Hi, you might have noticed that the adduser package has gained some momentum in the last week, thanks to a new volunteer helper, Jason Franklin, who has taken care of the actual code. I am acting as advisor and Debian specialist in this team and am currently doing bug triage.
For the people who don't know about the program, adduser is kind of a wrapper around useradd that is used in Debian to create local accounts. While it of course can also create "normal" user account, it has evolved in the last 20 years to kind of a policy layer that can be used from maintainer scripts to create package-related accounts, following Debian policy and avoiding bugs. adduser's defaults need careful choosing since there is a lot of breakage potential. I have some issues that I would like to solicit the opinion of my fellow DDs and to reach rough consensus about some changes that have been requested from Adduser in the BTS but I am reluctant to go through with on my own decision. (1) #202943, #202944, #398793, #442627, #782001 The bug reporters are requesting the default for DIR_MODE to be changed from 0755 to 0700, making home directories readable for the user only. Policy 10.9 states that directories should be 0755, but the policy editors probably didn't have user home directories in mind when they wrote that. (1a) would it be necessary to handle --system accounts differently? I think yes. (1b) should we stay with 0755 for --system accounts? (1c) does a change to 0700 for user accounts make sense? (1d) should it be 0751 (#398793)? (1e) how about ~/public_html that would break with 0750? All those bugs referenced have more or less heated exchanges ranging from "it's fine" to "we should issue a DSA ASAP", most of them a decade old, so the times might have changed since then. Please note that the DIR_MODE _IS_ configurable in adduser, we're just discussing the default (which also applies for home directories created while still inside the Installer before a local admin can properly configure adduser). (2) #774046 #520037 Which special characters should we allow for account names? People demand being able to use a dot (which might break scripts using chown) and non-ASCII national characters in account names. The regex used to verify non-system accounts is configurable, so the policy can be locally relaxed at run-time. For system-accounts, I'd like to stick to ASCII letters, numbers, underscores. (3) #625758 --disabled-password just does not set a password for the newly created account (resulting in '*' in shadow) while --disabled-login places a '!' in shadow. On modern systems with PAM, both variants seem to be identical, allowing login via ssh. Aside from the documentation needing change to document reality, should we introduce a --no-set-password option and deprecate the two older options (to be removed in trixie+2)? (4) #979385 #248130 The default for SETGID_HOME is =no, with a comment from the last century that states that the default was changed from yes to no because of "bad side effects" this had. Does anybody have an idea which bad side effects could be meant by that, and what would we possibly break by changing the default to "yes"? (5) #678615 should all newly created non-system users be added to the users group even on a system with userprivate groups (as it is the default)? (6) #849265, https://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/2017-January/032300.html Should we really empty out the extra_groups list default? Thanks for helping adduser being a better package! Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421