Debian Bug report logs - #679746
adduser --system should default to --home /nonexistent

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-packages@zugschlus.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: default --system home directory leads to piuparts RC bugs

Date: Sun, 01 Jul 2012 11:38:08 +0200

Package: adduser
Version: 3.113+nmu3
Severity: serious

Hi,

I am really sorry having to file this.

When a package uses adduser --system without explicitly specifying the
home directory of the new user, its home directory gets set to
/home/$USER. Debian QA thinks that this is a policy violation and
supports this by bending FHS
http://www.debian.org/doc/packaging-manuals/fhs/fhs-2.3.html#HOMEUSERHOMEDIRECTORIES
which says:

"/home : User home directories (optional)"
"/home is a fairly standard concept, but it is clearly a site-specific
filesystem. The setup will differ from host to host. Therefore, no
program should rely on this location."

Thus, packages using adduser --system and relying on adduser doing the
right thing will get a piuparts-based RC bug in no time. Adduser
should change its default behavior to something that QA will accept.

Greetings
Marc

Message #10 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Stephen Gran <sgran@debian.org>

To: Marc Haber <mh+debian-packages@zugschlus.de>, 679746@bugs.debian.org

Subject: Re: Bug#679746: default --system home directory leads to piuparts RC bugs

Date: Sun, 1 Jul 2012 15:43:42 +0100

[Message part 1 (text/plain, inline)]

This one time, at band camp, Marc Haber said:
> Thus, packages using adduser --system and relying on adduser doing the
> right thing will get a piuparts-based RC bug in no time. Adduser
> should change its default behavior to something that QA will accept.

And what directory would that be, then?

I think this is a strange interpretation of policy, that it's the tool
that is buggy and not the invocation.

Cheers,
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------

[signature.asc (application/pgp-signature, inline)]

Message #15 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-bugs@zugschlus.de>

To: 679746@bugs.debian.org

Subject: Re: Bug#679746: default --system home directory leads to piuparts RC bugs

Date: Sun, 1 Jul 2012 17:09:14 +0200

On Sun, Jul 01, 2012 at 03:43:42PM +0100, Stephen Gran wrote:
> This one time, at band camp, Marc Haber said:
> > Thus, packages using adduser --system and relying on adduser doing the
> > right thing will get a piuparts-based RC bug in no time. Adduser
> > should change its default behavior to something that QA will accept.
> 
> And what directory would that be, then?

Since policy does not give any hints about that, adduser --system
should probably insist on --home being given.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062

Message #20 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Giovanni Rapagnani <giovanni@ideanet.be>

To: 679746@bugs.debian.org

Subject: Re: Bug#679746: default --system home directory leads to piuparts RC bugs

Date: Sun, 01 Jul 2012 20:49:21 +0200

Hi,

> When a package uses adduser --system without explicitly specifying
> home directory of the new user, its home directory gets set to
> /home/$USER. Debian QA thinks that this is a policy violation and
> supports this by bending FHS.

actually, this isn't completely true. The home directory gets set to
/$DHOME/$USER where DHOME is a configuration variable found in
/etc/adduser.conf . I think that the site-specific nature of the base
directory for user home directories gets preserved through this DHOME
variable. It should be the responsibility of the system administrator to
keep this variable in sync with the base directory he wants for his home
directories. Isn't it?

Cheers,

-- 
Giovanni Rapagnani

Message #25 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Stephen Gran <sgran@debian.org>

To: Marc Haber <mh+debian-bugs@zugschlus.de>, 679746@bugs.debian.org

Subject: Re: [Adduser-devel] Bug#679746: default --system home directory leads to piuparts RC bugs

Date: Mon, 2 Jul 2012 13:07:26 +0100

Hi,

This one time, at band camp, Marc Haber said:
> On Sun, Jul 01, 2012 at 03:43:42PM +0100, Stephen Gran wrote:
> > This one time, at band camp, Marc Haber said:
> > > Thus, packages using adduser --system and relying on adduser doing the
> > > right thing will get a piuparts-based RC bug in no time. Adduser
> > > should change its default behavior to something that QA will accept.
> > 
> > And what directory would that be, then?
> 
> Since policy does not give any hints about that, adduser --system
> should probably insist on --home being given.

