<!ENTITY % dynamicdata SYSTEM "dynamic.ent" > %dynamicdata;
<!-- CVS revision of this document -->
- <!ENTITY cvs-rev "$Revision: 1.275 $">
+ <!ENTITY cvs-rev "$Revision: 1.276 $">
<!-- if you are translating this document, please notate the CVS
revision of the original developer's reference in cvs-en-rev -->
$SERVER_USER 2>/dev/null || true
echo "..done"
# 4. adjust passwd entry, only do this if the package
- # creates the user
+ # creates the user
usermod -c "$SERVER_NAME" \
-d $SERVER_HOME \
-g $SERVER_GROUP \
$SERVER_USER
else
# The package might want to check if the user already exists
- # and it is *not* a system user, in this case it should abort
- # the installation (like in this example) or ask the administrator
- # since otherwrise it might have unexpected consequences.
- # Some packages try to prevent collision by using a prefix such as 'Debian-'
+ # and it is *not* a system user, in this case it could abort
+ # the installation (like in this example) or ask the administrator.
+ # Using a non-system user as the one in our package could
+ # have unexpected consequences.
+ # Some packages try to prevent this kind of collision by using
+ # a prefix such as 'Debian-'
for LINE in `grep SYSTEM_UID /etc/adduser.conf | grep -v "^#"`; do
case $LINE in
FIRST_SYSTEM_UID*)
esac
done
# Abort package installation if the user has not been created by
- # us.
+ # us.
if [ -n "$FIST_SYSTEM_UID" ] && [ -n "$LAST_SYSTEM_UID" ]; then
if USERID=`getent passwd $SERVER_USER | cut -f 3 -d ':'`; then
if [ -n "$USERID" ]; then
fi
fi
fi
- fi
+ fi
fi
# 5. adjust file and directory permissions
<p>If the package creates the system user it can remove it when it is
purged in its <em>postrm</em> script. This currently <em>not</em> recommended
-since it has a few known
+for all situations since it has a few known
<footnote>
Some relevant threads discussing these issues include:
<url
;;
esac
done
- else
- # Sane defaults
- FIRST_SYSTEM_UID=100
- LAST_SYSTEM_UID=499
- fi
+ else
+ # Sane defaults
+ FIRST_SYSTEM_UID=100
+ LAST_SYSTEM_UID=499
+ fi
# Remove system account if it is a system user
CREATEDUSER="<var>server_user</var>"
if [ -n "$FIST_SYSTEM_UID" ] && [ -n "$LAST_SYSTEM_UID" ]; then
fi
fi
# Remove system group if is a system group
- CREATEDGROUP=<var>server_group</var>
- if [ -r /etc/adduser.conf ] ; then
+ CREATEDGROUP=<var>server_group</var>
+ if [ -r /etc/adduser.conf ] ; then
FIRST_USER_GID=`grep ^USERS_GID /etc/adduser.conf | cut -f2 -d '='`
- else
- # Sane defaults
- FIRST_USER_GID=1000
- fi
+ else
+ # Sane defaults
+ FIRST_USER_GID=1000
+ fi
if [ -n "$FIST_USER_GID" ] then
if GROUPGID=`getent group $CREATEDGROUP | cut -f 3 -d ':'`; then
if [ -n "$GROUPGID" ]; then
[...]
</example>
-<p>Other possibilities, are to make sure the account is locked (has an invalid
-password and <em>/bin/false</em> as a shell) and modify the GECOS field
+<p>Other possibilities, are making sure the account is locked (has an invalid
+password and <em>/bin/false</em> as a shell) and/or changing the GECOS field
pointing out that the account is no longer used.
+<!-- There is currently no consensus as to how any of the above should be
+ done in a way that would make it easy for administrators to locate
+ unused (but not removed) accounts -->
+
</sect1>
</sect>