Adding a copy to the bug report. Everyone please Cc 621...@bugs.debian.org if replying to this subhtread. Thanks.
On la, 2011-04-09 at 10:14 +0100, Roger Leigh wrote: > On Sat, Apr 09, 2011 at 09:44:28AM +0100, Lars Wirzenius wrote: > > Package: debian-policy > > Version: 3.9.2.0 > > > > thanks > > > > Background for the policy list: see thread starting at > > http://lists.debian.org/debian-devel/2011/03/msg01174.html > > and continuing in April at > > http://lists.debian.org/debian-devel/2011/04/msg00210.html > > > > On ma, 2011-04-04 at 21:09 +0100, Lars Wirzenius wrote: > > > > The current default is not to delete the user because packages don't > > > > generally do so, surely ? > > > > > > I ran the attached script (same as the one I attached to my previous > > > mail, to the bash thread) to unpack all amd64 sid/main binary packages, > > > and then grepped for use of adduser or deluser in maintainer scripts: > > > > > > find pool -name postinst -o -name preinst -o -name postrm -o > > > -name prerm | xargs grep adduser > adduser.list > > > > > > And the same, replacing adduser with deluser. The lists are a few tens > > > of kilobytes in total, so I won't attach them to the mailing list, but > > > I've put them on the web: > > > > > > http://files.liw.fi/temp/adduser.list > > > http://files.liw.fi/temp/deluser.list > > > > > > There seem to be 106 maintainer scripts that mention deluser, in 103 > > > packages. (I did not manually verify that they're all actually calling > > > deluser.) > > > > > > I think this would be a good point to have a discussion and set policy > > > on how to deal with this. The policy manual seems to currently be silent > > > about removing users created by the package at installation time. > > > > > > * We can decide that packages may not remove the accounts they > > > create, ever. In that case, we should amend Policy to say this > > > explicitly, do an MBF on the packages in the deluser.list above, > > > and add a lintian warning against calling deluser in maintainer > > > scripts. > > > > Ian and Tollef and Scott Kitterman are against removal of system users, > > and nobody (except, very mildly, me) is for their removal, so I guess > > the consensus on -devel is clear: we should not remove system users, > > ever, in maintainer scripts. If an admin wants to do it manually, that > > is, of course, OK. > > > > Thus, I propose to change 9.2.2 "UID and GID classes", the paragraph on > > uids in the range 100-999, to add the following sentence to the end of > > the paragraph: > > > > Packages must not remove system users and groups they have > > created. > > This does sound like a sensible addition. Will the packages be > responsible for locking the accounts? > > I've always found the addition and removal of user accounts in > maintainer scripts difficult, due to the huge difference in > practice between packages, and the lack of detailed guidance on > best practice. Would it be worth adding explicit examples of > how to add system users and groups in Policy. Also, would it > be worth adding support to debhelper or dpkg-maintscript-helper > to do the user addition--it would unify the process so that > packages won't have to reinvent the wheel, and make things > much more simple and reliable. > > > Regards, > Roger > -- Blog/wiki/website hosting with ikiwiki (free for free software): http://www.branchable.com/ -- To UNSUBSCRIBE, email to debian-policy-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1302351687.2441.80.ca...@havelock.liw.fi
