Christian Boltz wrote:
Am Samstag, 17. Dezember 2011 schrieb Rüdiger Meier:
On Friday 16 December 2011, Pascal Bleser wrote:
On 2011-12-15 09:30:56 (+0100), Ludwig Nussel wrote:
So what about mandating an extra prefix or suffix to (new) system user names like 'daemon' or 'service'? ^^^^^ That being said, won't it be a massive pain in the bottom to migrate existing packages to that convention ? As well as for package upgrades ?
I guess there's a reason why Ludwig wrote "(new) system user" ;-)
I agree that changing the existing system users would be a pain. OTOH avoiding possible conflicts at least for new system users is better than nothing.
Exactly. Maybe we don't need a hard policy either but rather only decide on a case by case basis. 'tor' certainly is something I'd like to see renamed as it's a) very short and b) a valid first name in some languages. Things like e.g. 'lightdm' on the other hand are rather unlikely to collide I suppose :-)
BTW: Should we do the same for the _groups_ used by daemons?
I guess conflicts there are less likely. Most daemons that also create a group simply use the same name for both user and group though.
What about maintaining a blacklist of names reserved for system users only? useradd or yast could respect that list somehow.
Good idea. We have that list already [1] - copying it (automatically!) to the YaST package shouldn't be too hard.
That doesn't help in networked environments (NIS, LDAP etc).
BTW has anybody of you ever hit such user name conflict in practice?
No. Fortunately the candidates for collision (like e.g. 'jonas') are usually not in core packages that are installed on every system.
And if so wouldn't you notice and fix that quickly?
That depends ;-)
If the system user exists first, you'll notice when you want to create the user.
... or when the real user wants to log in and can't because the system account is in /etc/passwd which has precedence over network db's. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org