On Wednesday 26 March 2014 11:55:51 Guido Berhoerster wrote:
Hello,
after initial discussion on the -packaging list (see http://lists.opensuse.org/opensuse-packaging/2014-02/msg00136.html) and incorporating some of the feedback we would like to introduce the attached openSUSE Enhancement Proposal about creating a safe namspace of system user and group names. Further comments and reviews would be appreciated.
Full text of the OSEP (currently maintained at https://github.com/lnussel/osep_opensuse_usernames/blob/master/opensuse_user names.txt):
_____________________________________________________________________ OSEP: XXXX Title: Informational proposal: openSUSE Distribution Daemon User and Group Names Version: 0.1 Last-Modified: 03 Mar 2014 Author: Guido Berhoerster <gber@opensuse.org>, Ludwig Nussel <ludwig.nussel@suse.de> Status: Draft Type: Informational Created: 28 Feb 2014 Post-History: _____________________________________________________________________
Abstract --------
This OSEP proposes a defined pattern for unprivileged system user and group names.
Specification -------------
Packages that add unprivileged users to e.g. run daemons as need to use names that follow the following regular expression:
^_[0-9a-z][0-9a-z_]*$
This policy is meant to be applied to all packages that are new to openSUSE Factory. Existing packages are encouraged to switch to the new policy.
This is certainly doable, though much effort would have to convince the various upstreams. We'll just win nothing if this becomes a openSUSE-specific thing. As an example, we started to be nice citizens and prefixed all of our OpenStack package daemon users with "openstack-". We recently reverted that because one of the OpenStack sub-projects refused to support those. Since we're not exactly the leading horse in the distro race, we better get some good allies (as in $OTHER_DISTROS) or this is doomed to fail. -- Viele Grüße, Sascha Peilicke -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org