[Pkg-monitoring-maintainers] Bug#815615: ganglia-monitor: Improper user/group removal in maintainer scripts

Dave Rawks dave at pandora.com
Mon Feb 22 22:24:35 UTC 2016 

Package: ganglia-monitor
Version: 3.6.0-6
Severity: important
Tags: patch

Dear Maintainer,

The ganglia-monitor package has some troublesome user/group management routines in it's
maintainer scripts.

Contrary to the recommended practice here: https://wiki.debian.org/AccountHandlingInMaintainerScripts

The maintainer scripts use unguarded userdel and groupdel commands which will fail when the 
ganglia user and group are not defined locally in the /etc/passwd and /etc/group. See inlined patch
which follows recommendations from debian wiki for managing user accounts.



   * What led up to the situation?

Attempts to purge ganglia-monitor on my system fail as I use ldap for central management of user accounts.

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

Attempts at purging ganglia-monitor via `dpkg -P` as well as `apt-get remove --purge` fail.

   * What was the outcome of this action?

'''
$ sudo apt-get remove --purge ganglia-monitor
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libapr1 libconfuse-common libconfuse0 libganglia1 python-sysadtoolkit-sb
Use 'apt-get autoremove' to remove them.
The following packages will be REMOVED:
  ganglia-monitor*
0 upgraded, 0 newly installed, 1 to remove and 140 not upgraded.
After this operation, 241 kB disk space will be freed.
Do you want to continue? [Y/n] 
(Reading database ... 60324 files and directories currently installed.)
Removing ganglia-monitor (3.6.0-6) ...
Purging configuration files for ganglia-monitor (3.6.0-6) ...
userdel: cannot remove entry 'ganglia' from /etc/passwd
dpkg: error processing package ganglia-monitor (--purge):
 subprocess installed post-removal script returned error exit status 1
Processing triggers for man-db (2.7.0.2-5) ...
Errors were encountered while processing:
 ganglia-monitor
E: Sub-process /usr/bin/dpkg returned an error code (1)
'''
 
  * What outcome did you expect instead?

package to be removed with all data and configuration purged.


--PATCH--

Index: a/debian/ganglia-monitor.postinst
===================================================================
--- a/debian/ganglia-monitor.postinst
+++ b/debian/ganglia-monitor.postinst
@@ -1,10 +1,7 @@
 #!/bin/sh
 set -e

-if ! getent passwd ganglia >/dev/null; then
-       echo Adding system user: ganglia.
-       useradd -r -c "Ganglia Monitor" -d "/var/lib/ganglia" -s "/bin/false" -U ganglia
-fi
+adduser --system --gecos "Ganglia Monitor" --home "/var/lib/ganglia" --shell "/bin/false" --group ganglia

 #if we have an old 2.5.x gmond
 if [ -f /etc/gmond.conf ]; then
Index: a/debian/ganglia-monitor.postrm
===================================================================
--- a/debian/ganglia-monitor.postrm
+++ b/debian/ganglia-monitor.postrm
@@ -2,17 +2,16 @@

 if [ "$1" = "purge" ] ; then
    # rm the rrds if this is the last ganglia package being removed.
+   # Only remove ganglia user if gmetad isn't installed
    if [ ! -f /usr/sbin/gmetad ] ; then
         if [ -d /var/lib/ganglia ]; then
                # Remove rrd dir
                rm -rf /var/lib/ganglia/rrds
         fi
-   # Only remove ganglia user if gmetad isn't installed
-        if getent passwd ganglia >/dev/null; then
-                userdel ganglia
-        fi
-        if getent group ganglia >/dev/null; then
-                groupdel ganglia
+        if [ -x "$(command -v deluser)" ]; then
+            deluser --quiet --system ganglia > /dev/null || true
+        else
+            echo >&2 "not removing ganglia system account because deluser command was not found"
         fi
     fi
 fi

--END PATCH--


-- System Information:
Debian Release: 8.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ganglia-monitor depends on:
ii  adduser      3.113+nmu3
ii  libapr1      1.5.1-3
ii  libc6        2.19-18
ii  libconfuse0  2.7-5
ii  libexpat1    2.1.0-6+b3
ii  libganglia1  3.6.0-6
ii  libpcre3     2:8.35-3.3
ii  zlib1g       1:1.2.8.dfsg-2+b1

ganglia-monitor recommends no packages.

ganglia-monitor suggests no packages.

-- no debconf information

More information about the Pkg-monitoring-maintainers mailing list