Package: dh-sysuser Version: 1.3.5.1 Severity: important X-Debbugs-CC: [email protected]
Contrary to intention, users created by dh-sysuser are not actually
deleted when the package is purged.
Using the libvirt-dbus package, which I maintain, as an example:
$ grep libvirtdbus /etc/passwd /etc/group
$ sudo apt-get install -y libvirt-dbus
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
libvirt-dbus
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/61.2 kB of archives.
After this operation, 337 kB of additional disk space will be used.
Selecting previously unselected package libvirt-dbus.
(Reading database ... 226040 files and directories currently installed.)
Preparing to unpack .../libvirt-dbus_1.4.0-2_amd64.deb ...
Unpacking libvirt-dbus (1.4.0-2) ...
Setting up libvirt-dbus (1.4.0-2) ...
Processing triggers for dbus (1.12.20-3) ...
Processing triggers for man-db (2.9.4-2) ...
$ grep libvirtdbus /etc/passwd /etc/group
/etc/passwd:libvirtdbus:x:998:998:Created by dh-sysuser for
libvirt-dbus:/nonexistent:/usr/sbin/nologin
/etc/group:libvirtdbus:x:998:
$ sudo apt-get remove --purge -y libvirt-dbus
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages will be REMOVED:
libvirt-dbus*
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 337 kB disk space will be freed.
(Reading database ... 226061 files and directories currently installed.)
Removing libvirt-dbus (1.4.0-2) ...
Processing triggers for dbus (1.12.20-3) ...
Processing triggers for man-db (2.9.4-2) ...
$ grep libvirtdbus /etc/passwd /etc/group
/etc/passwd:libvirtdbus:x:998:998:Created by dh-sysuser for
libvirt-dbus:/nonexistent:/usr/sbin/nologin
/etc/group:libvirtdbus:x:998:
$
Looking at the code for sysuser-helper, the reason for this behavior
is pretty obvious:
command="${1}" ; shift
case "${command}" in
prerm)
case ${1:-} in
purge|abort-install)
rmdir --ignore-fail-on-non-empty "${CONF_HOME}"
if ! [ -d "${CONF_HOME}" ] ; then
if ! userdel --force "${CONF_USERNAME}" ; then
echo >&2 "warning: failed to remove ${CONF_USERNAME}. Proceeding
anyway."
fi
fi
esac
esac
So users are deleted when sysuser-helper is called from prerm and the
operation is purge or abort-install. But deb-prerm(5) lists all
possible ways in which prerm can be invoked, and neither of the above
can happen. The result is that users created via dh-sysuser are never
deleted.
Additionally, the call to rmdir needs to be guarded by a check for
the /nonexistent scenario, just like the use of --create-home is for
the postinst part, because it will result in a script failure
otherwise:
$ sudo rmdir --ignore-fail-on-non-empty /nonexistent
rmdir: failed to remove '/nonexistent': No such file or directory
$ echo $?
1
$
--
Andrea Bolognani <[email protected]>
Resistance is futile, you will be garbage collected.
signature.asc
Description: PGP signature
