[opensuse-packaging] policy for naming users?
Hi, is there any kind of policy for the name of a user that is created by an opensuse package %pre script? Does it have to match the name of the package? the init script? https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_Groups is quite vague on that. Is there a way to "register" usernames ? if so, which one is it? I looked at FHS but couldn't find a good pointer. Is there one? Thanks, Dirk -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Monday 2014-02-17 18:26, Dirk Müller wrote:
is there any kind of policy for the name of a user that is created by an opensuse package %pre script? Does it have to match the name of the package? the init script?
None of the sort.
Is there a way to "register" usernames ?
Nope. This is why we have "wwwrun", and Fedora has "apache" (or was it "httpd"?) :p -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Feb 17, 2014, at 11:42 AM, Jan Engelhardt <jengelh@inai.de> wrote:
On Monday 2014-02-17 18:26, Dirk Müller wrote:
Is there a way to "register" usernames ?
Nope. This is why we have "wwwrun", and Fedora has "apache" (or was it "httpd"?) :p
I think he meant register with [open]SUSE, not a wider organization like FHS or FDO. Perhaps something like what FreeBSD does with ports: http://svnweb.freebsd.org/ports/head/UIDs?view=markup I take it the answer is still no. Shame, but overall a minor thing. It is nice with the FreeBSD way giving you consistent UIDs on every package installation, so you can copy files from one box to another without having to check (and maybe fix) ownership afterwards. (I ran into this with the SUSE SMT tool, which was harder to fix since the package uses not just UNIX permissions but also ACLs. At least they documented this after I reported it.) Actually, it seems some packages (e.g. openssh, mysql) do have set UIDs in their preinstall scripts, but I'm not aware of a master list. If there is, perhaps it's internal, and only applicable to packages in the main repo. It would need to be a public, curated list to avoid UID conflicts, which would be worse than nondeterministic UIDs. -Andrew-- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
* Dirk Müller <dirk@dmllr.de> [2014-02-17 18:26]:
is there any kind of policy for the name of a user that is created by an opensuse package %pre script? Does it have to match the name of the package? the init script?
https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_Groups
is quite vague on that.
Is there a way to "register" usernames ? if so, which one is it? I looked at FHS but couldn't find a good pointer. Is there one?
There isn't, but it would be really helpful to have one, in particular a distribution-wide registry as well as a naming convention that helps to prevent collisions between system user/groupnames and real users. OpenBSD has a very sensible policy of starting system user/groupnames with a "_" for this reason. -- Guido Berhoerster -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Monday 2014-02-17 19:02, Guido Berhoerster wrote:
* Dirk Müller <dirk@dmllr.de> [2014-02-17 18:26]:
is there any kind of policy for the name of a user that is created by an opensuse package %pre script? Does it have to match the name of the package? the init script?
https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_Groups
is quite vague on that.
Is there a way to "register" usernames ? if so, which one is it? I looked at FHS but couldn't find a good pointer. Is there one?
There isn't, but it would be really helpful to have one, in particular a distribution-wide registry as well as a naming convention that helps to prevent collisions between system user/groupnames and real users.
I was under the impression SUSE had practically thrown that concept out and shifted away from preallocating in /etc/passwd to using %pre+useradd for most of the packages. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
* Jan Engelhardt <jengelh@inai.de> [2014-02-17 19:26]:
On Monday 2014-02-17 19:02, Guido Berhoerster wrote:
* Dirk Müller <dirk@dmllr.de> [2014-02-17 18:26]:
is there any kind of policy for the name of a user that is created by an opensuse package %pre script? Does it have to match the name of the package? the init script?
https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_Groups
is quite vague on that.
Is there a way to "register" usernames ? if so, which one is it? I looked at FHS but couldn't find a good pointer. Is there one?
There isn't, but it would be really helpful to have one, in particular a distribution-wide registry as well as a naming convention that helps to prevent collisions between system user/groupnames and real users.
I was under the impression SUSE had practically thrown that concept out and shifted away from preallocating in /etc/passwd to using %pre+useradd for most of the packages.
I didn't mean preallocating /etc/passwd, just a policy to mandate that system have a certain prefix so admins can easily prevent collisions. A registry could have the form of a wiki page or simple text file so packagers have a quick overview of what names are taken by what package. -- Guido Berhoerster -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Mon 17 Feb 2014 07:42:13 PM CST, Guido Berhoerster wrote:
* Jan Engelhardt <jengelh@inai.de> [2014-02-17 19:26]:
On Monday 2014-02-17 19:02, Guido Berhoerster wrote:
* Dirk Müller <dirk@dmllr.de> [2014-02-17 18:26]:
is there any kind of policy for the name of a user that is created by an opensuse package %pre script? Does it have to match the name of the package? the init script?
https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_Groups
is quite vague on that.
