[opensuse-packaging] namespace for system users?
Hi, There's a request to add a system user 'tor': https://build.opensuse.org/request/show/96531 There is no name space separation between system users and actual logins. So especially for short names like the above there is a chance that it could collide with an already existing user name on some system. Having a system service running with the uid of an actual user isn't desirable. So what about mandating an extra prefix or suffix to (new) system user names like 'daemon' or 'service'? Ie in the above example the user name would be 'tor-daemon' or 'tor-service' instead of 'tor'. Other thoughts? cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
Am jeu 15 déc 2011 09:30:56 CET schrieb Ludwig Nussel <ludwig.nussel@suse.de>:
Hi,
There's a request to add a system user 'tor': https://build.opensuse.org/request/show/96531
There is no name space separation between system users and actual logins. So especially for short names like the above there is a chance that it could collide with an already existing user name on some system. Having a system service running with the uid of an actual user isn't desirable. So what about mandating an extra prefix or suffix to (new) system user names like 'daemon' or 'service'? Ie in the above example the user name would be 'tor-daemon' or 'tor-service' instead of 'tor'. Other thoughts?
Seems reasonable. I think suffix is better, otherwise you might lose valuable information when columns (e.g. in ps -ef) truncate long names. No preference between -service and -daemon. -- Jean -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On 2011-12-15 09:30:56 (+0100), Ludwig Nussel <ludwig.nussel@suse.de> wrote:
There's a request to add a system user 'tor': https://build.opensuse.org/request/show/96531
There is no name space separation between system users and actual logins. So especially for short names like the above there is a chance that it could collide with an already existing user name on some system. Having a system service running with the uid of an actual user isn't desirable. So what about mandating an extra prefix or suffix to (new) system user names like 'daemon' or 'service'? Ie in the above example the user name would be 'tor-daemon' or 'tor-service' instead of 'tor'. Other thoughts?
Sounds like an interesting idea. Another, more specific separator would have been even nicer (e.g. ":"), but that's not allowed in UNIX usernames. That being said, won't it be a massive pain in the bottom to migrate existing packages to that convention ? As well as for package upgrades ? cheers -- -o) Pascal Bleser /\\ http://opensuse.org -- we haz green _\_v http://fosdem.org -- we haz conf
On 16/12/11 16:19, Pascal Bleser wrote:
Sounds like an interesting idea. Another, more specific separator would have been even nicer (e.g. ":"), but that's not allowed in UNIX usernames.
Yes, It is a good idea, but Im not sure about the migration path... spec files would require modifications as well init/systemd config files. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Friday 16 December 2011, Pascal Bleser wrote:
On 2011-12-15 09:30:56 (+0100), Ludwig Nussel <ludwig.nussel@suse.de> wrote:
There's a request to add a system user 'tor': https://build.opensuse.org/request/show/96531
There is no name space separation between system users and actual logins. So especially for short names like the above there is a chance that it could collide with an already existing user name on some system. Having a system service running with the uid of an actual user isn't desirable. So what about mandating an extra prefix or suffix to (new) system user names like 'daemon' or 'service'? Ie in the above example the user name would be 'tor-daemon' or 'tor-service' instead of 'tor'. Other thoughts?
Sounds like an interesting idea. Another, more specific separator would have been even nicer (e.g. ":"), but that's not allowed in UNIX usernames.
That being said, won't it be a massive pain in the bottom to migrate existing packages to that convention ? As well as for package upgrades ?
I also think the idea seems reasonable but in practice renaming existing system users would be a real pain. I have synced my system users/uids across all systems and would not want to get them renamed on zypper dup and also would not want to see different names on fresh installations. Also note that tools like top only shows first 8 chars of user names or uid only if name is longer. What about maintaining a blacklist of names reserved for system users only? useradd or yast could respect that list somehow. BTW has anybody of you ever hit such user name conflict in practice? And if so wouldn't you notice and fix that quickly? cu, Rudi -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
Hello, Am Samstag, 17. Dezember 2011 schrieb Rüdiger Meier:
On Friday 16 December 2011, Pascal Bleser wrote:
On 2011-12-15 09:30:56 (+0100), Ludwig Nussel wrote:
So what about mandating an extra prefix or suffix to (new) system user names like 'daemon' or 'service'? ^^^^^ That being said, won't it be a massive pain in the bottom to migrate existing packages to that convention ? As well as for package upgrades ?
