debian packages and user management
<s>Sad</s> Happy discovery of the day
Today I learned a tragic fact: Debian packages create system users for services by means of postinst scripts written in Bash.
I’ve inspected a few packages: bind9, cups, influxdb, ssh, dbus, systemd. They all use adduser
to create system users:
set_ssh_agent_permissions() {
if ! getent group ssh >/dev/null; then
addgroup --system --quiet ssh
fi
if ! dpkg-statoverride --list /usr/bin/ssh-agent >/dev/null; then
chgrp ssh /usr/bin/ssh-agent
chmod 2755 /usr/bin/ssh-agent
fi
}
I absolutely detest writing new bash code by hand. My hands are too weak to bear responsibility for bash-infestation). Yet, it’s the single option available.
There isn’t even a debhelper script to generate this nasty things. Only manual error-prone bash-esque grind is available.
Update
I was pointed at debian-mentors maillist to dh-sysuser package, which provides dh_sysuser helper, which reads sysuser
file and do what it says.
There is still a bash script in resulting deb, but, at least, it is generated from configuration file.