Package: debian-policy Version: 3.9.2.0 thanks
Background for the policy list: see thread starting at http://lists.debian.org/debian-devel/2011/03/msg01174.html and continuing in April at http://lists.debian.org/debian-devel/2011/04/msg00210.html On ma, 2011-04-04 at 21:09 +0100, Lars Wirzenius wrote: > > The current default is not to delete the user because packages don't > > generally do so, surely ? > > I ran the attached script (same as the one I attached to my previous > mail, to the bash thread) to unpack all amd64 sid/main binary packages, > and then grepped for use of adduser or deluser in maintainer scripts: > > find pool -name postinst -o -name preinst -o -name postrm -o > -name prerm | xargs grep adduser > adduser.list > > And the same, replacing adduser with deluser. The lists are a few tens > of kilobytes in total, so I won't attach them to the mailing list, but > I've put them on the web: > > http://files.liw.fi/temp/adduser.list > http://files.liw.fi/temp/deluser.list > > There seem to be 106 maintainer scripts that mention deluser, in 103 > packages. (I did not manually verify that they're all actually calling > deluser.) > > I think this would be a good point to have a discussion and set policy > on how to deal with this. The policy manual seems to currently be silent > about removing users created by the package at installation time. > > * We can decide that packages may not remove the accounts they > create, ever. In that case, we should amend Policy to say this > explicitly, do an MBF on the packages in the deluser.list above, > and add a lintian warning against calling deluser in maintainer > scripts. Ian and Tollef and Scott Kitterman are against removal of system users, and nobody (except, very mildly, me) is for their removal, so I guess the consensus on -devel is clear: we should not remove system users, ever, in maintainer scripts. If an admin wants to do it manually, that is, of course, OK. Thus, I propose to change 9.2.2 "UID and GID classes", the paragraph on uids in the range 100-999, to add the following sentence to the end of the paragraph: Packages must not remove system users and groups they have created. Not sure if a mass bug filing is warranted if this policy change is accepted, but definitely a lintian check would be in order (I'm happy to write it). -- Blog/wiki/website hosting with ikiwiki (free for free software): http://www.branchable.com/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
