Discussion:
Bug#944329: debian-policy: Unclear text about password files modifications
Add Reply
Guillem Jover
2019-11-08 00:30:01 UTC
Reply
Permalink
Package: debian-policy
Version: 4.4.1
Severity: normal

Hi!

There's this text in section §9.2.1:

,---
Packages other than "base-passwd" must not modify "/etc/passwd",
"/etc/shadow", "/etc/group" or "/etc/gshadow".
`---

It's not clear to me, whether this refers to the packaging or any
program provided by that package. Depending on the reading this
would make the passwd package buggy. So it might be worth clarifying
probably by adding "passwd" to the exception.

Thanks,
Guillem
Sean Whitton
2019-11-08 18:00:02 UTC
Reply
Permalink
Hello,
Post by Guillem Jover
,---
Packages other than "base-passwd" must not modify "/etc/passwd",
"/etc/shadow", "/etc/group" or "/etc/gshadow".
`---
It's not clear to me, whether this refers to the packaging or any
program provided by that package. Depending on the reading this
would make the passwd package buggy. So it might be worth clarifying
probably by adding "passwd" to the exception.
Makes sense to me. Perhaps you could propose a patch.
--
Sean Whitton
Russ Allbery
2019-11-17 20:10:01 UTC
Reply
Permalink
Post by Guillem Jover
,---
Packages other than "base-passwd" must not modify "/etc/passwd",
"/etc/shadow", "/etc/group" or "/etc/gshadow".
`---
It's not clear to me, whether this refers to the packaging or any
program provided by that package. Depending on the reading this would
make the passwd package buggy. So it might be worth clarifying probably
by adding "passwd" to the exception.
I thought this was more complicated and other packages like adduser might
modify those files directly, but it looks like this isn't the case and
everything else uses the commands in passwd. So I think we can just say
this:

Packages other than ``base-passwd`` and ``passwd`` must not directly
modify ``/etc/passwd``, ``/etc/shadow``, ``/etc/group`` or
``/etc/gshadow``.

I added "directly" since of course adduser modifies /etc/passwd
indirectly, as does every package that calls adduser in its maintainer
scripts.
--
Russ Allbery (***@debian.org) <https://www.eyrie.org/~eagle/>
Loading...