On Sun, May 29, 2011 at 08:32:21PM +0100, Roger Leigh wrote: > We could add special behaviour to adduser to unlock the account > if it already exists when run in the postinst.
Yes. > However, most postinsts wrap the call to adduser with a check for > whether the account already exists, Which would be a bug in the maintainer scripts. > I dislike the fact that the behaviour of adduser and deluser would, > in effect, /not/ add or delete users as intended, which is rather > counter-intuitive. adduser --system is designed (and, IIRC, documented) to have the effect of "after the call to adduser --system, the account will exist and is useable. The only case when adduser --system really errors out is when the account already exists but is not a system account." > Providing that we have consensus on a recommended strategy for > locking and unlocking accounts which can go into policy, I think all > we need are examples for how maintainer scripts are expected to > handle account creation and locking/unlocking. The would be rather easy. Account creation/unlocking would happen with an unwrapped call to adduser --system, account locking with a call to the appropriate back-end command, or we could add an lockuser command to the adduser package. I think, the latter would be preferable since we would then be able to add sugar to the locking process. A wishlist bug against adduser is in order. Greetings Marc, with a rather worn and dusty adduser hat on -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110530084708.gc27...@torres.zugschlus.de
