1 |
On Wed, Feb 12, 2020 at 10:02 AM Christopher Head <chead@×××××.ca> wrote: |
2 |
|
3 |
> Hi all, |
4 |
> Yesterday something surprised me. I updated my system and got the |
5 |
> acct-{user,group}/lighttpd for the first time. Because lighttpd was |
6 |
> running, package installation failed to change the home directory—fine, it |
7 |
> printed an error message, I stopped the server, changed the home directory |
8 |
> by hand, and started the server back up. |
9 |
> |
10 |
> What I didn’t realize was that it also, successfully, removed the lighttpd |
11 |
> user from a couple of auxiliary groups I had put it in. It did this without |
12 |
> telling me, without printing any messages. I only noticed because I |
13 |
> happened to look at syslog and discovered that usermod or gpasswd or |
14 |
> whatever it called had logged the changes. Presumably this has broken a |
15 |
> service or two (nothing too critical) since now Lighttpd won’t be able to |
16 |
> connect to SCGI sockets any more. |
17 |
> |
18 |
|
19 |
I'm not convinced this behavior is correct, so we may be able to just fix |
20 |
it. |
21 |
|
22 |
-A |
23 |
|
24 |
|
25 |
> |
26 |
> Does it make sense for these ebuilds to print out all the changes they |
27 |
> make to existing users and groups, so that the sysadmin can see what |
28 |
> happened and immediately look into alternative solutions if it breaks |
29 |
> something, rather than silently changing things? Maybe this could even be |
30 |
> limited to cases where the package is being newly installed (not upgraded) |
31 |
> and the user or group already exists, to ease migration from the old world |
32 |
> where sysadmins are easily able to do anything we want with our users and |
33 |
> groups to the new world where we’re expected to leave them alone as the |
34 |
> ebuilds make them, or worst case make out changes in an overlay. |
35 |
> |
36 |
> Thoughts? |
37 |
> -- |
38 |
> Christopher Head |