We have some packages that require a dedicated user to be created, and
calling "adduser --system" in postinst does that. However, it is not
always clear whether such users should be removed when the package is
removed.
* The user might be administered centrally, via LDAP. (So postinst
never actually created it, and thus postrm shouldn't remove it.)
* There might be files owned by the user that the package does not
know about.
* There might be other site policies about this.
The easy solution for this would be to never remove the user, but that's
also not so clear.
* Extra accounts are just wasteful, and may cause some confusion.
* There is a tiny risk of having unused accounts on the system.
(We have tens of them anyway, but still.)
Most hosts, however, can safely remove the system user when the package
is removed, if the user is to be removed at all. There may be cases
where a package's system user should not be removed, because some files
that belong to it will not be removed, such as a Usenet spool.
I propose the following:
* We patch deluser to check for a boolean DELETE_SYSTEM_USERS
setting in /etc/adduser.conf. If set to false, it does not
remove the user. Default the setting to true, since that is
status quo and works for most hosts and sites. Maybe also add a
--force option to override the config file setting?
* Review all packages and their use of adduser/deluser. Make sure
that they don't have unnecessary scaffolding ("if ! getenet
passwd ..."), since it's unnecessary, and also not needed. Make
sure they have the appropriate call to deluser in postrm. Add a
versioned dependency to packages to make sure they depend on a
version of adduser that implements DELETE_SYSTEM_USERS.
Would this be a good thing to do? Comments? Problems I've forgotten
about?
Would a debhelper tool to create/remove system users be useful? I
suspect there's only relatively few packages that do that, so perhaps
not.
I earlier blogged about an "addsysuser" tool[0], but Stephen Gran
pointed out to me that it's mostly unnecessary scaffolding. In my blog
post I also outlined a way for packages to share a system user, without
having to depend on it, but I think that's not so useful, so I don't
include it in this proposal.
[0] http://blog.liw.fi/posts/addsysuser/
[1] http://i.imgur.com/3XuAi.jpg (gratuitous cat picture; NSFW language)
--
Blog/wiki/website hosting with ikiwiki (free for free software):
http://www.branchable.com/
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1301559813.11500.34.ca...@havelock.liw.fi
