automatic adduser/addgroup in postinst (was Re: fingerd)
On Fri, 3 May 1996, Guy Maor wrote:
> On Fri, 3 May 1996, Jason Eggleston wrote:
> > For those following this thread, someone else has been helping
> > me off the list and figured out I didn't have a 'nobody' in my
> > /etc/passwd file.
> The problem was that nobody had a shell of /dev/null (check this in
> your /etc/passwd to see if that's your problem). You can upgrade to
> a newer base and recreate your system's users or use vipw to cut and
> paste the /etc/passwd's.
> At the moment there is no way for base to upgrade the system user part
> of /etc/passwd only.
Maybe what we need instead of /etc/passwd and /etc/group in the base
package is a program for use by postinst scripts which automatically
creates new accounts and groups if they don't already exist.
Lets say, for example, that the scripts are called /sbin/adduser.debian
The base package would contain the files "passwd.db" and "group.db" (in
standard /etc/passwd and /etc/group file format) INSTEAD of /etc/passwd
and /etc/group. These database would contain all standard debian user
accounts and groups.
The postinst for base would loop through these database files, creating
new users & groups as required.
adduser.debian is called once for each line in these databases.
- if the username already exists, then nothing else is done (or perhaps
a check to maked sure that uid & gid match...warn if they're different)
- if the username doesn't exist, then it is created. The specified uid is
just the preferred uid. If it is already in use, then another uid
is randomly (?) selected. This needs some very careful thought to get it
right. Maybe there should be a range of reserved uids which should
only be allocated by the base package maintainer (BPM)?
If so, this should be documented!
Perhaps uids 0-499 & 65535 should be allocated by the BPM, and uids
500-999 are available for debian developers to use and experiment
with until they get an official uid allocated by the BPM. uids >=1000
and < 65535 are available for user accounts.
I repeat "this should be documented!!!!". Documented so well that
only the terminally brain-dead could avoid knowing it.
anyone know if diff is versatile enough to do what's needed here? or
should we write a sh/sed/perl/awk/whatever script to do it? it
wouldn't be very difficult program to write, but there's no sense in
reinventing the wheel if an existing tool can do the job.
addgroup.debian would do somthing similar for the /etc/group file.
If this is done and documented, then developers of new packages that
require a special uid or gid can:
1. apply to the BPM for a uid, who allocates one and adds it to the
database mentioned above... The BPM then emails the developer
informing him/her of the allocated uid or gid.
Ditto for gids.
2. modify any ownerships, groups, etc of their package and package
source if required.
3. modify or create their package's postinst script to call
adduser.debian or addgroup.debian as required.
This way, when a user installs the package if the uid or gid doesn't
exist, then their system is seamlessly updated. If they do already
exist then no damage is done.
4. edit /etc/passwd and /etc/group on their own system to bring it into
line with the debian standard.
also, execute "find / -uid <olduid> | xargs chown <newuid>" to make sure
everything is owned correctly. And a similar "find ..." for gid as well.