Your message dated Fri, 28 Mar 2008 23:14:04 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#473179: libuuid should use useradd/groupadd
has caused the Debian Bug report #473179,
regarding libuuid should use useradd/groupadd
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
473179: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=473179
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: libuuid1
Version: 1.40.2-1+lenny1
Severity: important
The postinst uses useradd to add a user/group. Policy section 9.2.2 says:
Packages which need a user or group, but can have this user or
group allocated dynamically and differently on each system, should use
adduser --system to create the group and/or user. adduser will check for
the existence of the user or group, and if necessary choose an unused id
based on the ranges specified in adduser.conf."
Using useradd directly will ignore any user tuning of the ranges used in
adduser.conf.
Thanks.
Michael Spang
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing'), (250, 'unstable'), (250, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.25-0-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libuuid1 depends on:
ii libc6 2.7-6 GNU C Library: Shared libraries
libuuid1 recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
On Fri, Mar 28, 2008 at 08:34:46PM -0400, Michael Spang wrote:
> Package: libuuid1
> Version: 1.40.2-1+lenny1
> Severity: important
>
> The postinst uses useradd to add a user/group. Policy section 9.2.2 says:
>
> Packages which need a user or group, but can have this user or
> group allocated dynamically and differently on each system, should use
> adduser --system to create the group and/or user. adduser will check for
> the existence of the user or group, and if necessary choose an unused id
> based on the ranges specified in adduser.conf."
>
> Using useradd directly will ignore any user tuning of the ranges used in
> adduser.conf.
Debian policy distinguishes between "should" and "must" (see Policy
section 1.1). Hence this isn't a policy violation, and thus does not
qualify as an automatic important bug status.
Actually, I originally used adduser, and got complaints from people
that adduser was getting dragged in unnecessarily. To quote from the
git log:
commit 46e770b2e23c18d27c351207601c0222484d6681
Author: Theodore Ts'o <[EMAIL PROTECTED]>
Date: Mon Dec 31 22:22:46 2007 -0500
debian: Use useradd and groupadd in favor of adduser
The adduser package is 'important', and while it is often installed,
we can't guarantee that it will always be there. A required package,
or a package which is dragged in by a required package, such as
libuuid1, shouldn't depend on an 'important' package since that would
implicitly make it be required, which shouldn't be done unless
absolutely necesary.
So we replace the call to adduser with the lower-level useradd and
groupadd programs. They are part of the passwd package, which is
required to be on all Debian systems.
Signed-off-by: "Theodore Ts'o" <[EMAIL PROTECTED]>
I also floated the trial balloon of using a fixed uid, but that got
shot down, because people didn't think it was important enough.
Hence, my use of useradd because that got the fewest flame from the
Debian rules mavens.
I will gladly accept a patch which manually parses adduser.conf and
passes said information to useradd, but I don't care enough to change
it. In my mind, the fact that a required package is dragging in
libuuid1, and we don't want to effectively promote adduser to
"required" is enough of a justification to override the normal
"should" recommendation in debian-policy. It is, after all a
"should", not a "must".
- Ted
--- End Message ---
