On Fri, Feb 28, 2014 at 5:32 AM, Bernhard Voelker
On 02/28/2014 10:53 AM, Guido Berhoerster wrote:
I'd like to propose the following addition to the packaging policy regarding users and groups (https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_Groups):
The names of users and groups which are created by a package should be prefixed with an underscore "_". This creates a safe namespace for the distribution and avoids collisions between system group and usernames which are created by packages and regular group and usernames.
I'm afraid I don't get the point.
What are examples of possible collisions? I mean which of the following are subject to collisions on a typical system?
$ cut -d: -f1 /etc/passwd | head -n -2 | paste -s -d ' ' at avahi bin colord daemon dnsmasq ftp games gdm lp mail man messagebus news nobody nscd ntop ntp obsrun polkitd postfix pulse root rtkit sshd statd svn tftp usbmux uucp vboxadd wwwrun
The "problem" with this example is you're only looking at local accounts and not including environments which use external naming services such as NIS/NIS+, LDAP, AD, etc, which may has hundreds or thousands of accounts and groups. In these environments collisions happen regardless of how much to try to limit scoop of user/group lookups.
Second, this will be inconsistent anyway because I don't think that anyone will want to rename e.g. 'root' to '_root' (for which someone already proposed an exemption list).
Third, some daemon user names today are already too long (>8) for tools like ps(1) ...
useradd(8) limits users names to 32 chars, see the CAVEATS section, however that is a local limit and if you're using an external name service longer user names are valid. I just created an LDAP user w/a username of 72 char's which was completely valid, not that I'm saying you'd want to do that. The LOGIN_NAME_MAX, getconf LOGIN_NAME_MAX, on my SLES/openSUSE systems is 256, and POSIX 2.9.2, _POSIX_LOGIN_NAME_MAX, sets that value to 9 chars.
$ ps -fu messagebus | cut -c 1-30 UID PID PPID C STIME message+ 413 1 0 Feb27
... and therefore an additional "_" makes things worse.
With the above in mind, I'd tend to -1.
Have a nice day, Berny
-- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org