| 1 |
On Wed, Feb 12, 2020 at 10:02 AM Christopher Head <chead@×××××.ca> wrote: |
| 2 |
|
| 3 |
> Hi all, |
| 4 |
> Yesterday something surprised me. I updated my system and got the |
| 5 |
> acct-{user,group}/lighttpd for the first time. Because lighttpd was |
| 6 |
> running, package installation failed to change the home directory—fine, it |
| 7 |
> printed an error message, I stopped the server, changed the home directory |
| 8 |
> by hand, and started the server back up. |
| 9 |
> |
| 10 |
> What I didn’t realize was that it also, successfully, removed the lighttpd |
| 11 |
> user from a couple of auxiliary groups I had put it in. It did this without |
| 12 |
> telling me, without printing any messages. I only noticed because I |
| 13 |
> happened to look at syslog and discovered that usermod or gpasswd or |
| 14 |
> whatever it called had logged the changes. Presumably this has broken a |
| 15 |
> service or two (nothing too critical) since now Lighttpd won’t be able to |
| 16 |
> connect to SCGI sockets any more. |
| 17 |
> |
| 18 |
|
| 19 |
I'm not convinced this behavior is correct, so we may be able to just fix |
| 20 |
it. |
| 21 |
|
| 22 |
-A |
| 23 |
|
| 24 |
|
| 25 |
> |
| 26 |
> Does it make sense for these ebuilds to print out all the changes they |
| 27 |
> make to existing users and groups, so that the sysadmin can see what |
| 28 |
> happened and immediately look into alternative solutions if it breaks |
| 29 |
> something, rather than silently changing things? Maybe this could even be |
| 30 |
> limited to cases where the package is being newly installed (not upgraded) |
| 31 |
> and the user or group already exists, to ease migration from the old world |
| 32 |
> where sysadmins are easily able to do anything we want with our users and |
| 33 |
> groups to the new world where we’re expected to leave them alone as the |
| 34 |
> ebuilds make them, or worst case make out changes in an overlay. |
| 35 |
> |
| 36 |
> Thoughts? |
| 37 |
> -- |
| 38 |
> Christopher Head |
Archives