[Adduser-devel] adduser --system in maintainer scripts (re: Bug #634475)

Simon McVittie smcv at debian.org
Wed Jul 20 11:16:25 UTC 2011

On Mon, 30 May 2011 at 09:12:59 +0100, Stephen Gran wrote:
> This one time, at band camp, Roger Leigh said:
> > [...] However, most
> > postinsts wrap the call to adduser with a check for whether the
> > account already exists [...]
> I know that people do that, but it is unnecessary scaffolding.  adduser
> already handles that just fine.  Maybe the documentation is lacking, but
> the design goal is that you can just call adduser --system --quiet $args
> in your postinst, and adduser will do what you meant:
> steve at varinia:~$ getent passwd postfix
> postfix:x:112:120::/var/spool/postfix:/bin/false
> steve at varinia:~$ sudo adduser --system --quiet postfix
> [sudo] password for steve: 
> steve at varinia:~$ echo $?
> 0

We use adduser --system --quiet in the dbus package without checking for
existence of the user first, as recommended here. However, bug #634475
reveals that if the messagebus user is present, but is not in the system UID
range, this will make the upgrade fail.

Peter Chubb (reporter of #634475) wrote:
> Simon> If you have enough backups of /etc/passwd to be able to answer
> Simon> these questions: what were the messagebus user's home
> Simon> directory, numeric UID, and primary group ID before the
> Simon> upgrade? What was the messagebus group's numeric GID?  Did you
> Simon> have any other users or groups whose numeric UID/GID collided
> Simon> with messagebus?
> In the backup from two days ago:
> : wombat ; grep messagebus passwd group
> passwd:messagebus:x:110:107::/var/run/dbus:/bin/false
> group:messagebus:x:107:
>  wombat ; grep 110 passwd
> messagebus:x:110:107::/var/run/dbus:/bin/false
> : wombat ; grep 107 group
> messagebus:x:107:
> I think the issue I have is that because of legacy accounts,
> LAST_SYSTEM_UID is 99 in /etc/adduser.conf, and for some reason the
> account was already existing with a higher UID than that.

Presumably, on Peter's system, messagebus was either created while
LAST_SYSTEM_UID was higher, or possibly before 2003 when dbus created
messagebus as a non-system group (#222563 - which was undeniably itself a bug,
but we should do what we can to recover from historical bugs).

In the opinions of the adduser maintainers, what should daemon-user-creating
packages like dbus be doing about this?


More information about the Adduser-devel mailing list