Bionic on install:
# grep snmp /etc/passwd
Debian-snmp:x:111:115::/var/lib/snmp:/bin/false

That is by:
        adduser --quiet --system --group --home "$SNMP_DIR" \
                --disabled-password  --disabled-login \
                --shell "$SNMP_SHELL" --force-badname "$SNMP_USER"

ANd of the install owned is only:
# find / -group Debian-snmp 2>/dev/null 
/var/lib/snmp
/var/lib/snmp/snmpd.conf

While /etc/snmp/* is root owned.

After upgrade to Focal I see:
# grep snmp /etc/passwd
Debian-snmp:x:112:118::/var/lib/snmp:/bin/false

/var/lib/snmp will be re-owned by the postinst script and I indeed see that it 
still matches.
/etc/sndmp still is root owned.

So nothing but /var/lib/snmpd should actually be owned by that user -
and that path is taken care of. Were the files in /etc/snmpd required to
be owned by that user or was it an accident or misconfiguration?


BTW - the reason that the user changes is due to [1][2] and fixed since Ubuntu 
19.04 in version 5.7.3+dfsg-5ubuntu1 and later. It will no more change later on.

If there is a real reason that other files than those in /var/lib/snmpd
need to be owned by Debian-snmpd then we need to consider backporting
the fix to Bionic. But this is a hard call to make as it is a double-
edged sword. The fact that we would do a Bionic SRU will itself trigger
this bug in the postrm of the current snmpd package. So while the bug
would be fixed fromt hen on, it would instantly trigger it once for
anyone else that wasn't affected until then.

Note: this might be a perfect case for block proposed thou, prepare the
change and hold it in bionic-proposed. But only release it with the next
actual critically required fix.

For now I'm looking for some feedback by net-snmpd users if anything
other then /var/lib/snmpd should ever be owned by that user to better
consider the severity of it.

[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911216
[2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911132
[3]: 
https://salsa.debian.org/debian/net-snmp/-/commit/f406c84fb2f350bc3663401d0d764bbad9ae51b6

** Bug watch added: Debian Bug tracker #911216
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911216

** Bug watch added: Debian Bug tracker #911132
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911132

** Also affects: net-snmp (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Changed in: net-snmp (Ubuntu)
       Status: Incomplete => Fix Released

** Changed in: net-snmp (Ubuntu Bionic)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1875926

Title:
  snmpd upgrade (Bionic->Focal) changes Debian-snmp UID/GID

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1875926/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to