I think I'd like to summarize, if I may:

Policy says packages can't rely on the layout of /home/
Some packages invoke adduser --system without the switch --home
In this case, adduser creates a user with $HOME under /home/

There is so far no evidence that these packages rely on the presence of
that directory

You think this is a release-critical bug in adduser

You have filed this as we freeze

Congratulations.

Now, I don't agree that this is a bug in adduser - I think this is a bug
in packages invoking adduser.  I think the right way to do this is a
mass bug filing on those packages.

Your suggestion of a 'fix' makes lots of packages insta-buggy, which is
effectively the same as a mass bug-filing.

So, unless you can give me compelling arguments that this is actually
adduser's problem to solve, I'd like you to talk about your prospective
mass bug-filing on -devel.

Cheers,
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------

Message #32 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-bugs@zugschlus.de>

To: Stephen Gran <sgran@debian.org>

Cc: 679746@bugs.debian.org

Subject: Re: [Adduser-devel] Bug#679746: default --system home directory leads to piuparts RC bugs

Date: Wed, 4 Jul 2012 17:06:59 +0200

Your argumentation, the personal attacks set aside, is sound. Please
downgrade at will.

If I were still active in adduser development, I'd probably,
post-wheezy, let adduser emit a warning when adduser --system is
invoked either without --home, or a --home /home option.

Greetings
Marc

On Mon, Jul 02, 2012 at 01:07:26PM +0100, Stephen Gran wrote:
> This one time, at band camp, Marc Haber said:
> > On Sun, Jul 01, 2012 at 03:43:42PM +0100, Stephen Gran wrote:
> > > This one time, at band camp, Marc Haber said:
> > > > Thus, packages using adduser --system and relying on adduser doing the
> > > > right thing will get a piuparts-based RC bug in no time. Adduser
> > > > should change its default behavior to something that QA will accept.
> > > 
> > > And what directory would that be, then?
> > 
> > Since policy does not give any hints about that, adduser --system
> > should probably insist on --home being given.
> 
> I think I'd like to summarize, if I may:
> 
> Policy says packages can't rely on the layout of /home/
> Some packages invoke adduser --system without the switch --home
> In this case, adduser creates a user with $HOME under /home/
> 
> There is so far no evidence that these packages rely on the presence of
> that directory
> 
> You think this is a release-critical bug in adduser
> 
> You have filed this as we freeze
> 
> Congratulations.
> 
> Now, I don't agree that this is a bug in adduser - I think this is a bug
> in packages invoking adduser.  I think the right way to do this is a
> mass bug filing on those packages.
> 
> Your suggestion of a 'fix' makes lots of packages insta-buggy, which is
> effectively the same as a mass bug-filing.
> 
> So, unless you can give me compelling arguments that this is actually
> adduser's problem to solve, I'd like you to talk about your prospective
> mass bug-filing on -devel.
> 
> Cheers,
> -- 
>  -----------------------------------------------------------------
> |   ,''`.                                            Stephen Gran |
> |  : :' :                                        sgran@debian.org |
> |  `. `'                        Debian user, admin, and developer |
> |    `-                                     http://www.debian.org |
>  -----------------------------------------------------------------

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062

Message #37 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Wessel Dankers <wsl-deb-bug-679746@fruit.je>

To: 679746@bugs.debian.org

Subject: default --system home directory

Date: Wed, 14 Nov 2012 12:17:04 +0100

[Message part 1 (text/plain, inline)]

Hi,

Since some packages do not seem to care about their home directory, and
putting system directories under /home is “obviously” never the answer:

Perhaps adduser --system invocations should default to --home /nonexistent
--no-create-home if no --home option was supplied by the invoking
script/user.

Kind regards,

-- 
Wessel Dankers <wsl-deb-bug-679746@fruit.je>

[signature.asc (application/pgp-signature, inline)]

Message #42 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Andreas Barth <aba@ayous.org>

To: Stephen Gran <sgran@debian.org>

Cc: Marc Haber <mh+debian-bugs@zugschlus.de>, 679746@bugs.debian.org

Subject: Re: [Adduser-devel] Bug#679746: default --system home directory leads to piuparts RC bugs

Date: Tue, 11 Dec 2012 22:34:47 +0100

* Stephen Gran (sgran@debian.org) [120702 13:25]:
> Policy says packages can't rely on the layout of /home/
> Some packages invoke adduser --system without the switch --home
> In this case, adduser creates a user with $HOME under /home/

Question now is how bad is "directory created unter /home" really. Is
this RC?


