Discussion:
Removing gitolite package doesn't remove gitolite user
(too old to reply)
Ricardo Band
2017-04-01 01:01:04 UTC
Permalink
Raw Message
Ahoi,

I was removing gitolite because I fucked my setup up. When I
reinstalled it to start from scratch, I ran into a problem.

The /var/lib/gitolite folder wasn't created when I reinstalled the
package. I found out that the gitolite user also still existed. I
removed it and reinstalled gitolite. Now the directory was created like
it should.

I think this is a bug. When gitolite is uninstalled it should also
remove the gitolite user.
If the user is for some reason still needed after uninstall, another
solution would be to correctly recreate the /var/lib/gitolite directory
when installing the package and the gitolite user is detected.
--
Greetings

Ricardo Band

 https://   www.ricardo.band
mailto:// ***@ricardo.band
Doug Newgard
2017-04-01 01:37:03 UTC
Permalink
Raw Message
On Sat, 01 Apr 2017 03:01:04 +0200
Post by Ricardo Band
I think this is a bug. When gitolite is uninstalled it should also
remove the gitolite user.
No, it shouldn't. A deleted user presents a security issue, since the package
has no way of knowing if there's any files/dirs left owned by that user.

Short version here, you deleted the user's home dir manually and left the user.
That's not a packaging problem.
Ricardo Band
2017-04-01 02:12:47 UTC
Permalink
Raw Message
Post by Doug Newgard
Short version here, you deleted the user's home dir manually and left the user.
That's not a packaging problem.
Yep. But shouldn't the home dir be recreated when I reinstall the
package?
It seems that the package only executes a useradd command that creates
the user home. If the user already exists that command seems to return
true without recreating the home.

The package could check for the dir after that and if it's not there
create it. The package method in the PKGBUILD already includes the
creation of the directory but it doesn't seem to fire if the user is
already there. Which is a bit weird because I don't see any check for
the user in there [1].

[1]: https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUI
LD?h=packages/gitolite
--
Greetings

Ricardo Band

 https://   www.ricardo.band
mailto:// ***@ricardo.band
Óscar García Amor
2017-04-01 10:29:20 UTC
Permalink
Raw Message
The main problem is that the _useradd_ is launched with -m parameter that
creates the home directory to gitolite user. If user already exists then
the home directory is not recreated. IMHO is better don't use -m modifier
and do something like this:

if [[ ! -d /var/lib/gitolite ]] ; then
mkdir /var/lib/gitolite
chown gitolite:gitolite /var/lib/gitolite
fi

The full install script must be something like this:

post_install() {
# We need ssh login and thus a valid shell. No way to create
# the user with sysusers.d(5)?

getent group gitolite > /dev/null || groupadd \
-g 196 gitolite

getent passwd gitolite > /dev/null || useradd \
-M -u 196 -g gitolite -d /var/lib/gitolite -s /bin/bash gitolite

if [[ ! -d /var/lib/gitolite ]] ; then
mkdir /var/lib/gitolite
chown gitolite:gitolite /var/lib/gitolite
fi
}

post_upgrade() {
post_install
}

Take note that -r option is unnecessary since in the script is specifies
the UID and GID.

Greetings.
Post by Ricardo Band
Post by Doug Newgard
Short version here, you deleted the user's home dir manually and left the user.
That's not a packaging problem.
Yep. But shouldn't the home dir be recreated when I reinstall the
package?
It seems that the package only executes a useradd command that creates
the user home. If the user already exists that command seems to return
true without recreating the home.
The package could check for the dir after that and if it's not there
create it. The package method in the PKGBUILD already includes the
creation of the directory but it doesn't seem to fire if the user is
already there. Which is a bit weird because I don't see any check for
the user in there [1].
[1]: https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUI
LD?h=packages/gitolite
--
Greetings
Ricardo Band
https:// www.ricardo.band
--
Óscar García Amor | ogarcia at moire.org | http://ogarcia.me
Eli Schwartz via arch-general
2017-04-02 06:14:48 UTC
Permalink
Raw Message
Post by Ricardo Band
Post by Doug Newgard
Short version here, you deleted the user's home dir manually and left the user.
That's not a packaging problem.
Yep. But shouldn't the home dir be recreated when I reinstall the
package?
You are literally responding to a post in which you are told that this
"shouldn't" be done.
Post by Ricardo Band
It seems that the package only executes a useradd command that creates
the user home. If the user already exists that command seems to return
true without recreating the home.
Correct. Since the user home dir is created as part of the user creation
itself, it makes sense to assume that the user home dir is *deleted* as
part of the user deletion itself.

You have now learned a valuable lesson: don't delete user home dirs for
system users, without first making sure the system user is deleted as
well (in addition to anything else that system user may have been
responsible for).
Post by Ricardo Band
The package could check for the dir after that and if it's not there
create it. The package method in the PKGBUILD already includes the
creation of the directory but it doesn't seem to fire if the user is
already there. Which is a bit weird because I don't see any check for
the user in there [1].
[1]: https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUI
LD?h=packages/gitolite
No, the PKGBUILD package() method does not in fact create the directory
in any way, shape, or form. If it did, you wouldn't have had this problem.
--
Eli Schwartz
Loading...