Bionic on install: # grep snmp /etc/passwd Debian-snmp:x:111:115::/var/lib/snmp:/bin/false
That is by: adduser --quiet --system --group --home "$SNMP_DIR" \ --disabled-password --disabled-login \ --shell "$SNMP_SHELL" --force-badname "$SNMP_USER" ANd of the install owned is only: # find / -group Debian-snmp 2>/dev/null /var/lib/snmp /var/lib/snmp/snmpd.conf While /etc/snmp/* is root owned. After upgrade to Focal I see: # grep snmp /etc/passwd Debian-snmp:x:112:118::/var/lib/snmp:/bin/false /var/lib/snmp will be re-owned by the postinst script and I indeed see that it still matches. /etc/sndmp still is root owned. So nothing but /var/lib/snmpd should actually be owned by that user - and that path is taken care of. Were the files in /etc/snmpd required to be owned by that user or was it an accident or misconfiguration? BTW - the reason that the user changes is due to [1][2] and fixed since Ubuntu 19.04 in version 5.7.3+dfsg-5ubuntu1 and later. It will no more change later on. If there is a real reason that other files than those in /var/lib/snmpd need to be owned by Debian-snmpd then we need to consider backporting the fix to Bionic. But this is a hard call to make as it is a double- edged sword. The fact that we would do a Bionic SRU will itself trigger this bug in the postrm of the current snmpd package. So while the bug would be fixed fromt hen on, it would instantly trigger it once for anyone else that wasn't affected until then. Note: this might be a perfect case for block proposed thou, prepare the change and hold it in bionic-proposed. But only release it with the next actual critically required fix. For now I'm looking for some feedback by net-snmpd users if anything other then /var/lib/snmpd should ever be owned by that user to better consider the severity of it. [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911216 [2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911132 [3]: https://salsa.debian.org/debian/net-snmp/-/commit/f406c84fb2f350bc3663401d0d764bbad9ae51b6 ** Bug watch added: Debian Bug tracker #911216 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911216 ** Bug watch added: Debian Bug tracker #911132 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911132 ** Also affects: net-snmp (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: net-snmp (Ubuntu) Status: Incomplete => Fix Released ** Changed in: net-snmp (Ubuntu Bionic) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875926 Title: snmpd upgrade (Bionic->Focal) changes Debian-snmp UID/GID To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1875926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs