rpm: do not delete system account #598
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
daipom
reviewed
Nov 17, 2023
kenhys
force-pushed
the
keep-system-account
branch
from
61a8e40
to
15bf82e
Compare
daipom
reviewed
Nov 17, 2023
In the previous versions (5.0.0, 5.0.1), when fluent-package was removed, system account (user and group are intended to be removed) But there is a case that it fails to remove fluentd group because of compatible GID is assigned for td-agent and fluentd when fluent-package was introduced with upgrading from td-agent v4. Removing fluentd user... userdel: group fluentd is the primary group of another user and is not removed. Removing fluentd group... groupdel: cannot remove the primary group of user 'td-agent' Removing td-agent user... userdel: td-agent mail spool (/var/spool/mail/td-agent) not found userdel: td-agent home directory (/var/lib/td-agent) not found This is a bug of fluent-package apparently. This kind of inconsistency causes maintainer script error when reinstalling td-agent or fluent-package again. And moreover, if system account (user and group) was removed completely, there is a case that no user can access generated logs when user re-installed td-agent or fluent-package. (mismatch of UID/GID which is newly created) This case also should be considered. (Keep system account after removing package) Signed-off-by: Kentaro Hayashi <hayashi@clear-code.com>
Signed-off-by: Kentaro Hayashi <hayashi@clear-code.com>
…l) fix. Co-authored-by: Daijiro Fukuda <fukuda@clear-code.com> Signed-off-by: Kentaro Hayashi <hayashi@clear-code.com>
kenhys
force-pushed
the
keep-system-account
branch
from
df27397
to
c080016
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In the previous versions (5.0.0, 5.0.1), when fluent-package was
removed, system account (user and group are intended to be removed)
But there is a case that it fails to remove fluentd group because of
compatible GID is assigned for td-agent and fluentd when
fluent-package was introduced with upgrading from td-agent v4.
Removing fluentd user...
userdel: group fluentd is the primary group of another user and is not removed.
Removing fluentd group...
groupdel: cannot remove the primary group of user 'td-agent'
Removing td-agent user...
userdel: td-agent mail spool (/var/spool/mail/td-agent) not found
userdel: td-agent home directory (/var/lib/td-agent) not found
This is a bug of fluent-package apparently.
This kind of inconsistency causes maintainer script error when
reinstalling td-agent or fluent-package again.
And moreover, if system account (user and group) was removed
completely, there is a case that no user can access generated logs
when user re-installed td-agent or fluent-package. (mismatch of
UID/GID which is newly created)
This case also should be considered.
(Keep system account after removing package)