> There is so far no evidence that these packages rely on the presence of
> that directory

I would tend to say that if packages don't need $HOME they should set
something like --no-create-home.


> Now, I don't agree that this is a bug in adduser - I think this is a bug
> in packages invoking adduser.  I think the right way to do this is a
> mass bug filing on those packages.

I think I disagree here.

If we have a switch on adduser "--system" saying that the user to be
created is a system-user, I tend to think that adduser should then
select an appropriate place to create $HOME. (I wouldn't mind if we
say that for the upcoming release, this still is within /home, and we
fix that for the next stable release.)

Only if we find out that there is no appropriate place to create such
home directories by default, then I think we should ban the behaviour
- which would be mass bug filing, and then, also by force breaking
unfixed code. (Definitly something for the next cycle.)

However, if possible, I think I would prefer to get system home
directories created somewhere useable by default.


Andi

Message #47 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Stephen Gran <sgran@debian.org>

To: Andreas Barth <aba@ayous.org>, Marc Haber <mh+debian-bugs@zugschlus.de>, 679746@bugs.debian.org

Subject: Re: Bug#679746: [Adduser-devel] Bug#679746: default --system home directory leads to piuparts RC bugs

Date: Wed, 12 Dec 2012 07:05:24 +0000

[Message part 1 (text/plain, inline)]

Hi,

This one time, at band camp, Andreas Barth said:
> > Now, I don't agree that this is a bug in adduser - I think this is a bug
> > in packages invoking adduser.  I think the right way to do this is a
> > mass bug filing on those packages.
> 
> I think I disagree here.
> 
> If we have a switch on adduser "--system" saying that the user to be
> created is a system-user, I tend to think that adduser should then
> select an appropriate place to create $HOME. (I wouldn't mind if we
> say that for the upcoming release, this still is within /home, and we
> fix that for the next stable release.)

Where would you suggest?  I can't think of a better place, in the
absence of direction, than /home.  If packages rely on the presence of a
home directory, it's up to them to ask for a sensible one.

Cheers,
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------

[signature.asc (application/pgp-signature, inline)]

Message #52 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-bugs@zugschlus.de>

To: Stephen Gran <sgran@debian.org>

Cc: Andreas Barth <aba@ayous.org>, 679746@bugs.debian.org

Subject: Re: Bug#679746: [Adduser-devel] Bug#679746: default --system home directory leads to piuparts RC bugs

Date: Wed, 12 Dec 2012 16:18:42 +0100

On Wed, Dec 12, 2012 at 07:05:24AM +0000, Stephen Gran wrote:
> Where would you suggest?  I can't think of a better place, in the
> absence of direction, than /home.

Creating /home/foo will break in the case of an nfs mounted /home, and
other packages are going out of wheezy for using adduser's --system
default.

>   If packages rely on the presence of a home directory, it's up to
>   them to ask for a sensible one.

But being rc buggy just for using --system is not friendly either.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062

Message #57 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Stephen Gran <sgran@debian.org>

To: Marc Haber <mh+debian-bugs@zugschlus.de>, 679746@bugs.debian.org

Cc: Andreas Barth <aba@ayous.org>

Subject: Re: Bug#679746: [Adduser-devel] Bug#679746: default --system home directory leads to piuparts RC bugs

Date: Wed, 12 Dec 2012 19:57:38 +0000

[Message part 1 (text/plain, inline)]

This one time, at band camp, Marc Haber said:
> On Wed, Dec 12, 2012 at 07:05:24AM +0000, Stephen Gran wrote:
> > Where would you suggest?  I can't think of a better place, in the
> > absence of direction, than /home.
> 
> Creating /home/foo will break in the case of an nfs mounted /home, and
> other packages are going out of wheezy for using adduser's --system
> default.

Yes, I know that your argument is "putting stuff under /home is bad".
My question was, and I'll repeat it: "Where would you suggest?"

So far, no one has made a constructive suggestion.  I'd say that that
might be because there isn't a good default outside of /home.  If we
take that as correct, then we have two choices: continue the current
behavior, or fail and abort with an error.  I'd suggest the latter
behavior is even less friendly.

