Hi,
you might have noticed that the adduser package has gained some momentum
in the last week, thanks to a new volunteer helper, Jason Franklin, who
has taken care of the actual code. I am acting as advisor and Debian
specialist in this team and am currently doing bug triage.
For the people who don't know about the program, adduser is kind of a
wrapper around useradd that is used in Debian to create local accounts.
While it of course can also create "normal" user account, it has evolved
in the last 20 years to kind of a policy layer that can be used from
maintainer scripts to create package-related accounts, following Debian
policy and avoiding bugs. adduser's defaults need careful choosing since
there is a lot of breakage potential.
I have some issues that I would like to solicit the opinion of my fellow
DDs and to reach rough consensus about some changes that have been
requested from Adduser in the BTS but I am reluctant to go through with
on my own decision.
(1)
#202943, #202944, #398793, #442627, #782001
The bug reporters are requesting the default for DIR_MODE to be changed
from 0755 to 0700, making home directories readable for the user only.
Policy 10.9 states that directories should be 0755, but the policy
editors probably didn't have user home directories in mind when they
wrote that.
(1a) would it be necessary to handle --system accounts differently? I
think yes.
(1b) should we stay with 0755 for --system accounts?
(1c) does a change to 0700 for user accounts make sense?
(1d) should it be 0751 (#398793)?
(1e) how about ~/public_html that would break with 0750?
All those bugs referenced have more or less heated exchanges ranging
from "it's fine" to "we should issue a DSA ASAP", most of them a decade
old, so the times might have changed since then. Please note that the
DIR_MODE _IS_ configurable in adduser, we're just discussing the
default (which also applies for home directories created while still
inside the Installer before a local admin can properly configure
adduser).
(2)
#774046 #520037
Which special characters should we allow for account names?
People demand being able to use a dot (which might break scripts using
chown) and non-ASCII national characters in account names. The regex
used to verify non-system accounts is configurable, so the policy can be
locally relaxed at run-time.
For system-accounts, I'd like to stick to ASCII letters, numbers,
underscores.
(3)
#625758
--disabled-password just does not set a password for the newly created
account (resulting in '*' in shadow) while --disabled-login places a '!'
in shadow. On modern systems with PAM, both variants seem to be
identical, allowing login via ssh. Aside from the documentation needing
change to document reality, should we introduce a --no-set-password
option and deprecate the two older options (to be removed in trixie+2)?
(4)
#979385 #248130
The default for SETGID_HOME is =no, with a comment from the last century
that states that the default was changed from yes to no because of "bad
side effects" this had. Does anybody have an idea which bad side effects
could be meant by that, and what would we possibly break by changing the
default to "yes"?
(5)
#678615
should all newly created non-system users be added to the users group
even on a system with userprivate groups (as it is the default)?
(6)
#849265,
https://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/2017-January/032300.html
Should we really empty out the extra_groups list default?
Thanks for helping adduser being a better package!
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
