On Friday 16 December 2011, Pascal Bleser wrote:
On 2011-12-15 09:30:56 (+0100), Ludwig Nussel <ludwig.nussel@suse.de> wrote:
There's a request to add a system user 'tor': https://build.opensuse.org/request/show/96531
There is no name space separation between system users and actual logins. So especially for short names like the above there is a chance that it could collide with an already existing user name on some system. Having a system service running with the uid of an actual user isn't desirable. So what about mandating an extra prefix or suffix to (new) system user names like 'daemon' or 'service'? Ie in the above example the user name would be 'tor-daemon' or 'tor-service' instead of 'tor'. Other thoughts?
Sounds like an interesting idea. Another, more specific separator would have been even nicer (e.g. ":"), but that's not allowed in UNIX usernames.
That being said, won't it be a massive pain in the bottom to migrate existing packages to that convention ? As well as for package upgrades ?
I also think the idea seems reasonable but in practice renaming existing system users would be a real pain. I have synced my system users/uids across all systems and would not want to get them renamed on zypper dup and also would not want to see different names on fresh installations. Also note that tools like top only shows first 8 chars of user names or uid only if name is longer. What about maintaining a blacklist of names reserved for system users only? useradd or yast could respect that list somehow. BTW has anybody of you ever hit such user name conflict in practice? And if so wouldn't you notice and fix that quickly? cu, Rudi -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org