Le 08/02/2020 à 17:47, Doug H. a écrit :
On Sat, 2020-02-08 at 10:44 +0100, François Patte wrote:
Bonjour,
Sometimes when you install a package, the associated script create a new user or a new group. How can I see what is the package which added a new user or a new group.
This is because rkhunter send warnings when a new user or a new group is created.
I don't remember a time when such a user was not clear based on the name.
So, maybe something like:
grep -i <user> /var/log/dnf.log
Ok. This worked.
What I am now wondering is: why this package created an user when I installed it and did not removed this user when I removed the package?
Anyway, thank you.
On 02/08/2020 10:24 AM, François Patte wrote:
What I am now wondering is: why this package created an user when I installed it and did not removed this user when I removed the package?
Probably the packager forgot that step in the removal script.
On 2/8/20 9:24 AM, François Patte wrote:
What I am now wondering is: why this package created an user when I installed it and did not removed this user when I removed the package?
I don't think any of them do that. Removing a package doesn't remove any data created by it, so you will want the ownership to still be there. Also, sometimes there are multiple packages using the same user.
Le 08/02/2020 à 18:52, Samuel Sieb a écrit :
On 2/8/20 9:24 AM, François Patte wrote:
What I am now wondering is: why this package created an user when I installed it and did not removed this user when I removed the package?
I don't think any of them do that. Removing a package doesn't remove any data created by it, so you will want the ownership to still be there. Also, sometimes there are multiple packages using the same user.
So, why an installation script does not run rkhunter --propupd after the installation (if it detects that rkhunter is on board) in order to take care of owner's computer nerves?
On 2/8/20 10:17 AM, François Patte wrote:
Le 08/02/2020 à 18:52, Samuel Sieb a écrit :
On 2/8/20 9:24 AM, François Patte wrote:
What I am now wondering is: why this package created an user when I installed it and did not removed this user when I removed the package?
I don't think any of them do that. Removing a package doesn't remove any data created by it, so you will want the ownership to still be there. Also, sometimes there are multiple packages using the same user.
So, why an installation script does not run rkhunter --propupd after the installation (if it detects that rkhunter is on board) in order to take care of owner's computer nerves?
I expect that there's an assumption that you know you're installing something. The usernames are generally pretty obvious.
On Sat, 8 Feb 2020 at 14:18, François Patte < francois.patte@mi.parisdescartes.fr> wrote:
Le 08/02/2020 à 18:52, Samuel Sieb a écrit :
On 2/8/20 9:24 AM, François Patte wrote:
What I am now wondering is: why this package created an user when I installed it and did not removed this user when I removed the package?
I don't think any of them do that. Removing a package doesn't remove any data created by it, so you will want the ownership to still be there. Also, sometimes there are multiple packages using the same user.
So, why an installation script does not run rkhunter --propupd after the installation (if it detects that rkhunter is on board) in order to take care of owner's computer nerves?
rkhunter is not the only tool that tracks such changes, and some sites have ad-hoc systems to track users and usage stats. A packager can't predict what side effects could occur from adding (or removing) a user. Ideally, anyone who uses a package should know if it creates a user, but often such information isn't passed on to sys. admins with the request to install a package.