Is there a way to "register" usernames ? if so, which one is it? I looked at FHS but couldn't find a good pointer. Is there one?
There isn't, but it would be really helpful to have one, in particular a distribution-wide registry as well as a naming convention that helps to prevent collisions between system user/groupnames and real users.
I was under the impression SUSE had practically thrown that concept out and shifted away from preallocating in /etc/passwd to using %pre+useradd for most of the packages.
I didn't mean preallocating /etc/passwd, just a policy to mandate that system have a certain prefix so admins can easily prevent collisions. A registry could have the form of a wiki page or simple text file so packagers have a quick overview of what names are taken by what package. Hi That would be nice, I have a system user called htopd for my systemd-htop-service package...
-- Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890) openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.2 Kernel 3.11.10-7-desktop up 4:09, 4 users, load average: 0.06, 0.09, 0.10 CPU Intel® B840@1.9GHz | GPU Intel® Sandybridge Mobile -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
Guido Berhoerster wrote:
* Jan Engelhardt <jengelh@inai.de> [2014-02-17 19:26]:
On Monday 2014-02-17 19:02, Guido Berhoerster wrote:
* Dirk Müller <dirk@dmllr.de> [2014-02-17 18:26]:
is there any kind of policy for the name of a user that is created by an opensuse package %pre script? Does it have to match the name of the package? the init script?
https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_Groups
is quite vague on that.
Is there a way to "register" usernames ? if so, which one is it? I looked at FHS but couldn't find a good pointer. Is there one?
There isn't, but it would be really helpful to have one, in particular a distribution-wide registry as well as a naming convention that helps to prevent collisions between system user/groupnames and real users.
I was under the impression SUSE had practically thrown that concept out and shifted away from preallocating in /etc/passwd to using %pre+useradd for most of the packages.
I didn't mean preallocating /etc/passwd, just a policy to mandate that system have a certain prefix so admins can easily prevent collisions. A registry could have the form of a wiki page or simple text file so packagers have a quick overview of what names are taken by what package.
I proposed something like that a while ago too¹. The first step towards that direction was to collect the usernames we already have. The list is in rpmlint² now. I don't think we can solve that problem alone though. We need to coordinate with other distros to have some weight against upstreams. So what's missing is a policy draft that could be used to talk to others and someone to drive the initiative. cu Ludwig [1] http://lists.opensuse.org/archive/opensuse-packaging/2011-12/msg00183.html [2] https://build.opensuse.org/package/view_file/openSUSE:Factory/rpmlint/config... -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
* Ludwig Nussel <ludwig.nussel@suse.de> [2014-02-18 13:36]:
Guido Berhoerster wrote:
* Jan Engelhardt <jengelh@inai.de> [2014-02-17 19:26]:
On Monday 2014-02-17 19:02, Guido Berhoerster wrote:
* Dirk Müller <dirk@dmllr.de> [2014-02-17 18:26]:
is there any kind of policy for the name of a user that is created by an opensuse package %pre script? Does it have to match the name of the package? the init script?
https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_Groups
is quite vague on that.
Is there a way to "register" usernames ? if so, which one is it? I looked at FHS but couldn't find a good pointer. Is there one?
There isn't, but it would be really helpful to have one, in particular a distribution-wide registry as well as a naming convention that helps to prevent collisions between system user/groupnames and real users.
I was under the impression SUSE had practically thrown that concept out and shifted away from preallocating in /etc/passwd to using %pre+useradd for most of the packages.
I didn't mean preallocating /etc/passwd, just a policy to mandate that system have a certain prefix so admins can easily prevent collisions. A registry could have the form of a wiki page or simple text file so packagers have a quick overview of what names are taken by what package.
I proposed something like that a while ago too¹. The first step towards that direction was to collect the usernames we already have. The list is in rpmlint² now.
That's what I had in mind, good to see it's already implemented. It's not perfect though since a warning only triggers if the package delivers a file or directory owned by the user.
I don't think we can solve that problem alone though. We need to coordinate with other distros to have some weight against upstreams. So what's missing is a policy draft that could be used to talk to others and someone to drive the initiative.
I think that user/group names fall into downstream territory, is there actually any significant amount of packages which are hardcoded to a certain user/group name? If that is the case, it is undesirable and should be fixed anyway as it should be up to admins who install it manually or distro packagers to decide. And although it is a bit smaller than openSUSE's package base there is already precedent with OpenBSD's user and group names using an underscore prefix for all system accouns in the base system and ports collection. How about this simple addition to the packaging policy: The names of users and groups which are created by a package should start with an underscore "_". This policy aims to avoid collisions between the names of users and groups created by packages and those created by the system administrator. aaa_base should be exempt from this since it provides a number of accounts which by convention are expected to be present on a UN*X system such as root, bin, daemon, nodbody, or nogroup. Another question is how to handle the renaming of user/group names in packages. I suppose that could be handled in %pre like this: getent group foo >/dev/null && groupmod -n _foo foo getent group _foo >/dev/null || groupadd -r _foo getent passwd foo >/dev/null && usermod -l _foo foo getent passwd _foo >/dev/null || useradd -r -g _foo -d HOMEDIR -s /sbin/nologin -c "user for PACKAGENAME" _foo but in some later release we might want to get rid of this again easily. A macro might help there but break on older releases. Any ideas how that could be handled?
