Andreas Beckmann <deb...@abeckmann.de> writes: > On 2012-01-17 14:42, Fredrik Thulin wrote: >> On Tue, Jan 17, 2012 at 2:30 PM, Andreas Beckmann <deb...@abeckmann.de> >> wrote: >> ... >>> during a test with piuparts I noticed your package left unowned files on >>> the system after purge, which is a violation of policy 6.8: >> >> Hi >> >> Thank you for taking the time to provide references and good >> suggestions. I too had noticed the piuparts failure and sent the >> following question to my sponsoring developer, but since he seems busy >> at the moment maybe you can comment on my proposed fix so I can get a >> new version uploaded quicker? That would be much appreciated. >> >> My proposed solution : >> >> ... maybe I should change the adduser in yhsm-yubikey-ksm.postinst like this >> >> - adduser --quiet --system --group --disabled-password --system >> --shell /bin/sh yhsm-ksmsrv >> + adduser --quiet --system --group --disabled-password --system >> --shell /bin/sh --home /var/cache/yubikey-ksm --no-create-home >> yhsm-ksmsrv > > adduser --quiet --system --group --no-create-home --disabled-password > --shell /bin/sh $MYUSERNAME > > Do you need a group called $MYUSERNAME? Otherwise replace --group with > --ingroup dialout and skip the addition to group dialup. > > Do you need a shell? otherwise drop --shell and you'll get /bin/false. > With --no-create-home --home is optional, but if you don't need the home > for anything ... So > > adduser --quiet --system --ingroup dialout --no-create-home > --disabled-password $MYUSERNAME > > may be sufficient. > > You should consider adding clenaup code that only triggers on upgrades > from that faulty version by removing the old user+group+home and recreating > the user properly
Thanks for help! I'm not sure we need a group, typically these files are never written by the yhsm-ksmsrv process, only read. So the user can use u=r permissions and root can put the files under some other group with write permissions? Perhaps we should also align the username with the directory basename in /var/cache? It seems confusing to have the username be separate from the basename of the home directory. I don't see any need for a shell, right Fredrik? /Simon -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
