DSelect/base-passwd

["Stephen J. Turnbull" <turnbull@example.com>]

>>>>> "Darren" == Darren Cook <darrenj@example.com> writes:

    Darren> I've been running Debian Potato on my test server for 2-3
    Darren> months now, and it's okay, but I still find dselect a bit
    Darren> confusing (FWIW, I still find rpm confusing as well).

I don't find it particularly confusing, but the quality of information
provided by the Debian utilities is just not sufficient when there are
about 6000 packages.

    Darren> I upgraded bind this morning (when upgrading bind should I
    Darren> assume that dselect will also restart named, or am I

dselect doesn't do this.  This is actually done by the package itself
in the post-install script.  Not a big deal, except that if you're
really curious what a particular install did, you can say "no" when
dselect asks if you want to get rid of the package files.  Then you
can install "dpkg -i /var/cache/apt/archives/$PACKAGE_$VERSION.deb"
and watch what it does.  (Of course, if it has already done some
things, it shouldn't do them again, but often it will tell you what it
is thinking about doing.)

If it is going to restart a daemon, normally it will tell it is
doing so.  It normally does.  It normally shouldn't hurt if you
restart a daemon yourself, though.

    Darren> expected to do that manually? I did it manually just to be
    Darren> sure), and it also upgraded 11Mb of others.

    Darren> In particular it wanted to upgrade base-passwd (see
    Darren> below), but then said it wants to change the home
    Darren> directory of postgres. But postgres is installed from
    Darren> source not .deb, and is under /usr/local/, so why is it
    Darren> intefering? In fact why had it created a postgres user
    Darren> before I'd even installed postgres? Is changing postgres
    Darren> to a 100+ uid the proper way to solve this?

postgres is a system user.  It has special privileges.
Conventionally, such users are given "small" UIDs.  The problem is
that often the UID is hardcoded into the package in some way.  If two
packages expect to use the same UID, you have a problem.  So Debian
keeps a list of them, and sets them up in a convenient way so that
they won't conflict.  Basically the same way that telnet is always
port 23, smtp port 25, and http port 80 (although UID assignment is
normally not as necessary as with the "well-known ports" for network
services).

The reason it does this in advance is to prevent packages that just
grab an arbitrary available UID from taking an assigned one.

It is unlikely that you can solve this by changing postgres's UID, the
next upgrade to base-passwd will want to change it back.  I'd say just
be careful to refuse changes to /etc/passwd that affect postgres, even
if that means refusing other changes dpkg wants to make at the same
time.  (It will back up the passwd file, don't worry.)

It's not clear to me that this level of pedantry is necessary.  You
could file a bug report with debian, see http://www.debian.org/ for
the procedure.

    Darren> Also when I said No, was I just saying no to the postgres
    Darren> change, or the whole upgrade? Am I now missing some
    Darren> important upgrade?

Only to the postgres change.  If there had been other base-passwd
changes, you should have been asked about each in turn.  (I suspect
Debian isn't that fine-grained, but they could and should be.)

    Darren> For more documentation on the Debian account policies
    Darren> please see /usr/share/doc/base-passwd/README.

Read this.

    Darren> Okay, I will not update your system. If you want to make
    Darren> this update later please check the update-passwd utility.

less /usr/sbin/update-passwd

may be informative.

-- 
University of Tsukuba                Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences       Tel/fax: +81 (298) 53-5091
_________________  _________________  _________________  _________________
What are those straight lines for?  "XEmacs rules."