Package: libuuid1 Version: 2.17.2-3.1 Severity: normal I don't entirely understand why this shared library needs to create a system account, but when the postinst does so, it creates an account with a valid shell. There shouldn't be any need for this, and it is not considered a best practice for system accounts to have valid login shells. (I noticed this when an auditor asked me why the account had a valid shell on our systems.)
Please change the postinst script for libuuid1 to create a user with a shell of /usr/sbin/nologin or /bin/false or something similar. Thanks! -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686-bigmem (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libuuid1 depends on: ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib ii passwd 1:4.1.4.2-1 change and administer password and Versions of packages libuuid1 recommends: pn uuid-runtime <none> (no description available) libuuid1 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
