Adduser devel - May 2005 - Should userdel remove users crontabs?

(Marc, nagging you again, essentially to let you aware of discussed
issues. This is probably not the last time as I''m currently digging
into "wishlist" bugs for shadow)

From #173431:

    In the manpage of "userdel", I can read this: -r Files in the
    user''s home directory will be removed along with the home
    directory itself and the user''s mail spool.  Files located in
    other file systems will have to be searched for and deleted
    manually.

    I think "userdel -r" could also remove the crontabs of the user at
    /var/spool/cron/crontabs/$USER


Again, I have shared feelings about such bug reports.

As a sysadmin, I have already had to deal with "dead" crontabs after
deleting a user (though not often, "my" users are rarely interactive
users). So, in first approach, I tend to agree with the bug submitter.

However, this leads us to a dangerous slope towards removing all files
belonging to the user and, again, giving userdel the role of a high
level utility.

As deluser (from the adduser package) already includes such
possibility (through its "--remove-all-files" switch), I''m
inclined to
reject this request and either mark the bug as wontfix, or just close
it.

Advices?


--

This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--568760595-2049476239-1116959365=:27760
Content-Type: TEXT/PLAIN; charset=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE

On Tue, 24 May 2005, Christian Perrier wrote:
> (Marc, nagging you again, essentially to let you aware of discussed
> issues. This is probably not the last time as I''m currently
digging
> into "wishlist" bugs for shadow)
>=20
> >From #173431:
>=20
>     In the manpage of "userdel", I can read this: -r Files in the
>     user''s home directory will be removed along with the home
>     directory itself and the user''s mail spool.  Files located in
>     other file systems will have to be searched for and deleted
>     manually.
>=20
>     I think "userdel -r" could also remove the crontabs of the
user at
>     /var/spool/cron/crontabs/$USER
Christian look on comment in src/userdel.c::user_cancel():

/*
 * user_cancel - cancel cron and at jobs
 *
 *      user_cancel removes the crontab and any at jobs for a user
 */

/*
 * We used to have all this stuff hardcoded here, but now
 * we just run an external script - it may need to do other
 * things as well (like removing print jobs) and we may not
 * want to recompile userdel too often. Below is a sample
 * script (should work at least on Debian 1.1).  --marekm
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
#! /bin/sh

# Check for the required argument.
if [ $# !=3D 1 ]; then
        echo Usage: $0 username
        exit 1
fi

# Remove cron jobs.
crontab -r -u $1

# Remove at jobs. XXX - will remove any jobs owned by the same UID, even if
# it was shared by a different username. at really should store the username
# somewhere, and atrm should support an option to remove all jobs owned by
# the specified user - for now we have to do this ugly hack...
find /var/spool/cron/atjobs -name "[^.]*" -type f -user $1 -exec rm {}
\;

# Remove print jobs.
lprm $1

# All done.
exit 0
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 */

If anyone will have other solution for removing at/cron jobs please=20
inform me.

kloczek
--=20
-----------------------------------------------------------
*Ludzie nie maj=B1 problem=F3w, tylko sobie sami je stwarzaj=B1*
-----------------------------------------------------------
Tomasz K=B3oczko, sys adm @zie.pg.gda.pl|*e-mail: kloczek@rudy.mif.pg.gda.pl*
--568760595-2049476239-1116959365=:27760--

> Christian look on comment in src/userdel.c::user_cancel():
Sure. Nice example. Probably a bit too hardcoded, depending on
various cron and print system things (especially print systems).

But that raises my point=A0: most of this is up to the local sysadmin,
probably. Or maybe high-level utilities.

And let''s userdel do its job=A0: remove users....

This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--568760595-2054110425-1117017739=:3825
Content-Type: TEXT/PLAIN; charset=iso-8859-15
Content-Transfer-Encoding: QUOTED-PRINTABLE

On Wed, 25 May 2005, Christian Perrier wrote:
> > Christian look on comment in src/userdel.c::user_cancel():
>=20
> Sure. Nice example. Probably a bit too hardcoded, depending on
> various cron and print system things (especially print systems).
For this better will be better hook kind of skeleton script like:

for i in /usr/lib/userdel.d/*.sh ; do
        if [ -x $i ]; then
                . $i
        fi
done

and all what is neccessary on user del will done depending on partial=20
scripts installed by crond, lpr .. and other packages.

kloczek
--=20
-----------------------------------------------------------
*Ludzie nie maj=B1 problem=F3w, tylko sobie sami je stwarzaj=B1*
-----------------------------------------------------------
Tomasz K=B3oczko, sys adm @zie.pg.gda.pl|*e-mail: kloczek@rudy.mif.pg.gda.pl*
--568760595-2054110425-1117017739=:3825--

Quoting Tomasz Kłoczko (kloczek@zie.pg.gda.pl):
> On Wed, 25 May 2005, Christian Perrier wrote:
> 
> > > Christian look on comment in src/userdel.c::user_cancel():
> > 
> > Sure. Nice example. Probably a bit too hardcoded, depending on
> > various cron and print system things (especially print systems).
> 
> For this better will be better hook kind of skeleton script like:
> 
> for i in /usr/lib/userdel.d/*.sh ; do
>         if [ -x $i ]; then
>                 . $i
>         fi
> done
> 
> and all what is neccessary on user del will done depending on partial 
> scripts installed by crond, lpr .. and other packages.

