From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 1D8791382C5 for ; Mon, 4 Jan 2021 02:42:05 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9E0E0E092E; Mon, 4 Jan 2021 02:42:01 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6573DE0922 for ; Mon, 4 Jan 2021 02:42:01 +0000 (UTC) Received: by mail-io1-f52.google.com with SMTP id w18so23784643iot.0 for ; Sun, 03 Jan 2021 18:42:00 -0800 (PST) X-Gm-Message-State: AOAM5328BweNh+4ZZU/I+e/Y+arMftU65+w6R+jeY75v+Lb/YBxbHlAQ KYj6tDZSl3J+ak7JpD8O0ybsK1gdl+UPplUmcSk= X-Google-Smtp-Source: ABdhPJxlhTwu+9JJcj/LAy7DtxZjdAC0BnJN81u/dfC0FyPF4Ck85/JFn5dWvO0MKWHBHnZ0vdR3JymntMJt+naFwnI= X-Received: by 2002:a6b:8e41:: with SMTP id q62mr57398895iod.5.1609728118267; Sun, 03 Jan 2021 18:41:58 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 References: <20210104013558.20072-1-whissi@gentoo.org> In-Reply-To: <20210104013558.20072-1-whissi@gentoo.org> From: Mike Gilbert Date: Sun, 3 Jan 2021 21:41:47 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [gentoo-dev] [PATCH] acct-user.eclass: don't modify existing user by default To: Gentoo Dev Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: 736a8308-c25d-47b0-8686-0ae8a7418a2c X-Archives-Hash: 36c79d83e8fcdb8bdb01529660dbec22 On Sun, Jan 3, 2021 at 8:35 PM Thomas Deutschmann wrote: > > Modifying an existing user is a bad default and makes Gentoo > special because it is common for system administrators to make > modifications to user (i.e. putting an user into another service's > group to allow that user to access service in question) and it > would be unexpected to see these changes reverted during normal > world upgrade (which could break services). > > This commit will make Gentoo behave like any other Linux distribution > by respecting any user modifications by default. However, we will retain > the functionality to reset system user and groups and users interested > in this feature can opt-in by setting > ACCT_USER_ALLOW_EXISTING_USER_TO_BE_MODIFIED to a non-zero value in > their make.conf. So the main problem I see with doing this is that it becomes impossible to reliably make changes to a user in later ebuild revisions. Developers may want/need to deploy changes to user attributes. Changing group memberships seems like the best example, but I could foresee a want/need to change DESCRIPTION, HOME, or SHELL as well. Because of this, I think the new behavior should be opt-in, and people who use it should be aware that they will need to pay attention if any account changes are rolled out in new ebuild versions. > diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass > index 22b0038fbff7..d60b1e53b4bb 100644 > --- a/eclass/acct-user.eclass > +++ b/eclass/acct-user.eclass > @@ -309,6 +321,20 @@ acct-user_pkg_pretend() { > fi > } > > +# @FUNCTION: acct-user_pkg_setup > +# @DESCRIPTION: > +# Initialize internal environment variable(s). > +acct-user_pkg_setup() { > + debug-print-function ${FUNCNAME} "${@}" > + > + # check if user already exists > + ACCT_USER_ALREADY_EXISTS= > + if [[ -n $(egetent passwd "${ACCT_USER_NAME}") ]]; then > + ACCT_USER_ALREADY_EXISTS=yes > + fi > + readonly ACCT_USER_ALREADY_EXISTS > +} I don't think this pkg_setup function is necessary; you could do this in pkg_preinst instead, before enewuser gets called.