On Thu, 2010-03-11 at 10:04 -0500, Toshio Kuratomi wrote: > On Thu, Mar 11, 2010 at 02:31:43PM -0000, Quentin Armitage wrote: > > See https://bugzilla.redhat.com/show_bug.cgi?id=572399 > > > > > >> groupdel: group 'saslauth' does not exist Non-fatal POSTUN scriptlet failure > >> in rpm package cyrus-sasl > >> warning: %postun(cyrus-sasl-2.1.23-4.fc12.i686) scriptlet failed, exit > >> status 6 > >> > >> > >> This looks benign, but I suppose it could check if the group exists before > >> attempting to delete it. > >> > > There's actually a not so benign side of this. Here's what the Guidelines > say about removing groups: > > """ > We never remove users or groups created by packages. There's no sane way to > check if files owned by those users/groups are left behind (and even if > there would, what would we do to them?), and leaving those behind with > ownerships pointing to now nonexistent users/groups may result in security > issues when a semantically unrelated user/group is created later and reuses > the UID/GID. Also, in some setups deleting the user/group might not be > possible or/nor desirable (eg. when using a shared remote user/group > database). Cleanup of unused users/groups is left to the system > administrators to take care of if they so desire. > """ > > https://fedoraproject.org/wiki/Packaging:UsersAndGroups > > I've updated bugzilla with this information as well. Someone should perhaps correct the http://fedoraproject.org/wiki/PackageUserCreation then. Or add some rules on how to resolve conflicts among the current rules. (I'm joking.) -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
