/usr/bin/dh_sysuser is in dh-sysuser 1.3.1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 | #!/usr/bin/perl
# dh_sysuser --- debhelper to create system users
# Copyright (C) 2016 Dmitry Bogatov <kaction@sagulo>
# Author: Dmitry Bogatov <kaction@sagulo>
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
use 5.014;
use strict;
use Debian::Debhelper::Dh_Lib;
use File::Find;
use File::stat;
use feature 'signatures';
use feature 'switch';
no warnings 'experimental::signatures';
no warnings 'experimental::smartmatch';
init();
sub parse_options($conf, $options, $user) {
foreach my $opt (split(/,/, $options)) {
given ($opt) {
when (/^home=(.*)$/) { $conf->{home} = $1; }
when (/^home$/) {
my $normal = $user;
$normal =~ s/^_+//; # strip leading
$normal =~ s/_+$//; # and trailing underscore
$normal =~ s/^[Dd]ebian-//; # and discouraged debian- prefix
$conf->{home} = "/var/lib/$normal";
}
when (/^defaults$/) { "do nothing"; }
default { error("unknown option `$opt'"); }
}
}
}
foreach my $pkg (@{$dh{DOPACKAGES}}) {
my @entries = ();
if (@ARGV) {
while (@ARGV) {
(my $user, my $opt) = splice(@ARGV, 0, 2);
push @entries, [$user, $opt];
}
} elsif (my $cfg = pkgfile($pkg, 'sysuser')) {
@entries = filedoublearray($cfg);
};
foreach my $entry (@entries) {
(my $user, my $opts) = @$entry;
$opts ||= 'defaults';
my %conf = (home => '/nonexistent');
parse_options(\%conf, $opts, $user);
foreach my $script (qw/prerm postinst/) {
autoscript($pkg, $script, "$script-sysuser",
sub { s/%HOME%/$conf{home}/;
s/%PACKAGE%/$pkg/;
s/%USERNAME%/$user/;});
}
}
# every time maintainer script changes, minor version must be bumped.
addsubstvar($pkg, 'misc:Depends', 'sysuser-helper', '<< 1.4');
}
# PROMISE: DH NOOP WITHOUT sysuser
=head1 NAME
dh_sysuser - manage system users, required for package operation
=head1 SYNOPSIS
B<dh_sysuser> [S<I<debhelper options>>] [I<username> I<options>] ...
=head1 DESCRIPTION
B<dh_sysuser> is debhelper addon, that provide simple and uniform way
of creating and removing system users, required for package operation
(for example, to run with dropped privileges).
Process of user creation is delegated to useradd(8) utility, whose
behavior is controlled by F</etc/login.defs> configuration file. In
default installation,
=over
=item -
New user have primary group of same name. It is not be member of any
other groups.
=item -
New user have '!' in F</etc/shadow> password field, making it impossible
to login.
=item -
New user have F</usr/sbin/nologin> as its shell. You still can get new
user's shell with I<su -s>.
=item -
If home directory is created (see below), its permissions are affected
by B<UMASK> variable in F</etc/login.defs>. By default, it results 0755.
Files from F</etc/skel> are I<NOT> copied.
B<WARNING:> Paragraph above means that data, stored in new user's home
directory is world-readable. If you, as package maintainer, need full
control over home directory permissions, you are welcome to file a bug.
=back
B<dh_sysuser> read its arguments from command line and file
F<debian/I<package>.F<sysuser>> in pairs, first one being an username
and second one is options.
=over
=item I<home>
This option request creation of home directory in
F</var/lib/B<username>>. Probably, you should use this form over
explicit one, described below, for uniformity.
=item I<home>=F</path/to/home/directory>
This option requests creation of home directory at specified path
=item I<defaults>
If you do not need any other options, put this one.
=back
=head2 CRUFT OF SYSTEM USERS
While it is easy to create system user (and user in general), it is hard
to say, when it is safe to remove it. What should happen to its home
directory? What about files outside of home directory? There was some of
discussion (#848239, #848240), and no simple and definitive solution
arised. So far, dh-sysuser do the following on package removal:
=over
=item -
If user have been created without home directory, it is considered safe
to remove it.
=item -
If user have been created with home directory, but at time of package
removal it is still empty, it is considered safe to remove both user and
his empty home directory.
=item -
If user have been created with home directory, but at time of package
removal it is B<not> empty, both user and its home directory are left
alone.
B<NOTE:> As package maintainer, you are encouraged to delete from home
directory files, known to be of little value. It increases chances that
home directory will become empty, and user will be removed.
=back
=head1 SEE ALSO
useradd(8)
=cut
|