sys-user.eclass: don't remove users under normal circumstances.

diff --git a/eclass/sys-user.eclass b/eclass/sys-user.eclass
index d76e6190327aef906179ed0e0362d073aeeed540..e14cdfb733ec1a5947f8f681f1ef341b449c917d 100644 (file)
--- a/eclass/sys-user.eclass
+++ b/eclass/sys-user.eclass
@@ -271,11 +271,16 @@ sys-user_pkg_prerm() {
                # We have successfully done nothing.
                ewarn "Tried to remove nonexistent user ${SYS_USER_NAME}."
        elif [[ -z "${REPLACING_VERSIONS}" ]]; then
-               # The user to remove exists, and this is not an upgrade, so
-               # we really do remove him.
-               userdel "${SYS_USER_NAME}" || \
-                       die "failed to remove user ${SYS_USER_NAME}"
-               einfo "Removed user ${SYS_USER_NAME} from the system."
+               # The user to remove exists, and this is not an upgrade. For
+               # Phase 1, we maintain the status quo and simply refuse to
+               # remove him (unless you know what you are doing).
+               if [[ "${I_KNOW_WHAT_I_AM_DOING}" == "yes" ]]; then
+                       userdel "${SYS_USER_NAME}" || \
+                               die "failed to remove user ${SYS_USER_NAME}"
+                       einfo "Removed user ${SYS_USER_NAME} from the system."
+               else
+                       die "refusing to remove package for system user ${SYS_USER_NAME}"
+               fi
 
                # The missing case: if the user exists and this is an upgrade,
                # we leave the user alone to be modified in