I guess there's a reason why Ludwig wrote "(new) system user" ;-) I agree that changing the existing system users would be a pain. OTOH avoiding possible conflicts at least for new system users is better than nothing. BTW: Should we do the same for the _groups_ used by daemons?
What about maintaining a blacklist of names reserved for system users only? useradd or yast could respect that list somehow.
Good idea. We have that list already [1] - copying it (automatically!) to the YaST package shouldn't be too hard.
BTW has anybody of you ever hit such user name conflict in practice? And if so wouldn't you notice and fix that quickly?
That depends ;-) If the system user exists first, you'll notice when you want to create the user. However if the "real" user exists first, the package installation will re-use this existing user, which means giving the daemon read and write access to the user's files... Oh well, if this ever happens in practise and the daemon has an AppArmor profile, I'll have a good argument to enable AppArmor by default again *g,d&r* Regards, Christian Boltz [1] in the target package of https://build.opensuse.org/request/show/96531 which I currently can't access (the build service errors out with "bad gateway") - in other words: sorry, no package and file name ;-) --
Es steht dir frei, dich auch auszutragen, damit du von Idioten wie David, Thorsten, Bernd, ... nicht weiter belästigt wirst. Und ich gehöre da nicht mehr dazu? [> Matthias Houdek und Florian Gross in suse-linux]
-- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
Christian Boltz wrote:
Am Samstag, 17. Dezember 2011 schrieb Rüdiger Meier:
On Friday 16 December 2011, Pascal Bleser wrote:
On 2011-12-15 09:30:56 (+0100), Ludwig Nussel wrote:
So what about mandating an extra prefix or suffix to (new) system user names like 'daemon' or 'service'? ^^^^^ That being said, won't it be a massive pain in the bottom to migrate existing packages to that convention ? As well as for package upgrades ?
I guess there's a reason why Ludwig wrote "(new) system user" ;-)
I agree that changing the existing system users would be a pain. OTOH avoiding possible conflicts at least for new system users is better than nothing.
Exactly. Maybe we don't need a hard policy either but rather only decide on a case by case basis. 'tor' certainly is something I'd like to see renamed as it's a) very short and b) a valid first name in some languages. Things like e.g. 'lightdm' on the other hand are rather unlikely to collide I suppose :-)
BTW: Should we do the same for the _groups_ used by daemons?
I guess conflicts there are less likely. Most daemons that also create a group simply use the same name for both user and group though.
What about maintaining a blacklist of names reserved for system users only? useradd or yast could respect that list somehow.
Good idea. We have that list already [1] - copying it (automatically!) to the YaST package shouldn't be too hard.
That doesn't help in networked environments (NIS, LDAP etc).
BTW has anybody of you ever hit such user name conflict in practice?
No. Fortunately the candidates for collision (like e.g. 'jonas') are usually not in core packages that are installed on every system.
And if so wouldn't you notice and fix that quickly?
That depends ;-)
If the system user exists first, you'll notice when you want to create the user.
... or when the real user wants to log in and can't because the system account is in /etc/passwd which has precedence over network db's. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Monday 19 December 2011, Ludwig Nussel wrote:
Christian Boltz wrote:
Am Samstag, 17. Dezember 2011 schrieb Rüdiger Meier:
On Friday 16 December 2011, Pascal Bleser wrote:
On 2011-12-15 09:30:56 (+0100), Ludwig Nussel wrote:
So what about mandating an extra prefix or suffix to (new) system user names like 'daemon' or 'service'?
^^^^^
That being said, won't it be a massive pain in the bottom to migrate existing packages to that convention ? As well as for package upgrades ?
I guess there's a reason why Ludwig wrote "(new) system user" ;-)
I agree that changing the existing system users would be a pain. OTOH avoiding possible conflicts at least for new system users is better than nothing.
Exactly. Maybe we don't need a hard policy either but rather only decide on a case by case basis. 'tor' certainly is something I'd like to see renamed as it's a) very short and b) a valid first name in some languages. Things like e.g. 'lightdm' on the other hand are rather unlikely to collide I suppose :-)
Ok, somehow I've missed that soft policy part for new users only. Anyway IMO would be nice to keep such usernames short (8 chars) such that ps shows them correctly per default. For this particual case, what about tord, torrun or torsys? cu, Rudi -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
BTW has anybody of you ever hit such user name conflict in practice?
