* Dirk Müller <dirk@dmllr.de> [2014-03-26 15:00]:
Packages that add unprivileged users to e.g. run daemons as need to use names that follow the following regular expression:
^_[0-9a-z][0-9a-z_]*$
I don't think the second character should be starting with a digit, so something like '^_[a-z][0-9a-z_]+$' would be more sensible.
The above was based on useradd(8) which currently enforces '[a-z_][a-z0-9_-]*[$]?'. Given that there are no system groups/users starting with a digit in openSUSE a more restrictive '^_[a-z][0-9a-z_]+$' as a variation of the original + '_'-prefix sounds reasonable.
Furthermore I think the user/group name that is added should have some correspondence to the package itself. My initial thought would have been "must have sub part of package name as part of its name", but that is slightly too strict (like e.g. forbidding www for apache2, which might not be what we want).
I have no particular opinion regarding that, however as was pointed out in the discussion on -packaging we need to take care not to create too long names, i.e. strive to remain below 8 characters if possible.
Out of curiosity: did you compare this suggested policy to what other distributions (debian or fedora for example) do? We're not going to
Yes, they have no specific policies regarding user/group names, see e.g. Section 9.2.1 in the Debian Policy Manual: https://www.debian.org/doc/debian-policy/ch-opersys.html#s9.2.1
win anything by being for example explicitely incompatible with Debian. The reason I'm mentioning this is because some upstreams do not accept patches for adding support for something that is debian policy incompatible.
Even though nothing contradicts this in Debian/Fedora policy, there may also be a few cases where upstream insists on hardcoding users/groups. In such cases we'd have to patch like we e.g. do with paths that contradict the FHS, in the vast majority of cases this is fairly trivial from what I've seen in the OpenBSD ports. -- Guido Berhoerster -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org