<seb128> what should packages handle deluser calls in postrm/purge that fail because the user is logged in like lightdm when users try to remove the package from a system when the login manager is in use <pitti> seb128: TBH I think nothing should ever call deluser automatically if a postrm is trying to, then at least with || true <seb128> pitti, so purging lightdm should just let a lightdm user around? <pitti> but the possibility of reusing a previously removed uid for a new account is a security issue seb128: yeah, I think that's the lesser evil <seb128> pitti, so you would just drop the deluser call? rather than adding || true? <pitti> lightdm is prone to leaking processes and leftover sessions unfortunately seb128: no strong opinion between || true and drop, but I'd prefer dropping it, yes <seb128> pitti, thanks <seb128> robert_ancell, ^ <pitti> seb128: so the problem is: <pitti> 1. you uninstall package foo with sysuser foo, removing the sysuser foo with uid 123 2. you install a package bar, adding sysuser bar with uid 123 (reusing) 3. now bar's daemons "take over" any running processes of foo, and can meddle with its leftover files, etc. <robert_ancell> pitti, fair point <seb128> right <pitti> in some cases (when foo doesn't write any files, or makes sure to kill its processes), deluser is a nice cleanup, but this should be ascertained before and lightdm in particular writes lots of files and leaks lots of sessions and processes at least while it's running I always have a lightdm session around; not sure whether that's still true after stopping lightdm
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/924224 Title: LightDM package fails to remove if lightdm user is in use To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/924224/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