Cheers,
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------

[signature.asc (application/pgp-signature, inline)]

Message #62 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Andreas Barth <aba@ayous.org>

To: Stephen Gran <sgran@debian.org>

Cc: Marc Haber <mh+debian-bugs@zugschlus.de>, 679746@bugs.debian.org

Subject: Re: Bug#679746: [Adduser-devel] Bug#679746: default --system home directory leads to piuparts RC bugs

Date: Wed, 12 Dec 2012 20:58:11 +0100

* Stephen Gran (sgran@debian.org) [121212 08:19]:
> This one time, at band camp, Andreas Barth said:
> > > Now, I don't agree that this is a bug in adduser - I think this is a bug
> > > in packages invoking adduser.  I think the right way to do this is a
> > > mass bug filing on those packages.
> > 
> > I think I disagree here.
> > 
> > If we have a switch on adduser "--system" saying that the user to be
> > created is a system-user, I tend to think that adduser should then
> > select an appropriate place to create $HOME. (I wouldn't mind if we
> > say that for the upcoming release, this still is within /home, and we
> > fix that for the next stable release.)
> 
> Where would you suggest? 

I suggest to tolerate the current behaviour for the upcoming release.
Afterwards, I suggest to either require either --no-home or --home for
system users. Or switch defaults to another location, e.g.
/var/lib/syshome (or whatever else).


> I can't think of a better place, in the
> absence of direction, than /home.  If packages rely on the presence of a
> home directory, it's up to them to ask for a sensible one.

Currently, packages become RC-buggy for just adding system users
without --no-home and no --home (even if not relying on the
directory). I think that - if we read policy as that - then it's
better to fail the postinst then to have hidden RC bugs. Explicit RC
bugs are always better then well hidden ones. (Of course, all of that
for after this cycle.)


Andi

Message #67 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Stephen Gran <sgran@debian.org>

To: Andreas Barth <aba@ayous.org>, Marc Haber <mh+debian-bugs@zugschlus.de>, 679746@bugs.debian.org

Subject: Re: [Adduser-devel] Bug#679746: Bug#679746: default --system home directory leads to piuparts RC bugs

Date: Thu, 13 Dec 2012 07:17:47 +0000

[Message part 1 (text/plain, inline)]

This one time, at band camp, Andreas Barth said:
> * Stephen Gran (sgran@debian.org) [121212 08:19]:
> > This one time, at band camp, Andreas Barth said:
> > > > Now, I don't agree that this is a bug in adduser - I think this is a bug
> > > > in packages invoking adduser.  I think the right way to do this is a
> > > > mass bug filing on those packages.
> > > 
> > > I think I disagree here.
> > > 
> > > If we have a switch on adduser "--system" saying that the user to be
> > > created is a system-user, I tend to think that adduser should then
> > > select an appropriate place to create $HOME. (I wouldn't mind if we
> > > say that for the upcoming release, this still is within /home, and we
> > > fix that for the next stable release.)
> > 
> > Where would you suggest? 
> 
> I suggest to tolerate the current behaviour for the upcoming release.
> Afterwards, I suggest to either require either --no-home or --home for
> system users. Or switch defaults to another location, e.g.
> /var/lib/syshome (or whatever else).

Ew.  That seems to me to be inventing something ad-hoc and
Debian-specific, which feels wrong.

> > I can't think of a better place, in the
> > absence of direction, than /home.  If packages rely on the presence of a
> > home directory, it's up to them to ask for a sensible one.
> 
> Currently, packages become RC-buggy for just adding system users
> without --no-home and no --home (even if not relying on the
> directory). I think that - if we read policy as that - then it's
> better to fail the postinst then to have hidden RC bugs. Explicit RC
> bugs are always better then well hidden ones. (Of course, all of that
> for after this cycle.)

So we're not going to do an MBF, but we're going to make code changes
so that packages blow up at install time and users do the MBF for us,
one by one?  How bizarre.  That can't be what you're actually saying.