No. Fortunately the candidates for collision (like e.g. 'jonas') are usually not in core packages that are installed on every system. On another system: Jenkins
I'm glad we don't have a Mr. Wwwrun in our company ;) - -- Ralf Lang Linux Consultant / Developer Tel.: +49-170-6381563 Mail: lang@b1-systems.de B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk82QTYACgkQCs1dsHJ/X7A89wCcCh30M+fy6UdgF/Sspk/X6b98 6VwAoOVQtHoY/w2caCK4yirtep8p4gUt =FIsZ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
Hello, On Thursday 15 Dec 2011 08:30:56 Ludwig Nussel wrote:
There's a request to add a system user 'tor': https://build.opensuse.org/request/show/96531
There is no name space separation between system users and actual logins. So especially for short names like the above there is a chance that it could collide with an already existing user name on some system. Having a system service running with the uid of an actual user isn't desirable. So what about mandating an extra prefix or suffix to (new) system user names like 'daemon' or 'service'? Ie in the above example the user name would be 'tor-daemon' or 'tor-service' instead of 'tor'. Other thoughts?
The request mentioned above has been merged manually to devel:openSUSE:Factrory:rpmlint / rpmlint by dirkmueller and the change is now pending to be added to openSUSE:Factory - #97074 The packages indirectly involved are network / tor and openSUSE:Factory / tor. Debian uses "debian-tor". The upstream sources specify: "_tor" in a sample spec file, other online examples use tor_d / daemon for the uid/gid. I agree in general that there is potential for conflicts. This, however, is not a new problem with "tor", but also with "amanda" and "jonas" which were already registered and are obviously far more popular. These are legacy and Ludwig proposed guidelines for new packages only. I don't see an immediate packaging issue, but as this is a new package to factory I am willing to update if there is consensus in -factory as to rules for the naming of daemon users for new packages, or at least regarding this particular package. With kind regards, Andreas Stieger -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On 2011-12-20 14:45:49 (+0000), Andreas Stieger <andreas.stieger@gmx.de> wrote:
On Thursday 15 Dec 2011 08:30:56 Ludwig Nussel wrote:
There's a request to add a system user 'tor': https://build.opensuse.org/request/show/96531
There is no name space separation between system users and actual logins. So especially for short names like the above there is a chance that it could collide with an already existing user name on some system. Having a system service running with the uid of an actual user isn't desirable. So what about mandating an extra prefix or suffix to (new) system user names like 'daemon' or 'service'? Ie in the above example the user name would be 'tor-daemon' or 'tor-service' instead of 'tor'. Other thoughts? [...] I don't see an immediate packaging issue, but as this is a new package to
Well, except the annoyance of %post %if 0%{?suse_version} >= 1220 useradd ... tord %else useradd ... tor %endif And that is probably going to bite us because (at least from my experience, or impression) most packages in openSUSE:Factory are only tailored to factory and probably won't be bothered to include backwards compatibility. And there are still quite a few packages that are maintained in openSUSE:Factory and then linked to other OBS projects.
factory I am willing to update if there is consensus in -factory as to rules for the naming of daemon users for new packages, or at least regarding this particular package.
cheers -- -o) Pascal Bleser /\\ http://opensuse.org -- we haz green _\_v http://fosdem.org -- we haz conf
Pascal Bleser wrote:
On 2011-12-20 14:45:49 (+0000), Andreas Stieger <andreas.stieger@gmx.de> wrote:
On Thursday 15 Dec 2011 08:30:56 Ludwig Nussel wrote:
There's a request to add a system user 'tor': https://build.opensuse.org/request/show/96531
There is no name space separation between system users and actual logins. So especially for short names like the above there is a chance that it could collide with an already existing user name on some system. Having a system service running with the uid of an actual user isn't desirable. So what about mandating an extra prefix or suffix to (new) system user names like 'daemon' or 'service'? Ie in the above example the user name would be 'tor-daemon' or 'tor-service' instead of 'tor'. Other thoughts? [...] I don't see an immediate packaging issue, but as this is a new package to
Well, except the annoyance of
%post %if 0%{?suse_version} >= 1220 useradd ... tord %else useradd ... tor %endif
tor never was in openSUSE so no such hacks needed. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
participants (8)
-
Andreas Stieger -
Christian Boltz -
Cristian Rodríguez -
Jean Delvare -
Ludwig Nussel -
Pascal Bleser -
Ralf Lang -
Rüdiger Meier