The idea seems interesting. It would immediately draw, for Debian, the
question of The Right Place for this userdel.d directory (probably
/etc/userdel.d if the policy allows this.

However, again, the debate is whether this pertains to a low-level
utility or, again, to a high level one (such as deluser).

It seems to be this is converging towards a feature planned for
adduser/deluser, according to Marc Haber''s recent mail about another
bug we analysed.

This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--568760595-1316102325-1117039346=:3825
Content-Type: TEXT/PLAIN; charset=utf-8
Content-Transfer-Encoding: QUOTED-PRINTABLE

On Wed, 25 May 2005, Christian Perrier wrote:
> Quoting Tomasz K=C5=82oczko (kloczek@zie.pg.gda.pl):
> > On Wed, 25 May 2005, Christian Perrier wrote:
> >=20
> > > > Christian look on comment in src/userdel.c::user_cancel():
> > >=20
> > > Sure. Nice example. Probably a bit too hardcoded, depending on
> > > various cron and print system things (especially print systems).
> >=20
> > For this better will be better hook kind of skeleton script like:
> >=20
> > for i in /usr/lib/userdel.d/*.sh ; do
> >         if [ -x $i ]; then
> >                 . $i
> >         fi
> > done
> >=20
> > and all what is neccessary on user del will done depending on
partial=20
> > scripts installed by crond, lpr .. and other packages.
>=20
>=20
> The idea seems interesting. It would immediately draw, for Debian, the
> question of The Right Place for this userdel.d directory (probably
> /etc/userdel.d if the policy allows this.
/etc generaly is for configuration files.
Subdirectories in /usr/lib are for modules and program extensions (also=20
for scripts) and olso for ohter resources arch dependent (this is why=20
glibconfig.h header file is installed in /usr/lib subdirectory .. not in=20
/usr/include) so as far as I know FHS, LSB specyfications IMO=20
/usr/lib/userdel.d can be Right Place (tm) for this kind resources :)

Also use only /usr/lib/userdel.d/*.sh files as extensions allow put in=20
the same directory for example /usr/lib/userdel.d/userdel_hook script with=20
above content without conflicts with scripts installed by crond, lpd and=20
other packages.

Hmm .. maybe it will be also good prepare this skeleton script and default=20
userdel configuration directly in dist tar ball with shadow source and=20
document this in man pages (?). Probaly above form of this hook will be=20
accaptable also in other distribution enviroments (?).

kloczek
--=20
-----------------------------------------------------------
*Ludzie nie maj=B1 problem=F3w, tylko sobie sami je stwarzaj=B1*
-----------------------------------------------------------
Tomasz K=B3oczko, sys adm @zie.pg.gda.pl|*e-mail: kloczek@rudy.mif.pg.gda.pl*
--568760595-1316102325-1117039346=:3825--

Hi!

On Wed, May 25, 2005 at 06:42:26PM +0200, Tomasz Kłoczko
wrote:
> > > For this better will be better hook kind of skeleton script like:
> > > 
> > > for i in /usr/lib/userdel.d/*.sh ; do
> > >         if [ -x $i ]; then
> > >                 . $i
> > >         fi
> > > done
> > > 
> > > and all what is neccessary on user del will done depending on
partial
> > > scripts installed by crond, lpr .. and other packages.
> > 
> > The idea seems interesting. It would immediately draw, for Debian, the
> > question of The Right Place for this userdel.d directory (probably
> > /etc/userdel.d if the policy allows this.
> 
> /etc generaly is for configuration files.
> Subdirectories in /usr/lib are for modules and program extensions (also 
> for scripts) and olso for ohter resources arch dependent (this is why 
> glibconfig.h header file is installed in /usr/lib subdirectory .. not in 
> /usr/include) so as far as I know FHS, LSB specyfications IMO 
> /usr/lib/userdel.d can be Right Place (tm) for this kind resources :)
What about /etc/cron.{hourly|daily|weekly|monthly} and
/etc/init.d ? ;)
They are for _scripts_ too, _not plain config_ files...

Also:
/etc/apm/resume.d
/etc/apm/event.d
/etc/apm/other.d
/etc/apm/scripts.d
/etc/apm/suspend.d
/etc/ppp/ipv6-down.d
/etc/ppp/ipv6-up.d
/etc/ppp/ip-down.d
/etc/ppp/ip-up.d
/etc/cipe/ip-down.d
/etc/cipe/ip-up.d
/etc/emacs/site-start.d (?)
/etc/jed-init.d
/etc/dhcp3/dhclient-enter-hooks.d
/etc/network/if-post-down.d
/etc/network/if-up.d
/etc/network/if-down.d
/etc/network/if-pre-up.d
/etc/network/ip-down.d
/etc/network/ip-up.d
/etc/bash_completion.d

So in my opinion any _hook_ script, as it is also a
configuration file (from some point of view, at
least) and can also be added/removed by a system
administrator, may be placed according to either
rules for config files or modules.
But this should also follow "The Golden Rule Of Least
Surprise". (tm) ;)
So I vote for /etc (just compare `find /etc -name *.d`
with `find /usr/lib -name *.d`).
Better though is to use
  `find /etc -type f -a -perm +0111 | grep "\.d\>"`
  `find /usr/lib -type f -a -perm +0111 | grep "\.d\>"`
or something like that.

