[pkg-fetchmail-maint] Bug#321272: apt-get install fails: "chown: `fetchmail:nogroup': invalid user"

Loic Minier lool at dooz.org
Tue Oct 18 09:50:12 UTC 2005 

reopen 321272
tags 321272 + patch
retitle 321272 Create fetchmail user correctly
thanks

        Hi,

On Tue, Oct 18, 2005, Håvard Dahle wrote:
> >>>chown: `fetchmail:nogroup': invalid user
> >2) The adduser call fails on my system. Take a look at this (I extracted
> > the actual adduser call and ran it in the cli):

 => the fact you didn't see the failure is a bug in fetchmail [0]

> > rasha:~# adduser --system --ingroup nogroup --home /var/run/fetchmail \
> >     --shell /bin/sh --disabled-password fetchmail
> > adduser: Warning: The home dir you specified already exists.

 => that's a bug in fetchmail, [1]

> > Adding system user `fetchmail'...
> > Adding new user `fetchmail' (107) with group `nogroup'.
> > chage: can't open shadow password fileadduser: `/usr/bin/chage -M 99999

 => that's a bug in adduser, [2]

> > fetchmail' returned error code 1.  Aborting.
> > Cleaning up.
> > Removing user `fetchmail'.
> >Now, I have no clue what `chage' and `shadow password' really mean, but
> >hopefully someone who reads this report does. 
> Ok, so I snooped a bit further, and looking at bug 316217 put me on the 
> right track. Shadow passwords were in fact not enabled on my system.

 I see a lot of problems here, comments below.

> So running
> > # dpkg-reconfigure -plow passwd
> and enabling shadow was all there was to it. Now the `fetchmail' package 
> installs, uninstalls and installs cleanly on my system. Progress!

 That shouldn't be necessary.

> May I suggest a thorough revision of the `postinst' script - it feels a 
> bit hacky to me.

 I agree.

> But as I said earlier: I really don't get all of what chage and shadow 
> passwords are all about.

 Chage is a setgid tool similar to "chsh", "chfn" or "passwd", to update
 informations stored in the passwd and shadow databases, such as your
 name, the expiry time of your password, your password, your shell etc.

 Shadow is the database, usually in /etc/shadow, to store passwords
 separately from user information, and to store password
 meta-information such as expiry information.

 [0] Fetchmail should not add "|| true" to the adduser line if it
 expects the user to be created!  It is also hiding the failure with
 ">/dev/null 2>&1".  It should only create the user if it doesn't exist,
 and hence should check with getent first;  see attached patch.

 [1] Fetchmail is manually creating the directory, and doesn't want
 adduser to create it, it should use --no-create-home;  see attached
 patch.

 [2] I think this might have been fixed in the last adduser package:

adduser (3.67.2) unstable; urgency=low

  * duh. _really_ handle the changed chage exit code.
    Thanks to Nicolas François. (mh)

 -- Marc Haber <mh+debian-packages at zugschlus.de>  Sat,  1 Oct 2005 11:11:07 +0000

adduser (3.67.1) unstable; urgency=low

  * versioned depends on passwd >> 1:4.0.12 because of the changed
    chage exit code (now, 15) in the "shadow passwod not enabled"
    case. Earlier versions return 3 or even a normal 1 in that case.

 -- Marc Haber <mh+debian-packages at zugschlus.de>  Mon, 26 Sep 2005 08:45:00 +0000

 Please test and include the attached patch (I did not test it).

   Cheers,

-- 
Loïc Minier <lool at dooz.org>
-------------- next part --------------
diff -urN fetchmail-6.2.5.orig/debian/changelog fetchmail-6.2.5/debian/changelog
--- fetchmail-6.2.5.orig/debian/changelog	2005-10-18 11:27:49.000000000 +0200
+++ fetchmail-6.2.5/debian/changelog	2005-10-18 11:49:25.000000000 +0200
@@ -1,3 +1,13 @@
+fetchmail (6.2.5-19) unstable; urgency=low
+
+  * Fix adduser logic in postinst (Closes: #321272) to:
+    - check whether the fetchmail user already exist
+    - fail if we it can't be created
+    - not create /var/run/fetchmail via adduser
+    - respect the permissions of /var/run/fetchmail on upgrade
+
+ -- Loic Minier <lool at dooz.org>  Tue, 18 Oct 2005 11:47:18 +0200
+
 fetchmail (6.2.5-18) unstable; urgency=low
 
   * Nico Golde:
diff -urN fetchmail-6.2.5.orig/debian/fetchmail.postinst fetchmail-6.2.5/debian/fetchmail.postinst
--- fetchmail-6.2.5.orig/debian/fetchmail.postinst	2005-10-18 11:27:49.000000000 +0200
+++ fetchmail-6.2.5/debian/fetchmail.postinst	2005-10-18 11:46:57.000000000 +0200
@@ -6,13 +6,14 @@
 
 set -e
 
-# Create fetchmail user and its homedir if we may need it
-adduser --system --ingroup nogroup --home /var/run/fetchmail \
-	--shell /bin/sh --disabled-password fetchmail >/dev/null 2>&1 || true
-# work around possible adduser bug, see #119366
-[ -d /var/run/fetchmail ] || mkdir -p /var/run/fetchmail
-chmod 700 /var/run/fetchmail
-chown -h -R fetchmail:nogroup /var/run/fetchmail
+if ! getent passwd fetchmail >/dev/null; then
+        adduser --quiet --system --no-create-home --home /var/run/fetchmail fetchmail
+fi
+if ! [ -d /var/run/fetchmail ]; then
+    mkdir -p /var/run/fetchmail
+    chmod 700 /var/run/fetchmail
+    chown -h -R fetchmail:nogroup /var/run/fetchmail
+fi
 
 if [ -x /etc/init.d/fetchmail ]; then
 	update-rc.d fetchmail defaults 99 15 >/dev/null

More information about the pkg-fetchmail-maint mailing list