Cheers,
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------

[signature.asc (application/pgp-signature, inline)]

Message #72 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-bugs@zugschlus.de>

To: Stephen Gran <sgran@debian.org>

Cc: Andreas Barth <aba@ayous.org>, 679746@bugs.debian.org

Subject: Re: [Adduser-devel] Bug#679746: Bug#679746: default --system home directory leads to piuparts RC bugs

Date: Sat, 15 Dec 2012 13:53:40 +0100

On Thu, Dec 13, 2012 at 07:17:47AM +0000, Stephen Gran wrote:
> This one time, at band camp, Andreas Barth said:
> > Currently, packages become RC-buggy for just adding system users
> > without --no-home and no --home (even if not relying on the
> > directory). I think that - if we read policy as that - then it's
> > better to fail the postinst then to have hidden RC bugs. Explicit RC
> > bugs are always better then well hidden ones. (Of course, all of that
> > for after this cycle.)
> 
> So we're not going to do an MBF, but we're going to make code changes
> so that packages blow up at install time and users do the MBF for us,
> one by one?  How bizarre.  That can't be what you're actually saying.

A first step could be to have adduser --system spew a warning in this
case. Maintainers should notice that when testing packages before
upload. Additionally, there could be a lintian check for that.

This course of action has numerous precedences.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062

Message #77 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Stephen Gran <sgran@debian.org>

To: Marc Haber <mh+debian-bugs@zugschlus.de>, 679746@bugs.debian.org

Cc: Andreas Barth <aba@ayous.org>

Subject: Re: [Adduser-devel] Bug#679746: Bug#679746: Bug#679746: default --system home directory leads to piuparts RC bugs

Date: Sun, 16 Dec 2012 19:46:21 +0000

[Message part 1 (text/plain, inline)]

Hi,

This one time, at band camp, Marc Haber said:
> On Thu, Dec 13, 2012 at 07:17:47AM +0000, Stephen Gran wrote:
> > This one time, at band camp, Andreas Barth said:
> > > Currently, packages become RC-buggy for just adding system users
> > > without --no-home and no --home (even if not relying on the
> > > directory). I think that - if we read policy as that - then it's
> > > better to fail the postinst then to have hidden RC bugs. Explicit RC
> > > bugs are always better then well hidden ones. (Of course, all of that
> > > for after this cycle.)
> > 
> > So we're not going to do an MBF, but we're going to make code changes
> > so that packages blow up at install time and users do the MBF for us,
> > one by one?  How bizarre.  That can't be what you're actually saying.
> 
> A first step could be to have adduser --system spew a warning in this
> case. Maintainers should notice that when testing packages before
> upload. Additionally, there could be a lintian check for that.

Yes, that would be fine, so long as we remove the warning again before
release.  I see no reason to bother users for the next several years
with a message aimed at developers.

Is one of you interested in filing a bug on lintian for the new warning?

Cheers,
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------

[signature.asc (application/pgp-signature, inline)]

Message #82 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-bugs@zugschlus.de>

To: Stephen Gran <sgran@debian.org>, 679746@bugs.debian.org

Cc: Andreas Barth <aba@ayous.org>, Marc Haber <mh+debian-bugs@zugschlus.de>

Subject: Re: Bug#679746: [Adduser-devel] Bug#679746: Bug#679746: default --system home directory leads to piuparts RC bugs

Date: Mon, 25 Nov 2013 09:40:16 +0100

On Thu, Dec 13, 2012 at 07:17:47AM +0000, Stephen Gran wrote:
> This one time, at band camp, Andreas Barth said:
> > I suggest to tolerate the current behaviour for the upcoming release.
> > Afterwards, I suggest to either require either --no-home or --home for
> > system users. Or switch defaults to another location, e.g.
> > /var/lib/syshome (or whatever else).
> 
> Ew.  That seems to me to be inventing something ad-hoc and
> Debian-specific, which feels wrong.

adduser is already Debian specific. It is a wrapper around useradd
which does things "right" from a Debian policy point of view, making
things easier for a package maintainer by making it harder to make
mistakes in postinst.

> > Currently, packages become RC-buggy for just adding system users
> > without --no-home and no --home (even if not relying on the
> > directory). I think that - if we read policy as that - then it's
> > better to fail the postinst then to have hidden RC bugs. Explicit RC
> > bugs are always better then well hidden ones. (Of course, all of that
> > for after this cycle.)
> 
> So we're not going to do an MBF, but we're going to make code changes
> so that packages blow up at install time and users do the MBF for us,
> one by one?  How bizarre.  That can't be what you're actually saying.

piuparts is already doing those MBFs. Maybe we don't make packages
blow up at install times first but we can print a warning.

