[Pkg-net-snmp-devel] Bug#911132: snmpd: Upgrading the snmpd package removes system user named "snmp"

Salvatore Bonaccorso carnil at debian.org
Tue Oct 16 09:01:53 BST 2018

Control: found -1 5.7.3+dfsg-1.1

Hi Ramon,

On Tue, Oct 16, 2018 at 09:21:56AM +0200, Ramon Cahenzli wrote:
> Package: snmpd
> Version: 5.7.3+dfsg-1.7+deb9u1
> Severity: normal           
> Dear Maintainer,
> The snmp package appears to remove any system user named "snmp"
> whenever it is upgraded.
> How to reproduce:
>   1. Downgrade your snmpd package (e.g. by removing the package,
>      removing the security repository and installing the package
>      again from the main repository)
>   2. Create a system user called "snmp"
>   3. Add the security repository, apt-get update and apt-get upgrade.
>      Observe that the snmpd package will be upgraded.
>   4. Observe that the user "snmp" is gone from the system.
> The expected outcome would be that the user "snmp" still exists. 
> Ever since the migration to the user "Debian-snmp", admins may be using
> users called "snmp" for other purposes than what Debian-snmp is
> intended for, so snmpd shouldn't remove these users.

This seems to have been on purpose since the change from snmp to
Debian-snmp https://salsa.debian.org/debian/net-snmp/commit/deed97ccd6178302f2cda6e98dc2db6416fba3c0 

The intention seems to have been, that if it is a system user, then it
was created by the package, and can be as well removed.

This though might not be safe in each variant/setup, as your usecase


More information about the Pkg-net-snmp-devel mailing list