Bug#949390: Newly created package usernames should begin with an underscore
Russ Allbery
rra at debian.org
Mon Jan 20 18:08:39 GMT 2020
Sean Whitton <spwhitton at spwhitton.name> writes:
> On Sun 05 Jan 2020 at 11:33PM +01, Philipp Kern wrote:
>>> --- a/policy/ch-opersys.rst
>>> +++ b/policy/ch-opersys.rst
>>> @@ -231,7 +231,10 @@ starting at 100.
>>>
>>> Apart from this we should have dynamically allocated ids, which should
>>> by default be arranged in some sensible order, but the behavior should
>>> -be configurable.
>>> +be configurable. When maintainers choose a new hardcoded or dynamically
>>> +generated username for packages to use, they should start this username
>>> +with an underscore. This minimizes collisions with locally created user
>>> +accounts.
>>>
>>> Packages other than ``base-passwd`` must not modify ``/etc/passwd``,
>>> ``/etc/shadow``, ``/etc/group`` or ``/etc/gshadow``.
> Seconded.
> Filing a separate bug for this as we ought to get it into the next
> Policy release to avoid creating any more cases that have to be migrated.
Seconded as well. I don't see any reason why this part can't go in now.
The one thing that I think might be worth adding to this is to carve out
an explicit exception for users starting with systemd-*, since we're
unlikely to rename those and it seems reasonable to reserve that namespace
for the systemd project (which is somewhat unique in the number of
low-level users that it wants to create). But we can deal with that in a
separate bug; this is only a should, so it doesn't require the systemd
maintainers do something different with new systemd users.
--
Russ Allbery (rra at debian.org) <https://www.eyrie.org/~eagle/>
More information about the Pkg-systemd-maintainers
mailing list