[Dev] Fwd: [arch-dev-public] user/group management in packages

Nicolás Reynolds fauno at endefensadelsl.org
Tue Feb 3 14:04:56 GMT 2015


-------------------- Start of forwarded message --------------------
Date: Tue, 03 Feb 2015 14:27:14 +0200
From: Evangelos Foutras <evangelos at foutrelis.com>
To: Public mailing list for Arch Linux development
 <arch-dev-public at archlinux.org>
Subject: Re: [arch-dev-public] user/group management in packages

On 03/02/15 13:46, Allan McRae wrote:
> Hi all,
> While looking into how best handle those directory permission warnings
> with pacman-4.2, I have noticed a couple of things about user/group
> management in our packages.
> 1) We should not remove users/groups when packages are uninstalled. This
> is a potential security issue if any files are left owned by the
> non-existent user/group.
> 2) Most packages that chown files in the install file could do it use
> the user/group number in the PKGBUILD.  This works on any package with a
> reserved user/group ID.  The advantage of doing this is that pacman can
> track the permissions.  (A solution is being worked on for dynamically
> created user/groups whose id number can vary.)
> Should I create a rebuild list?

I'd say yes and I agree on both points.

This is also a perfect opportunity to mention systemd-sysusers(8) which,
along with sysusers.d(5) entries, can greatly simplify the creation of
system users.

For an example, check out the openldap package:


-------------------- End of forwarded message --------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 584 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20150203/11fb4fa0/attachment.sig>

More information about the Dev mailing list