Debian Bug report logs -
#779880
adduser: deluser should delete users from AllowUsers field in sshd_config
Reported by: Eric Light <it@forlongs.co.nz>
Date: Thu, 5 Mar 2015 21:51:02 UTC
Severity: wishlist
Found in version adduser/3.113+nmu3
Done: Stephen Gran <sgran@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, it@forlongs.co.nz, Debian Adduser Developers <adduser-devel@lists.alioth.debian.org>:
Bug#779880; Package adduser.
(Thu, 05 Mar 2015 21:51:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Eric Light <it@forlongs.co.nz>:
New Bug report received and forwarded. Copy sent to it@forlongs.co.nz, Debian Adduser Developers <adduser-devel@lists.alioth.debian.org>.
(Thu, 05 Mar 2015 21:51:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: adduser
Version: 3.113+nmu3
Severity: wishlist
Dear Maintainer,
In trying to optimise SSH security, I've limited our incoming users with the AllowUsers field in /etc/ssh/sshd_config.
When running 'deluser test', the test user still exists as an entry in AllowUsers.
When deleting a user, it would be good if the deleted user entry were also deleted from this location.
Alternatively, if the AllowUsers field appears to be in use, a warning message after the deletion of the user, to remind the system administrator to tidy up sshd_config. :)
Thanks,
Eric
-- System Information:
Debian Release: 7.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages adduser depends on:
ii debconf [debconf-2.0] 1.5.49
ii passwd 1:4.1.5.1-1
ii perl-base 5.14.2-21+deb7u2
adduser recommends no packages.
Versions of packages adduser suggests:
ii liblocale-gettext-perl 1.05-7+b1
ii perl-modules 5.14.2-21+deb7u2
-- debconf information:
adduser/homedir-permission: true
adduser/title:
Reply sent
to Stephen Gran <sgran@debian.org>:
You have taken responsibility.
(Sun, 08 Mar 2015 09:51:10 GMT) (full text, mbox, link).
Notification sent
to Eric Light <it@forlongs.co.nz>:
Bug acknowledged by developer.
(Sun, 08 Mar 2015 09:51:10 GMT) (full text, mbox, link).
Message #10 received at 779880-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
This one time, at band camp, Eric Light said:
> Dear Maintainer,
>
> In trying to optimise SSH security, I've limited our incoming users
> with the AllowUsers field in /etc/ssh/sshd_config.
>
> When running 'deluser test', the test user still exists as an entry in
> AllowUsers.
>
> When deleting a user, it would be good if the deleted user entry were
> also deleted from this location.
>
> Alternatively, if the AllowUsers field appears to be in use, a warning
> message after the deletion of the user, to remind the system
> administrator to tidy up sshd_config. :)
I'm afraid that what you're asking for would be a violation of Debian
policy. What I might do in your shoes to replicate such functionality
would be to create /usr/local/bin/deluser.local with the functionality
you ask for. Or move to adding users to an 'sshuser' group and managing
it that way.
Cheers,
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sgran@debian.org |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
[signature.asc (application/pgp-signature, inline)]
Message #11 received at 779880-done@bugs.debian.org (full text, mbox, reply):
Aha, I see. Thanks Stephen, I'll follow your advice re the 'sshuser' group. :)
-----Original Message-----
From: Stephen Gran [mailto:sgran@debian.org]
Sent: Sunday, 8 March 2015 10:32 p.m.
To: Eric Light; 779880-done@bugs.debian.org
Subject: Re: [Adduser-devel] Bug#779880: adduser: deluser should delete users from AllowUsers field in sshd_config
Hi,
This one time, at band camp, Eric Light said:
> Dear Maintainer,
>
> In trying to optimise SSH security, I've limited our incoming users
> with the AllowUsers field in /etc/ssh/sshd_config.
>
> When running 'deluser test', the test user still exists as an entry in
> AllowUsers.
>
> When deleting a user, it would be good if the deleted user entry were
> also deleted from this location.
>
> Alternatively, if the AllowUsers field appears to be in use, a warning
> message after the deletion of the user, to remind the system
> administrator to tidy up sshd_config. :)
I'm afraid that what you're asking for would be a violation of Debian policy. What I might do in your shoes to replicate such functionality would be to create /usr/local/bin/deluser.local with the functionality you ask for. Or move to adding users to an 'sshuser' group and managing it that way.
Cheers,
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sgran@debian.org |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 06 Apr 2015 07:30:20 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Jul 1 22:01:04 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.