Debian got squeeze released, and ideas are brewing for what to do during the next release cycle. Here's an idea I had lying around. I'm throwing it out there, since I won't have time to do anything about it for at least a little while, but perhaps someone else thinks it's a good idea? Or, better yet, you can all tell me in comments why this is a bad idea, or at least why it should be designed in a different way.

NAME
       addsysuser, delsysuser - create and remove systems user in Debian pack‐
       ages

SYNOPSIS
       addsysuser [options] username

       delsysuser [options] username

DESCRIPTION
       addsysuser creates a system user, and delsysuser removes it.  The  pur‐
       puse  of these tools is to make it easier for Debian packages to create
       and remove system users as  the  pacakges  are  installed  and  purged.
       These are wrappers around adduser(8) and deluser(8).

       addsysuser  will  create the system user, unless it already exists.  If
       the user already exists, it does nothing.

       delsysuser removes the user.  However,  the  system  administrator  may
       configure  it  to  never remove the user, or to remove only some users.
       Use the /etc/adduser.conf for the settings:

       DELETESYSTEMUSERS
          Set to true or false  depending  on  whether  delsysuser  should
          remove the system user or not.  Defaults to true.

OPTIONS
       -p, --packagePACKAGE
          Record the user as being used by a specific package.  Many pack‐
          ages can use the same user.  delsysuser  will  only  remove  the
          user when no packages are using it anymore.

       --no-act
          Only  pretend  to call adduser or deluser without actually doing
          so.  This allows easier testing of command lines.

FILES
       /etc/adduser.conf
          Configuration file for addsysuser and delsysuser.

EXAMPLE
       In the postinst script:

          addsysuser --package hello hellouser

       In the postrm script:

          delsysuser --package hello hellouser

SEE ALSO
       adduser(8), deluser(8).
I've done this in a few packages already and I'm never sure I'm getting it quite right. Would love to see a description of how to do this properly (i.e. how you think these tools should be implemented).
Comment by fmarier Mon Feb 7 01:23:14 2011

These commands look useful, but the name is confusing. It is more about adding package users than adding system users. It also adds to the existing confusion of adduser/useradd.

dpkg-adduser sounds more descriptive to me.

Comment by Udi Mon Feb 7 01:37:19 2011

Udi, dpkg-adduser is an excellent name! dpkg-deluser would then be the removal tool.

fmarier, I'm pretty sure that grepping through all the postinsts and postrms in the archive, one could find a few dozen different ways of doing this. Picking out the best practices shouldn't be too difficult.

The remaining question would be to decide which package they should be part of. Probably adduser so that there's no need for extra dependencies anywhere: any package already creating and removing users needs to depend on adduser.

Comment by Lars Wirzenius Mon Feb 7 09:12:52 2011

Guillem Jover, the dpkg maintainer, sent me the following by e-mail and gave permission to quote it publically.

About dpkg-adduser and dpkg-deluser (or similar), yes I think it's a good idea (although not the part of adding dpkg namespaced binaries into adduser :), something I've had in my mind and considered from several angles:

1) as a way to integrate user handling into dpkg proper, so that those could end up being eventually managed by dpkg itself from a control file, thus removing one more need for a maintainer script and developer mistakes, and to increase traceability.

2) as a way to help embedded systems, as at the time adduser was one of those few packages required which pulls perl. When I last briefly looked into it some months ago, it seemed to me the passwd package now provides most of what's needed to comfortably handle system users, so I had in mind proposing to switch from adduser/deluser to useradd/userdel, but didn't have to time yet to check if there was other reasons for using adduser instead of raw passwd.

Comment by Lars Wirzenius Mon Feb 14 08:29:37 2011