Peter Eisentraut <[EMAIL PROTECTED]> wrote: > We have done extensive testing on the transition, so before I believe > that something is broken, I'd need to see a complete log of what you > did and what happened.
Here it is: % dpkg -l | grep ntp ii ntp 4.2.2+dfsg.2-1 Network Time Protocol: server and utility programs rc ntp-server 4.2.0a+stable-9 Network Time Protocol: common server tools rc ntp-simple 4.2.0a+stable-9 Network Time Protocol: daemon for simple systems ii ntpdate 4.2.2+dfsg.2-1 The ntpdate client for setting system time from NTP servers % id ntp uid=114(ntp) gid=114(ntp) groups=114(ntp) % ps aux | grep ntp ntp 1983 0.0 0.1 4128 1348 ? Ss Aug12 0:00 /usr/sbin/ntpd -p /var/run/ntpd.pid -u 114:114 -g % cat /var/lib/dpkg/info/ntp-simple.postrm #!/bin/sh if [ "$1" = "purge" ]; then deluser --system --quiet ntp || true rm -rf /var/lib/ntp/ rm -rf /var/log/ntpstats/ fi exit 0 % sudo dpkg --purge ntp-simple (Reading database ... 118673 files and directories currently installed.) Removing ntp-simple ... Purging configuration files for ntp-simple ... % id ntp id: ntp: No such user % ps aux | grep ntp 114 1983 0.0 0.1 4128 1348 ? Ss Aug12 0:00 /usr/sbin/ntpd -p /var/run/ntpd.pid -u 114:114 -g % sudo /etc/init.d/ntp restart Stopping NTP server: ntpd. Starting NTP server: ntpd. % ps aux | grep ntp ntp 23797 0.0 0.1 4124 1304 ? Ss 16:55 0:00 /usr/sbin/ntpd -p /var/run/ntpd.pid -u 112:114 -g Gah ? adduser call in initscript ? What an horrible idea. And note how the ntp group was not deleted by the postrm script in ntp-simple. (interesting, when I did that the first time with ntp 1:4.2.2+dfsg-1, ntp did not restart. Some fixes to the initscript maybe ? Anyway.) Having a service running under a user that does not exist until the next restart of said service is not acceptable, and could very well trigger some IDS for no f*cking reason. I can hear a couple of paranoid sysadmins screaming, not to mention the changing numeric uid. You need to handle this transition with transition packages to avoid this specific problem. It is possible that during your tests the new ntp user got the same uid than the old one, but I can't understand how you missed the fact that there would be a leftover process running under a non-existing user for a potentially long period of time. JB. -- Julien BLACHE <[EMAIL PROTECTED]> | Debian, because code matters more Debian & GNU/Linux Developer | <http://www.debian.org> Public key available on <http://www.jblache.org> - KeyID: F5D6 5169 GPG Fingerprint : 935A 79F1 C8B3 3521 FD62 7CC7 CD61 4FD7 F5D6 5169 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]