[Pkg-openldap-devel] Upload to fix the slurpd spool directory or ?

Steve Langasek vorlon at debian.org
Thu May 25 21:07:39 UTC 2006 

On Thu, May 25, 2006 at 10:37:00PM +0200, Matthijs Mohlmann wrote:

> > In short: Running as non-root is quite functional (apart from the need 
> > to move the .args file), but auto creating a user and removing it is 
> > evil IMHO, at least with the current Debian infrastructure. The last 
> > time I looked there was no official way to do this and I am running into
> > problems with the usual adduser method all the times which is why I 
> > would like to discuss our approach further before implementing it.

> AFAIK, a lot of people are doing that in the postinst / preinst scripts.
> For example postfix, amavisd-new, cyrus-imapd, clamav-base, etc are
> creating a user in the postinst.

> Proposed implementation:
> if [ -z "`getent group openldap`" ]; then
>   addgroup --quiet --system openldap
> fi
> if [ -z "`getent passwd openldap`" ]; then
>   adduser --quiet --system --home /var/lib/ldap --shell /bin/false
> - --ingroup openldap --disabled-password --disabled-login --gecos
> "OpenLDAP" openldap
> fi

> This will create a 'system' account and their is a check if the user is
> already on the system available.

> On removal of the user:
> deluser --system openldap > /dev/null || true

> This will remove only the user openldap if that user is also a system user.

> I think this is the right way to add/remove a user from the system.

Well, I kind of alluded in my previous mail that there might be some issues
with this removal.  If the admin has set up multiple directories in their
config, scattered in who-knows-what places on the filesystem, then these
directories will be left in place when the package is purged, right?  The
admin may even have created a directory at one point, later removed it from
the config without removing the data files, and then purged the slapd
package, correct?

So if you remove the user on purge without removing all the data files it
may own on the system, you are declaring to the system that the uid is
available for reuse -- while it still owns files on the filesystem.  This
means that whatever new (system) user is created has read access to these
old files, which may be a security hole.

In this case, I think it's better to not remove the system user, even on
purge.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20060525/1c65a9ab/attachment.pgp

More information about the Pkg-openldap-devel mailing list