Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 694796 - Package dependent on acct-[user,group] corrupted when user/group deleted even after emerge
Summary: Package dependent on acct-[user,group] corrupted when user/group deleted even...
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All All
: Normal normal
Assignee: Michał Górny
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-09-18 12:58 UTC by smutnja3
Modified: 2019-09-18 15:53 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description smutnja3 2019-09-18 12:58:59 UTC
The whole concept of using acct-[user,group] as a dependency for any package in order to set user or group can cause big troubles when user/group is accidentally removed.
So let's suppose the package named "sys-apps/myservices" deploying chain of services with one of them named "myservice" has a dependency for "acct-user/service_u" and "acct-group/service_g". "myservice" is executed under the user "service_u". System administrator has a bad day and he unknowingly removes the line in /etc/passwd where the user service_u is defined. Now strange things will happen, so system administrator decides to emerge the sys-apps/myservices again, but without success - "acct-user/service_u" is installed so the user "service_u" will never appear again until "acct-user/service_u" is unmerged and then merged again, but before system administrator will figure it, it can take many hours.

So the main question is, if such or a similar case was considered and if there is a way how to ensure that after emerge of a package depending on the acct-[user,group] one can be sure that everything necessary is deployed and configured in this case - users and groups.
Comment 1 Mike Gilbert gentoo-dev 2019-09-18 15:39:14 UTC
I think this would be better discussed on the gentoo-dev mailing list than in a bug report.
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-09-18 15:53:05 UTC
By removing the account, you're corrupting the dependency.  No package manager verifies that package's dependencies haven't been corrupted.  In some cases the package in question may fail with more or less useful message if it employs build-time checks for the dependencies but that's neither guaranteed nor expected to be relied on.

So sorry but this is really expected behavior.  If you corrupt any package, you need to reinstall *that package* (and even that won't fix all the ways you could break it), not its reverse dependency.