I'd like to propose the following addition to the packaging policy regarding users and groups (https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_Groups):
The names of users and groups which are created by a package should be prefixed with an underscore "_". This creates a safe namespace for the distribution and avoids collisions between system group and usernames which are created by packages and regular group and usernames.
Existing users and groups can be renamed with the following scriptlet:
%pre getent group GROUP >/dev/null && groupmod -n _GROUP GROUP getent group _GROUP >/dev/null || groupadd -r _GROUP getent passwd USER >/dev/null && usermod -l _USER USER getent passwd _USER >/dev/null || useradd -r -g _GROUP -d HOMEDIR -s /sbin/nologin -c "user for PACKAGENAME" _USER
Group or username collisions can be problematic, if a username required for a package already exists, the pre-scriptlet will silently re-use the user/group for the package. While YaST apparently contains a blacklist preventing the creation of known system users/goups, this is tedious to maintain manually and doesn't cover the case where an administrator creates accounts via useradd/groupadd or maintains users/groups in LDAP. The lack of a separate namespace also prevents the use of certain group or usernames which might be desired. There is precedent for the above policy, it has been implemented in OpenBSD since 2002/2003 where it requires changes to about half of the packages that provide users and/or groups. However, the overwhelming majority are simple configuration file changes and one-line patches to change hard-coded names (see also http://lists.opensuse.org/opensuse-packaging/2014-02/msg00103.html for a the numbers and https://build.opensuse.org/package/view_file/openSUSE:Factory/rpmlint/config... for the group and usernames currently in use). This policy should only be enforced for new packages while existing packages can be gradually converted, I'd be willing to help with that.