[For debian-devel readers; the original stated motivation for this bug was being able to trim down the de-facto-essential set by removing adduser from it.]
On Wed, Aug 25, 2021 at 09:54:35AM +0200, Johannes Schauer Marin Rodrigues wrote: > Quoting Helmut Grohne (2020-09-06 09:48:26) > > Another benefit of this change (if a static uid is allocated) is that we > > improve reproducible installations where currently uids may depend on > > configuration order. > > I'm very interested in having this bug fixed because of the reason above. > > And there is yet another use-case that would be solved by the _apt user being > shipped by base-passwd: since apt would no longer require adduser, we would > automatically get DPKG_ROOT support for Essential:yes packages plus apt. > > What do we need to implement this change? I observed that when I apply this > patch to base-passwd: > > diff -Nru base-passwd-3.5.51/passwd.master > base-passwd-3.5.51+nmu1/passwd.master > --- base-passwd-3.5.51/passwd.master 2021-07-10 13:57:43.000000000 +0200 > +++ base-passwd-3.5.51+nmu1/passwd.master 2021-08-24 20:08:52.000000000 > +0200 > @@ -15,4 +15,5 @@ > list:*:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin > irc:*:39:39:ircd:/run/ircd:/usr/sbin/nologin > gnats:*:41:41:Gnats Bug-Reporting System > (admin):/var/lib/gnats:/usr/sbin/nologin > +_apt:*42:42::/nonexistent:/usr/sbin/nologin > nobody:*:65534:65534:nobody:/nonexistent:/usr/sbin/nologin > > Then not only will the _apt user be created as expected, but I also observed > that when upgrading base-passwd on a system with an existing _apt user with > uid > 100 from basepasswd 3.5.51 to my patched 3.5.51+nmu1, the uid of the _apt user > remained the same as it should. I think it's an interesting idea and worth pursuing, but on the face of it it seems that this would end up violating policy 9.2.2: "Globally allocated by the Debian project, the same on every Debian system." ... because the UID of the _apt user in fact wouldn't be the same on every Debian system, and I can imagine that this might cause trouble somewhere. Is this a serious enough problem to be worth fixing? I'm not sure, so CCing debian-devel for wider discussion. Julian's point earlier in the bug thread was: I'm mostly just worried about users using file:/ or copy:/ methods and having given _apt access to them, they'd break. I think it'd be best if we don't change existing _apt users, but only dealt with new systems for now. I mean we could prompt users about changing the uid I can see the issue there. Adding another prompt that every Debian user will need to consider on upgrade to the next release is pretty undesirable, though - I actively try to avoid that in base-passwd changes. So maybe the policy violation, i.e. ending up with an inconsistent _apt UID on upgraded systems, is in fact the better option? Of course, another approach to the overall problem might be declarative user creation in dpkg, e.g. #685734 and https://wiki.debian.org/Teams/Dpkg/Spec/SysUser. But that's clearly a lot of work, and this change wouldn't preclude it. -- Colin Watson (he/him) [cjwat...@debian.org]