rpm should not remove user on uninstall
---------------------------------------
Key: CASSANDRA-3443
URL: https://issues.apache.org/jira/browse/CASSANDRA-3443
Project: Cassandra
Issue Type: Bug
Components: Packaging
Reporter: Mark Doliner
Priority: Minor
Fedora's packaging guidelines state, "We never remove users or groups created
by packages. There's no sane way to check if files owned by those users/groups
are left behind (and even if there would, what would we do to them?), and
leaving those behind with ownerships pointing to now nonexistent users/groups
may result in security issues when a semantically unrelated user/group is
created later and reuses the UID/GID. Also, in some setups deleting the
user/group might not be possible or/nor desirable (eg. when using a shared
remote user/group database). Cleanup of unused users/groups is left to the
system administrators to take care of if they so desire." (that's from
http://fedoraproject.org/wiki/Packaging/UsersAndGroups)
However, Cassandra's spec file in trunk and all branches contains this:
{noformat}
%preun
# only delete user on removal, not upgrade
if [ "$1" = "0" ]; then
userdel %{username}
fi
{noformat}
I agree with Fedora's reasoning. Additionally I'd like to add that stray
accounts on a system are generally relatively harmless. I wonder if there was
some intentional decision to diverge from Fedora's (and presumably Red Hat's)
customary behavior? If not, I would suggest removing the above scriptlet from
the Cassandra spec file. I'd be happy to provide a diff if that would be
useful.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
