Gentoo Archives: gentoo-dev

From: Christopher Head <chead@×××××.ca>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] Changes made by acct-* ebuilds
Date: Wed, 12 Feb 2020 18:02:49
Message-Id: 6A29F6A2-AA53-4B7A-A24A-6639993ABD17@chead.ca
Hi all,
Yesterday something surprised me. I updated my system and got the acct-{user,group}/lighttpd for the first time. Because lighttpd was running, package installation failed to change the home directory—fine, it printed an error message, I stopped the server, changed the home directory by hand, and started the server back up.

What I didn’t realize was that it also, successfully, removed the lighttpd user from a couple of auxiliary groups I had put it in. It did this without telling me, without printing any messages. I only noticed because I happened to look at syslog and discovered that usermod or gpasswd or whatever it called had logged the changes. Presumably this has broken a service or two (nothing too critical) since now Lighttpd won’t be able to connect to SCGI sockets any more.

Does it make sense for these ebuilds to print out all the changes they make to existing users and groups, so that the sysadmin can see what happened and immediately look into alternative solutions if it breaks something, rather than silently changing things? Maybe this could even be limited to cases where the package is being newly installed (not upgraded) and the user or group already exists, to ease migration from the old world where sysadmins are easily able to do anything we want with our users and groups to the new world where we’re expected to leave them alone as the ebuilds make them, or worst case make out changes in an overlay.

Thoughts?
-- 
Christopher Head

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-dev] Changes made by acct-* ebuilds Alec Warner <antarus@g.o>
Re: [gentoo-dev] Changes made by acct-* ebuilds "Michał Górny" <mgorny@g.o>
Re: [gentoo-dev] Changes made by acct-* ebuilds Thomas Deutschmann <whissi@g.o>