Greetings
Marc

Message #87 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-bugs@zugschlus.de>

To: Wessel Dankers <wsl-deb-bug-679746@fruit.je>, 679746@bugs.debian.org

Cc: Marc Haber <mh+debian-bugs@zugschlus.de>

Subject: Re: Bug#679746: default --system home directory

Date: Mon, 25 Nov 2013 09:41:06 +0100

On Wed, Nov 14, 2012 at 12:17:04PM +0100, Wessel Dankers wrote:
> Perhaps adduser --system invocations should default to --home /nonexistent
> --no-create-home if no --home option was supplied by the invoking
> script/user.

I like that idea. Stephen, what do you think?

Greetings
Marc

Message #92 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-bugs@zugschlus.de>

To: Stephen Gran <sgran@debian.org>, 679746@bugs.debian.org

Cc: Marc Haber <mh+debian-bugs@zugschlus.de>, Andreas Barth <aba@ayous.org>

Subject: Re: Bug#679746: [Adduser-devel] Bug#679746: default --system home directory leads to piuparts RC bugs

Date: Mon, 25 Nov 2013 09:36:40 +0100

On Wed, Dec 12, 2012 at 07:57:38PM +0000, Stephen Gran wrote:
> This one time, at band camp, Marc Haber said:
> > On Wed, Dec 12, 2012 at 07:05:24AM +0000, Stephen Gran wrote:
> > > Where would you suggest?  I can't think of a better place, in the
> > > absence of direction, than /home.
> > 
> > Creating /home/foo will break in the case of an nfs mounted /home, and
> > other packages are going out of wheezy for using adduser's --system
> > default.
> 
> Yes, I know that your argument is "putting stuff under /home is bad".

It is not my argument. It's piuparts' argument. They are filing
automatically generated release critical bugreports against packages
for doing so.

> My question was, and I'll repeat it: "Where would you suggest?"

I do not have a sensible idea.

Greeings
Marc

Message #97 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-bugs@zugschlus.de>

To: Andreas Barth <aba@ayous.org>, Stephen Gran <sgran@debian.org>, 679746@bugs.debian.org

Cc: Marc Haber <mh+debian-bugs@zugschlus.de>

Subject: Re: Bug#679746: [Adduser-devel] Bug#679746: default --system home directory leads to piuparts RC bugs

Date: Mon, 25 Nov 2013 09:35:01 +0100

On Tue, Dec 11, 2012 at 10:34:47PM +0100, Andreas Barth wrote:
> * Stephen Gran (sgran@debian.org) [120702 13:25]:
> > Policy says packages can't rely on the layout of /home/
> > Some packages invoke adduser --system without the switch --home
> > In this case, adduser creates a user with $HOME under /home/
> 
> Question now is how bad is "directory created unter /home" really. Is
> this RC?

piuparts surely thinks so.

Greetings
Marc

Message #102 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-bugs@zugschlus.de>

To: Stephen Gran <sgran@debian.org>, 679746@bugs.debian.org

Cc: Marc Haber <mh+debian-bugs@zugschlus.de>, Andreas Barth <aba@ayous.org>

Subject: Re: Bug#679746: [Adduser-devel] Bug#679746: Bug#679746: Bug#679746: default --system home directory leads to piuparts RC bugs

Date: Mon, 25 Nov 2013 12:00:38 +0100

On Sun, Dec 16, 2012 at 07:46:21PM +0000, Stephen Gran wrote:
> Is one of you interested in filing a bug on lintian for the new warning?

Done. #730456

Greetings
Marc

Message #107 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-packages@zugschlus.de>

To: 679746@bugs.debian.org, 679746-submitter@bugs.debian.org

Cc: Stephen Gran <sgran@debian.org>, Andreas Barth <aba@ayous.org>, Marc Haber <mh+debian-packages@zugschlus.de>

Subject: Re: Bug#679746: [Adduser-devel] Bug#679746: Bug#679746: Bug#679746: default --system home directory leads to piuparts RC bugs

Date: Tue, 8 Mar 2022 08:57:45 +0100

Control: retitle -1 adduser --system should default to --home /nonexistent
Control: severity -1 important

On Mon, Nov 25, 2013 at 12:00:38PM +0100, Marc Haber wrote:
> On Sun, Dec 16, 2012 at 07:46:21PM +0000, Stephen Gran wrote:
> > Is one of you interested in filing a bug on lintian for the new warning?
> 
> Done. #730456

This Lintian check has been implemented back in 2013, so packages not
setting --home on adduser --system calls get flagged with a Lintian  
"Error".

