On 12/05/2025 21:52, Simon Josefsson wrote:
Marco d'Itri <m...@linux.it> writes:
On May 12, Simon Josefsson <si...@josefsson.org> wrote:
Having some mechanism to create package-specific users seems like one
useful goal, and I don't understand why each package has to write
scripts to invoke 'adduser' and deal with all the complexity around that
on their own. There could be a declarative interface a package can use
and say 'USERS+=saned' or 'USERS+=munin' or 'USERS+=openldap' and that's
it.
We have one: it is documented in sysusers.d(5).
Now you just need to persuade everybody to use it.
Oh I wasn't aware of that, thanks for the pointer. Is there any known
reason (except lack of time) that people aren't using it? I'll see if I
can come up with a way to use it in some packages, I think 'pqconnect'
would be a good candidate -- the postinst script is only there to call
addgroup+adduser and it always felt like a hack.
https://salsa.debian.org/python-team/packages/pqconnect/-/issues/13
Relatively new perhaps. Needs a little fiddling to work with debhelper
compat level 13 (needs dh helper called from d/rules).
You sponsored ntfy with one example of it. Small hint is not to forget
the d/rules call to dh_installsysusers.
https://salsa.debian.org/go-team/packages/ntfy/-/blob/debian/latest/debian/ntfy.sysusers?ref_type=heads
--
Regards,
Ahmad