[1] http://lists.opensuse.org/archive/opensuse-packaging/2011-12/msg00183.html [2] https://build.opensuse.org/package/view_file/openSUSE:Factory/rpmlint/config...
-- Guido Berhoerster -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
Guido Berhoerster wrote:
* Ludwig Nussel <ludwig.nussel@suse.de> [2014-02-18 13:36]:
Guido Berhoerster wrote:
* Jan Engelhardt <jengelh@inai.de> [2014-02-17 19:26]:
On Monday 2014-02-17 19:02, Guido Berhoerster wrote:
* Dirk Müller <dirk@dmllr.de> [2014-02-17 18:26]:
is there any kind of policy for the name of a user that is created by an opensuse package %pre script? Does it have to match the name of the package? the init script?
https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_Groups
is quite vague on that.
Is there a way to "register" usernames ? if so, which one is it? I looked at FHS but couldn't find a good pointer. Is there one?
There isn't, but it would be really helpful to have one, in particular a distribution-wide registry as well as a naming convention that helps to prevent collisions between system user/groupnames and real users.
I was under the impression SUSE had practically thrown that concept out and shifted away from preallocating in /etc/passwd to using %pre+useradd for most of the packages.
I didn't mean preallocating /etc/passwd, just a policy to mandate that system have a certain prefix so admins can easily prevent collisions. A registry could have the form of a wiki page or simple text file so packagers have a quick overview of what names are taken by what package.
I proposed something like that a while ago too¹. The first step towards that direction was to collect the usernames we already have. The list is in rpmlint² now.
That's what I had in mind, good to see it's already implemented. It's not perfect though since a warning only triggers if the package delivers a file or directory owned by the user.
Yes. It could be extended to look at the %pre script and check for useradd of course.
I don't think we can solve that problem alone though. We need to coordinate with other distros to have some weight against upstreams. So what's missing is a policy draft that could be used to talk to others and someone to drive the initiative.
I think that user/group names fall into downstream territory, is there actually any significant amount of packages which are hardcoded to a certain user/group name? If that is the case, it is undesirable and should be fixed anyway as it should be up to admins who install it manually or distro packagers to decide. And although it is a bit smaller than openSUSE's package base there is already precedent with OpenBSD's user and group names using an underscore prefix for all system accouns in the base system and ports collection.
If there's already an established method to solve the problem that is even better. Do we know if the openbsd method has downsides? Does any other system use the same schema?
Another question is how to handle the renaming of user/group names in packages. I suppose that could be handled in %pre like this:
getent group foo >/dev/null && groupmod -n _foo foo getent group _foo >/dev/null || groupadd -r _foo getent passwd foo >/dev/null && usermod -l _foo foo getent passwd _foo >/dev/null || useradd -r -g _foo -d HOMEDIR -s /sbin/nologin -c "user for PACKAGENAME" _foo
Assuming that system users are always in /etc/passwd the most simple way would be sed -i -e "/^foo:/s/^/_/" /etc/passwd I wouldn't enforce that right away though. Having a policy in place for new packages would be a big step already. Btw, having system users in /etc/passwd also is kind of ugly as that file is meant to be modified by the admin (like anything in /etc). I was thinking whether it would be feasible to have packages drop a file with their user specification somewhere and have the name service switch read that. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
* Ludwig Nussel <ludwig.nussel@suse.de> [2014-02-19 11:57]:
Guido Berhoerster wrote:
I think that user/group names fall into downstream territory, is there actually any significant amount of packages which are hardcoded to a certain user/group name? If that is the case, it is undesirable and should be fixed anyway as it should be up to admins who install it manually or distro packagers to decide. And although it is a bit smaller than openSUSE's package base there is already precedent with OpenBSD's user and group names using an underscore prefix for all system accouns in the base system and ports collection.
If there's already an established method to solve the problem that is even better. Do we know if the openbsd method has downsides? Does
I'm not aware of anything, from the vcs log this was introduced in 2002 for the base system and has been madatory for ports since 2003. It does require a bit of work, I did a quick analysis of a checked out ports tree, there are 210 packages introducing system users or groups, approximately 93 have some kind of modification related to user/group names (configuration file, patches), 77 of those have patches related to user/group names, 47 of the patches modify configuration files, 22 patches actually modify code.
any other system use the same schema?