I think that adduser --system should change to default to /nonexistent
if no --home is given. This should be mentioned in NEWS.Debian
(refering to the lintian check maintainer-script-lacks-home-in-adduser)
and the manpage for --system should also state the the home directory
will be set to /nonexistent if not explicitly set.

Greetings
Marc

Message #119 received at 679746@bugs.debian.org (full text, mbox, reply):

From: Matt Barry <matt@hazelmollusk.org>

To: 679746@bugs.debian.org

Subject: system users @ /nonexistent

Date: Tue, 24 May 2022 22:33:01 -0400

Control: tags -1 patch

This patch [0] implements the default system user home dir as
/nonexistent.  Feedback welcome!

Cheers,
Matt

[0] https://salsa.debian.org/debian/adduser/-/merge_requests/20

Message #124 received at 679746-submitter@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-packages@zugschlus.de>

To: 679746-submitter@bugs.debian.org

Subject: Bug#679746 marked as pending in adduser

Date: Tue, 31 May 2022 10:24:32 +0000

Control: tag -1 pending

Hello,

Bug #679746 in adduser reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/debian/adduser/-/commit/cb338303d11925bd9b0212069f4d1c3e68e7d3c2

------------------------------------------------------------------------
System account home dir defaults to /nonexistent

Closes: #679746
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/679746

Message #131 received at 679746-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 679746-close@bugs.debian.org

Subject: Bug#679746: fixed in adduser 3.122

Date: Wed, 13 Jul 2022 19:03:47 +0000

Source: adduser
Source-Version: 3.122
Done: Marc Haber <mh+debian-packages@zugschlus.de>

