On Wed, Feb 12, 2020 at 10:02 AM Christopher Head <ch...@chead.ca> wrote:
> Hi all,
> Yesterday something surprised me. I updated my system and got the
> acct-{user,group}/lighttpd for the first time. Because lighttpd was
> running, package installation failed to change the home directory—fine, it
> printed an error message, I stopped the server, changed the home directory
> by hand, and started the server back up.
>
> What I didn’t realize was that it also, successfully, removed the lighttpd
> user from a couple of auxiliary groups I had put it in. It did this without
> telling me, without printing any messages. I only noticed because I
> happened to look at syslog and discovered that usermod or gpasswd or
> whatever it called had logged the changes. Presumably this has broken a
> service or two (nothing too critical) since now Lighttpd won’t be able to
> connect to SCGI sockets any more.
>
I'm not convinced this behavior is correct, so we may be able to just fix
it.
-A
>
> Does it make sense for these ebuilds to print out all the changes they
> make to existing users and groups, so that the sysadmin can see what
> happened and immediately look into alternative solutions if it breaks
> something, rather than silently changing things? Maybe this could even be
> limited to cases where the package is being newly installed (not upgraded)
> and the user or group already exists, to ease migration from the old world
> where sysadmins are easily able to do anything we want with our users and
> groups to the new world where we’re expected to leave them alone as the
> ebuilds make them, or worst case make out changes in an overlay.
>
> Thoughts?
> --
> Christopher Head
