Remove a package together with a user and a group
Greetings! Users and groups created when installing some packages (avahi, usbmuxd) are not deleted along with its removal. Is it related to https://archlinux.org/todo/pacman-hooks-systemd-sysuserstmpfiles/ and requires some changes? Or should I always delete them manually? -- With respect and best regards, Mailsh.
Users and groups created when installing some packages (avahi, usbmuxd) are not deleted along with its removal. Is it related to https://archlinux.org/todo/pacman-hooks-systemd-sysuserstmpfiles/ and requires some changes? Or should I always delete them manually? Hello,
If you decide, that you no longer need a user or a group, you have to manually delete it. This has to be a conscious decision, which is not something pacman or packages can do. I can’t locate authoritative information right now, but I believe the linked TODO entry from 2017 was related to replacing manual invocations of `systemd-tmpfiles` and `systemd-sysusers` with the corresponding drop-in configuration files. See commits cd35d646⁽¹⁾ and 072e646d⁽²⁾ as examples. ____ ⁽¹⁾ https://gitlab.archlinux.org/archlinux/packaging/packages/apache/-/commit/cd... ⁽²⁾ https://gitlab.archlinux.org/archlinux/packaging/packages/mariadb/-/commit/0...
On 10/10/23 23:10, mail.sh@tuta.io wrote:
Users and groups created when installing some packages (avahi, usbmuxd) are not deleted along with its removal. Is it related to https://archlinux.org/todo/pacman-hooks-systemd-sysuserstmpfiles/ and requires some changes? Or should I always delete them manually?
There's a security reason for this. If you removed users and groups, but some file was still left (think stuff under /var, for example... or because you didn't pass -n to 'pacman -R'), that file would become "orphaned." An "orphan" file is a file that retains its UID and GID in its metadata, but those UID/GID numbers now don't correlate to any existing user/group. Now imagine a new user/group is created with that exact same UID/GID (e.g., possible to do using 'useradd -uo' and 'groupadd -go', respectively). All those files would fall under the ownership of that new user/group... which could open the way for non-desired access. OTOH, this also makes reinstalling the software easier if files were left on the system. All previously owned files will be immediately accesible by the reinstalled software. That's why removal of groups and users is left to the manual intervention of the sysadmins. -- Ariadna Vigo
participants (3)
-
Ariadna Vigo
-
mail.sh@tuta.io
-
mpan