We believe that the bug you reported is fixed in the latest version of
adduser, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 679746@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marc Haber <mh+debian-packages@zugschlus.de> (supplier of updated adduser package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 13 Jul 2022 20:30:00 +0200
Source: adduser
Architecture: source
Version: 3.122
Distribution: unstable
Urgency: low
Maintainer: Debian Adduser Developers <adduser@packages.debian.org>
Changed-By: Marc Haber <mh+debian-packages@zugschlus.de>
Closes: 202943 239825 398793 432562 520037 521883 588872 643559 664869 675804 679746 685532 701110 723572 774046 849265 874560 891748 896916 908997 920739 923059 925511 926262 969217 977678 979385 983405 992163 1001863 1006897 1006941 1006975 1007785 1008081 1008091 1014395 1014448
Changes:
 adduser (3.122) unstable; urgency=low
 .
   [ Marc Haber ]
   * improve package description.
   * Standards-Version: 4.6.1 (no changes necessary)
   * clean out EXTRA_GROUPS to only contain users.
     Thanks to Daniel Keast. (Closes: #849265)
   * add SECURITY section to manual pages.
   * add test for backups of home directory.
   * improve and update lintian overrides.
   * Formatting changes to manual pages.
     Thanks to Markus Hiereth. (Closes: #874560)
   * fix some typos in manual pages.
   * set VERBOSE and DEBUG envvars in deluser as well. (Closes: #1006897)
   * add documentation about adduser being a policy layer. (Closes: #1007785)
   * try to clarify system account terminology (policy vs system).
     (Closes: #1006975)
   * Document that only adduser --system is idempotent. (Closes: #723572)
   * error out for two-argument addgroup.
     Thanks to Mike Dornberger. (Closes: #664869)
   * make --add_extra_groups into --add-extra-groups. (Closes: #1014395)
   * --force-badname is now --allow-badname. (Closes: #1014448)
   * update turkish debconf translation.
     Thanks to Atila KOÇ. (Closes: #908997)
   * Update Russian debconf translation.
     Thanks to Lev Lamberov. (Closes: #920739)
   * Update Danish debconf translation (Closes: #923059)
   * Update Italian debconf translation.
     Thanks to Luca Monducci. (Closes: #969217)
   * Update German man page translation.
     Thanks to Helge Kreutzmann. (Closes: #977678)
   * Update European Portuguese translation of man page.
     Thanks to Américo Monteiro. (Closes: #925511)
   * disable translated manpages, none left for the time being.
   * deprecate planned directory service support.
   * Add docs about adduser.local being the place to interact with DS,
   * Some improvements to autopkgtests.
 .
   [ Matt Barry ]
   * System account home dir defaults to /nonexistent. (Closes: #679746)
   * do not accept all-numeric user names. (Closes: #891748)
   * prompts need y/n/empty(default).
   * Implement SYS_DIR_MODE. (Closes: #1008081, #202943, #398793)
   * Implement SYS_NAME_REGEX. (Closes: #521883, #432562)
   * Deprecate SETGID_HOME.
     Add NEWS/TODO items. (Closes: #643559, #979385, #1008091, #643559)
   * Fix ignored files for --remove-all-files.
     (Closes: #1001863, #588872, #926262, #992163)
   * Redefines the default NO_DEL_PATHS to avoid unnecessary
     scanning.
   * Change deluser_files test to use gzip.
   * Fix deletion of sockets/pipes. (Closes: #685532)
   * Simplify checkname sub.  (Closes: #1006941)
   * Adds support for lock files. (Closes: #983405)
   * Username validity testing framework.
   * Add --allow-all-names to bypass --force-badname.
     (Closes: #520037, #774046)
   * use warnf instead of printf in some places. (Closes: #675804)
   * Support tar --auto-compress for backups. (Closes: #896916)
   * Many improvements to autopkgtests. (Closes: 239825)
 .
   [ Jason Franklin ]
   * Allow for cloned-UID users in group member lists.
     Thanks to Daniel Heimann. (Closes: #701110)
Checksums-Sha1:
 5cbcec9f80e5c73198307edb7040c5c12bb35d3f 1683 adduser_3.122.dsc
 ccf7c4e3efec29257e3b484bb53c2a55d69e0455 230224 adduser_3.122.tar.xz
 27c0ec7f2d7048ddfd7f89dc33012bef7a8e5866 5697 adduser_3.122_source.buildinfo
Checksums-Sha256:
 584ed616d8ac705daffc96564ef45fb34f2eb9663f7348013adea0e4539a869c 1683 adduser_3.122.dsc
 5f093054c0f0c90c313d704f7af6d338f334df793942fafd43e5a8e6c63236c4 230224 adduser_3.122.tar.xz
 7f92d3de2b5ea8da31088424a2043831dedc8aab8f60158e37455cb3a350d63e 5697 adduser_3.122_source.buildinfo
Files:
 0c7d4c5bcd648b829bcaa58101fecbb7 1683 admin important adduser_3.122.dsc
 1da1b75966877f902c4b6d0d5f105609 230224 admin important adduser_3.122.tar.xz
 ab9602ba5d83a6de88ab29bb2e76d961 5697 admin important adduser_3.122_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE6QL5UJ/L0pcuNEbjj3cgEwEyBEIFAmLPEWMACgkQj3cgEwEy
BELCfhAAujNsWZNpvvi2vpDICGMPprz7MooXq5B4fe6fR6nR5Pizh+0E9Skh7NVl
Z5qJvIzcNcva+/TYkml0wO77H1fPefQ+sgxCHmtUTBwK9LZPdh0b6MrWK7hWnhk0
QI/mRMKoNUrMSpVz6suvetUrHvVymWBv/hsQHTt5uSOAB/Wqwbfdt0VFYgQ2i+Yd
Vtr1+U4yjPZ+j9kAFg7HYnVc2Jh8J07ipRrSRnC07AB3wvwcunUiv2fOzJi4S51S
9n/LllsXNS4629siVKDspKOtaak3dpXRPLHFgB+hPlZRhdCCKWoto9TrY1e3XY8N
zZRSYVULaH9OkuIFx6yoUuChhDmteyZ+C0TJlv+qaigf34/qaqF15pu4ee5ZlmuT
SYHI2vcYQ0yXJ92U2U56hYvlzFZufyopWUQkALKwGEzq13LMlMtTJhKypl2PnwzF
jL/n0r0P92kSUd0BAFuzsdp3PPkQoTG9hSTf5BQAXN9JR1dYkIjc95si8KKZ+FD+
Gda+o46EUo3tLgAYGxStxoPsgNb8n2mePrFB5cXERL84uimeVNMg4Hnmt8+cqnYw
jbdDxODIBNsgoCYEqqTe2NOyBQv5gPb0PXYekiHNFRH70sTJDPIjQkrnrYQX73xZ
W5ap2XFEMpqGrFa8VyUwRl15/MAg5Ds0bRi7GzlGPKIKKK8PFFI=
=6vgg
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.