On 02/03/15 at 02:27pm, Evangelos Foutras wrote:
On 03/02/15 13:46, Allan McRae wrote:
Hi all,
While looking into how best handle those directory permission warnings with pacman-4.2, I have noticed a couple of things about user/group management in our packages.
1) We should not remove users/groups when packages are uninstalled. This is a potential security issue if any files are left owned by the non-existent user/group.
2) Most packages that chown files in the install file could do it use the user/group number in the PKGBUILD. This works on any package with a reserved user/group ID. The advantage of doing this is that pacman can track the permissions. (A solution is being worked on for dynamically created user/groups whose id number can vary.)
Should I create a rebuild list?
I'd say yes and I agree on both points.
This is also a perfect opportunity to mention systemd-sysusers(8) which, along with sysusers.d(5) entries, can greatly simplify the creation of system users.
For an example, check out the openldap package:
https://projects.archlinux.org/svntogit/packages.git/tree/trunk/slapd.sysuse...
https://projects.archlinux.org/svntogit/packages.git/tree/trunk/openldap.ins...
-1 for systemd-sysusers unless you can figure out a way to use it in pre_install. In order for the dynamic user creation Allan mentioned to work, pacman will have to be changed to use symbolic user names for file ownership which requires the user to exist *before* the package is extracted. apg