Comment 2 for bug 1710579

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

The postinst script has guards against adding the user if it exists already:
    if [ ! `getent passwd snmp >/dev/null` ]; then

      if [ ! `getent group snmp >/dev/null` ]; then
         # no snmp user & group
         adduser --quiet --system --group --home $SNMPDIR \
                 --shell /usr/sbin/nologin snmp
      else
         # no snmp user, but snmp group exists
         adduser --quiet --system --ingroup snmp --home $SNMPDIR \
                 --shell /usr/sbin/nologin snmp
      fi

    elif [ ! `getent group snmp >/dev/null` ]; then

      # snmp user exists but no snmp group
      addgroup --quiet --system snmp

      # if user is local system user (not LDAP or so), then exec usermod
      # see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482041#25
      if [ ! `getent passwd snmp | cut -d':' -f3` -ge 1000 ]; then
        mkdir -p $SNMPDIR || true
        usermod -d $SNMPDIR -m -g snmp -s /usr/sbin/nologin snmp
      fi

    fi

It specifically uses getent to check for an existing user or group, in case it's in a remote (networked) database like ldap.

That being said, looks like it's not working:
root@xenial-snmpd-1710579:~# ./postinst.sh
+ set -e
+ SNMPDIR=/var/lib/snmp
+ getent passwd snmp
+ [ ! ]
+ getent group snmp
+ [ ! ]
+ echo no snmp user and group
no snmp user and group
+ adduser --quiet --system --group --home /var/lib/snmp --shell /usr/sbin/nologin snmp

That adduser call doesn't fail, though:
root@xenial-snmpd-1710579:~# adduser --quiet --system --group --home /var/lib/snmp --shell /usr/sbin/nologin snmp
root@xenial-snmpd-1710579:~# echo $?
0

Removing --quiet:
root@xenial-snmpd-1710579:~# adduser --system --group --home /var/lib/snmp --shell /usr/sbin/nologin snmp
Warning: The home dir /var/lib/snmp you specified already exists.
The system user `snmp' already exists. Exiting.
root@xenial-snmpd-1710579:~# echo $?
0

This warrants further debugging.