Looking at my FreeBSD system there seems to be some prefixed accounts but that's probably from code imported from OpenBSD e.g. dhclient, I'm not aware of any other systems using such a scheme.
Another question is how to handle the renaming of user/group names in packages. I suppose that could be handled in %pre like this:
getent group foo >/dev/null && groupmod -n _foo foo getent group _foo >/dev/null || groupadd -r _foo getent passwd foo >/dev/null && usermod -l _foo foo getent passwd _foo >/dev/null || useradd -r -g _foo -d HOMEDIR -s /sbin/nologin -c "user for PACKAGENAME" _foo
Assuming that system users are always in /etc/passwd the most simple way would be sed -i -e "/^foo:/s/^/_/" /etc/passwd
I wouldn't enforce that right away though. Having a policy in place for new packages would be a big step already.
Yes, only a gradual transition is possible.
Btw, having system users in /etc/passwd also is kind of ugly as that file is meant to be modified by the admin (like anything in /etc). I was thinking whether it would be feasible to have packages drop a file with their user specification somewhere and have the name service switch read that.
Lets exclude that for now since it is not related to the issue and it opens a whole new can of worms. -- Guido Berhoerster -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Monday 17 February 2014 18:26:03 Dirk Müller wrote:
Hi,
is there any kind of policy for the name of a user that is created by an opensuse package %pre script? Does it have to match the name of the package? the init script?
Not to my knowledge. LSB Core only briefly covers this [1] but from my past experience, we have some soft rules. We try to stick to prior art, i.e. if a package existed for years in $distro, there's no need to deviate. Sometimes things are developed in parallel so everyone ends up with a slightly different solution. There is no "it has to", there's just what people did so far. If that helps you we can certainly clarify and produce some rules.
https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_Groups
is quite vague on that.
Is there a way to "register" usernames ? if so, which one is it? I looked at FHS but couldn't find a good pointer. Is there one?
Things like these are usually handled by LANANA, but they don't have a list of user / group names either, only init / cron script names [2]. When it comes to openSUSE, the way to "register" usernames should be known to you actually. Citing rpmlint's "config" file: addDetails('non-standard-uid', '''A file in this package is owned by an unregistered user id. To register the user, please branch the devel:openSUSE:Factory:rpmlint rpmlint package, add the user to the "config" file and send a submitrequest. ''', [1] http://refspecs.linux-foundation.org/LSB_4.0.0/LSB-Core-generic/LSB-Core-gen... [2] http://www.lanana.org/ -- With kind regards, Sascha Peilicke SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nuernberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Tue, Feb 18, 2014 at 10:53:21AM +0100, Sascha Peilicke wrote:
On Monday 17 February 2014 18:26:03 Dirk Müller wrote:
Hi,
is there any kind of policy for the name of a user that is created by an opensuse package %pre script? Does it have to match the name of the package? the init script?
Not to my knowledge. LSB Core only briefly covers this [1] but from my past experience, we have some soft rules. We try to stick to prior art, i.e. if a package existed for years in $distro, there's no need to deviate. Sometimes things are developed in parallel so everyone ends up with a slightly different solution. There is no "it has to", there's just what people did so far. If that helps you we can certainly clarify and produce some rules.
https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_Groups
is quite vague on that.
Is there a way to "register" usernames ? if so, which one is it? I looked at FHS but couldn't find a good pointer. Is there one?
Things like these are usually handled by LANANA, but they don't have a list of user / group names either, only init / cron script names [2]. When it comes to openSUSE, the way to "register" usernames should be known to you actually. Citing rpmlint's "config" file:
addDetails('non-standard-uid', '''A file in this package is owned by an unregistered user id. To register the user, please branch the devel:openSUSE:Factory:rpmlint rpmlint package, add the user to the "config" file and send a submitrequest. ''',
Also apply additional common sense... Names that might match real people names or username patterns should generally be avoided. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
Sascha Peilicke <speilicke@suse.com> writes:
Citing rpmlint's "config" file:
addDetails('non-standard-uid', '''A file in this package is owned by an unregistered user id. To register the user, please branch the devel:openSUSE:Factory:rpmlint rpmlint package, add the user to the "config" file and send a submitrequest. ''',
This only triggers if the package actually contains a file owned by the new user, but a daemon may just want to switch to an (unprivileged) unique user during runtime (eg. nscd runs as user nscd by default). Andreas. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different." -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
participants (9)
-
Andreas Schwab -
Andrew Daugherity -
Dirk Müller -
Guido Berhoerster -
Jan Engelhardt -
Ludwig Nussel -
Malcolm -
Marcus Meissner -
Sascha Peilicke