Also, we could split distribution-installed hook
scripts and sysadmin-installed ones. Then the former
should go under /usr/lib and latter under /etc, if
I remember correctly.

Please correct me if I''m wrong.
> Also use only /usr/lib/userdel.d/*.sh files as extensions allow put in 
> the same directory for example /usr/lib/userdel.d/userdel_hook script with 
> above content without conflicts with scripts installed by crond, lpd and 
> other packages.
So you propose to differentiate distribution-installed
scripts (i.e. scripts installed by cron, lpr, at and
other packages) by extension?
> Probaly above form of
> this hook will be accaptable also in other
> distribution enviroments (?).
Like RH/FC/ASPLinux, for example?

And please, remember about bug #104392, which is
closely related to what we discuss here and can
probably be resolved by introduction of _all_ of
userdel.d, useradd.d and passwd.d hook directories.
> Bug #104392: [TO CLOSE 20050523] passwd should
> include local customization like adduser/deluser
Citing Robert:
> adduser and deluser allow the admin of a machine to
> customize the operation of these scripts by calling
> /usr/local/sbin/$0.local if it exists.  I use this to
> keep auth information in sync between two machines.
> I need this feature for passwd as well.  I don''t want
> to use NIS. :)
-- 
WBR,
xrgtn

This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--568760595-1280850238-1117383912=:3825
Content-Type: TEXT/PLAIN; charset=utf-8
Content-Transfer-Encoding: QUOTED-PRINTABLE

On Sat, 28 May 2005, Alexander Gattin wrote:
> Hi!
>=20
> On Wed, May 25, 2005 at 06:42:26PM +0200, Tomasz K=C5=82oczko wrote:
> > > > For this better will be better hook kind of skeleton script
like:
> > > >=20
> > > > for i in /usr/lib/userdel.d/*.sh ; do
> > > >         if [ -x $i ]; then
> > > >                 . $i
> > > >         fi
> > > > done
> > > >=20
> > > > and all what is neccessary on user del will done depending
on partial=20
> > > > scripts installed by crond, lpr .. and other packages.
> > >=20
> > > The idea seems interesting. It would immediately draw, for
Debian, the
> > > question of The Right Place for this userdel.d directory
(probably
> > > /etc/userdel.d if the policy allows this.
> >=20
> > /etc generaly is for configuration files.
> > Subdirectories in /usr/lib are for modules and program extensions
(also=20
> > for scripts) and olso for ohter resources arch dependent (this is
why=20
> > glibconfig.h header file is installed in /usr/lib subdirectory .. not
in=20
> > /usr/include) so as far as I know FHS, LSB specyfications IMO=20
> > /usr/lib/userdel.d can be Right Place (tm) for this kind resources :)
>=20
> What about /etc/cron.{hourly|daily|weekly|monthly} and
> /etc/init.d ? ;)
> They are for _scripts_ too, _not plain config_ files...
>=20
> Also:
> /etc/apm/resume.d
> /etc/apm/event.d
> /etc/apm/other.d
> /etc/apm/scripts.d
> /etc/apm/suspend.d
> /etc/ppp/ipv6-down.d
> /etc/ppp/ipv6-up.d
> /etc/ppp/ip-down.d
> /etc/ppp/ip-up.d
> /etc/cipe/ip-down.d
> /etc/cipe/ip-up.d
> /etc/emacs/site-start.d (?)
> /etc/jed-init.d
> /etc/dhcp3/dhclient-enter-hooks.d
> /etc/network/if-post-down.d
> /etc/network/if-up.d
> /etc/network/if-down.d
> /etc/network/if-pre-up.d
> /etc/network/ip-down.d
> /etc/network/ip-up.d
> /etc/bash_completion.d
Look at FHS specyfication. Place scripts in /etc hierarhy is allowed if it
must be avalaible during system initialization and all above seems they=20
are this kind of resources.
This is not userdel case.
Now you see diffrence ? :)

[..]
> So you propose to differentiate distribution-installed
> scripts (i.e. scripts installed by cron, lpr, at and
> other packages) by extension?
Yes becase seems this case looks like common/idependent from diffrent=20
kind distribution "stilistics" :)

kloczek
--=20
-----------------------------------------------------------
*Ludzie nie maj=B1 problem=F3w, tylko sobie sami je stwarzaj=B1*
-----------------------------------------------------------
Tomasz K=B3oczko, sys adm @zie.pg.gda.pl|*e-mail: kloczek@rudy.mif.pg.gda.pl*
--568760595-1280850238-1117383912=:3825--