the adduser package. It is a wrapper around "usermod -L -e 1 foo".
> * Similarly, adduser needs to be changed to unlock:
>   "usermod -U -e '' foo".

Why not extending deluser to not delete the user if it is a system
account?

> Unclear to me are the following two points:
> 
> * Should packages also remove the contents of the system account's
>   home directory?

No, the local admin might have put important additional data in there.
It may be an idea to remove all files that the _package_ has put
there, but that would be a _significant_ burden IMO.

>  Should this be done upon package remove or purge?

Purge, of course. When you remove and reinstall, you should be exactly
where you were before.

> * Is there consensus that adduser should get a --local option,
>   and if so, what should its semantics be, and should packages
>   start using it now? Or can this wait until there's an actual
>   need for --local, so that the precise semantics can be defined?
>   There's a fairly few packages that create users, so we should
>   be able to deal with them fairly easily later.

Actually --system was meant for that.

Greetings
Marc, who has for quite some time taken care of adduser but has lost
touch to the package recently

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062

Reply to:

Follow-Ups:
- Bug#621833: System user handling in packages: status of discussion
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Bug#621833: What about userdel?
Next by Date: Bug#621833: System user handling in packages: status of discussion
Previous by thread: Bug#621833: What about userdel?
Next by thread: Bug#621833: System user handling in packages: status of discussion
Index(es):
- Date
- Thread