[Bug] Non-system headscale user and group from DEB packages #876

New Issue

adam · 2025-12-29T02:25:08+01:00

adam commented

2025-12-29 02:25:08 +01:00

Originally created by @maxlysenko on GitHub (Dec 11, 2024).

Is this a support request?

This is not a support request

Is there an existing issue for this?

I have searched the existing issues

Current Behavior

DEB packages from v0.23.0 release create non-system user and group with /home/headscale home dir and /bin/sh shell.

Expected Behavior

Creating system user and system group with /var/lib/headscale home dir and /usr/sbin/nologin shell.
Similar to the way described in thedocumentation for installation from official standalone binaries

sudo useradd \
 --create-home \
 --home-dir /var/lib/headscale/ \
 --system \
 --user-group \
 --shell /usr/sbin/nologin \
 headscale

Steps To Reproduce

Install v0.23.0 using DEB package from the GitHub releases page on a system where no headscale user and group exists.

Environment

- OS: Ubuntu 22.04
- Headscale version: 0.23.0
- Tailscale version:

Runtime environment

Headscale is behind a (reverse) proxy
Headscale runs in a container

Anything else?

I see that postinstall.sh was updated in #2134 after release of v0.23.0 with fixes for home dir and shell, but maybe it still makes sense to create system user and system group?
E.g. by adding -r option for useradd and groupadd and adding -S option for Alpine's addgroup, like

useradd -r -s "$HEADSCALE_SHELL" -d "$HEADSCALE_HOME_DIR" -c "headscale default user" "$HEADSCALE_USER"
groupadd -r "$HEADSCALE_GROUP"
addgroup -S "$HEADSCALE_GROUP"

Originally created by @maxlysenko on GitHub (Dec 11, 2024). ### Is this a support request? - [X] This is not a support request ### Is there an existing issue for this? - [X] I have searched the existing issues ### Current Behavior DEB packages from v0.23.0 release create non-system user and group with `/home/headscale` home dir and `/bin/sh` shell. ### Expected Behavior Creating system user and system group with `/var/lib/headscale` home dir and `/usr/sbin/nologin` shell. Similar to the way described in the[documentation](https://headscale.net/stable/setup/install/official/#using-standalone-binaries-advanced) for installation from official standalone binaries ```shell sudo useradd \ --create-home \ --home-dir /var/lib/headscale/ \ --system \ --user-group \ --shell /usr/sbin/nologin \ headscale ``` ### Steps To Reproduce Install v0.23.0 using DEB package from the [GitHub releases page](https://github.com/juanfont/headscale/releases/tag/v0.23.0) on a system where no headscale user and group exists. ### Environment ```markdown - OS: Ubuntu 22.04 - Headscale version: 0.23.0 - Tailscale version: ``` ### Runtime environment - [ ] Headscale is behind a (reverse) proxy - [ ] Headscale runs in a container ### Anything else? I see that [postinstall.sh](https://github.com/juanfont/headscale/blob/main/docs/packaging/postinstall.sh) was updated in #2134 after release of v0.23.0 with fixes for home dir and shell, but maybe it still makes sense to create system user and system group? E.g. by adding `-r` option for `useradd` and `groupadd` and adding `-S` option for Alpine's `addgroup`, like ```shell useradd -r -s "$HEADSCALE_SHELL" -d "$HEADSCALE_HOME_DIR" -c "headscale default user" "$HEADSCALE_USER" groupadd -r "$HEADSCALE_GROUP" addgroup -S "$HEADSCALE_GROUP" ```

adam added the stale bug labels 2025-12-29 02:25:08 +01:00

adam closed this issue

2025-12-29 02:25:08 +01:00

adam commented

2025-12-29 02:25:09 +01:00

@github-actions[bot] commented on GitHub (Apr 4, 2025):

This issue is stale because it has been open for 90 days with no activity.

@github-actions[bot] commented on GitHub (Apr 4, 2025): This issue is stale because it has been open for 90 days with no activity.

adam commented

2025-12-29 02:25:09 +01:00

@github-actions[bot] commented on GitHub (Apr 11, 2025):

This issue was closed because it has been inactive for 14 days since being marked as stale.

@github-actions[bot] commented on GitHub (Apr 11, 2025): This issue was closed because it has been inactive for 14 days since being marked as stale.

Sign in to join this conversation.

Branches Tags

main

update_flake_lock_action

gh-pages

kradalby/release-v0.27.2

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/github.com/opencontainers/runc-1.3.3

copilot/investigate-headscale-issue-2788

copilot/investigate-visibility-issue-2788

copilot/investigate-issue-2833

copilot/debug-issue-2846

copilot/fix-issue-2847

dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0

dependabot/go_modules/github.com/docker/docker-28.3.3incompatible

kradalby/cli-experiement3

doc/0.26.1

doc/0.25.1

doc/0.25.0

doc/0.24.3

doc/0.24.2

doc/0.24.1

doc/0.24.0

kradalby/build-docker-on-pr

topic/docu-versioning

topic/docker-kos

juanfont/fix-crash-node-id

juanfont/better-disclaimer

update-contributors

topic/prettier

revert-1893-add-test-stage-to-docs

add-test-stage-to-docs

remove-node-check-interval

fix-empty-prefix

fix-ephemeral-reusable

bug_report-debuginfo

autogroups

logs-to-stderr

revert-1414-topic/fix_unix_socket

rename-machine-node

port-embedded-derp-tests-v2

port-derp-tests

duplicate-word-linter

update-tailscale-1.36

warn-against-apache

ko-fi-link

more-acl-tests

fix-typo-standalone

parallel-nolint

tparallel-fix

rerouting

ssh-changelog-docs

oidc-cleanup

web-auth-flow-tests

kradalby-gh-runner

fix-proto-lint

remove-funding-links

go-1.19

enable-1.30-in-tests

0.16.x

cosmetic-changes-integration

tmp-fix-integration-docker

fix-integration-docker

configurable-update-interval

show-nodes-online

hs2021

acl-syntax-fixes

ts2021-implementation

fix-spurious-updates

unstable-integration-tests

mandatory-stun

embedded-derp

prtemplate-fix

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/headscale#876