Hello, Am Samstag, 17. Dezember 2011 schrieb Rüdiger Meier:
On Friday 16 December 2011, Pascal Bleser wrote:
On 2011-12-15 09:30:56 (+0100), Ludwig Nussel wrote:
So what about mandating an extra prefix or suffix to (new) system user names like 'daemon' or 'service'? ^^^^^ That being said, won't it be a massive pain in the bottom to migrate existing packages to that convention ? As well as for package upgrades ?
I guess there's a reason why Ludwig wrote "(new) system user" ;-) I agree that changing the existing system users would be a pain. OTOH avoiding possible conflicts at least for new system users is better than nothing. BTW: Should we do the same for the _groups_ used by daemons?
What about maintaining a blacklist of names reserved for system users only? useradd or yast could respect that list somehow.
Good idea. We have that list already [1] - copying it (automatically!) to the YaST package shouldn't be too hard.
BTW has anybody of you ever hit such user name conflict in practice? And if so wouldn't you notice and fix that quickly?
That depends ;-) If the system user exists first, you'll notice when you want to create the user. However if the "real" user exists first, the package installation will re-use this existing user, which means giving the daemon read and write access to the user's files... Oh well, if this ever happens in practise and the daemon has an AppArmor profile, I'll have a good argument to enable AppArmor by default again *g,d&r* Regards, Christian Boltz [1] in the target package of https://build.opensuse.org/request/show/96531 which I currently can't access (the build service errors out with "bad gateway") - in other words: sorry, no package and file name ;-) --
Es steht dir frei, dich auch auszutragen, damit du von Idioten wie David, Thorsten, Bernd, ... nicht weiter belästigt wirst. Und ich gehöre da nicht mehr dazu? [> Matthias Houdek und Florian Gross in suse-linux]
-- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org