FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 11-15-2008, 06:49 AM
Vincent Bernat
 
Default system users

Hi!

,----[ http://wiki.debian.org/AccountHandlingInMaintainerScripts ]
| A collision free way to name system accounts should really be mentioned
| in Debian policy to stop this uncontrolled growth of different methods.
`----

Is it any progress on this matter? While more and more daemon become
unprivileged or "privilege separation"-able, we get more and more system
users.

On some systems like OpenBSD, all those users are starting with
underscore to avoid collision with real users. On Debian, I have never
seen this, even for packages that comes from OpenBSD (like openntpd
which uses "ntpd"). Is there some drawbacks with underscore?

Thanks.
--
# Okay, what on Earth is this one supposed to be used for?
2.4.0 linux/drivers/char/cp437.uni
 
Old 11-15-2008, 08:16 AM
Thomas Viehmann
 
Default system users

Hi,

Vincent Bernat wrote:
> On some systems like OpenBSD, all those users are starting with
> underscore to avoid collision with real users. On Debian, I have never
> seen this, even for packages that comes from OpenBSD (like openntpd
> which uses "ntpd"). Is there some drawbacks with underscore?

This has been discussed a couple of times, but IIRC without definitive
conclusion. "Debian-" and "debian-" seem to be as prefixes as well.
Maybe it is easiest to just go with something that is popular among
existing packages you care about.

Kind regards

T.
--
Thomas Viehmann, http://thomas.viehmann.net/


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-15-2008, 12:02 PM
Henrique de Moraes Holschuh
 
Default system users

On Sat, 15 Nov 2008, Vincent Bernat wrote:
> On some systems like OpenBSD, all those users are starting with
> underscore to avoid collision with real users. On Debian, I have never
> seen this, even for packages that comes from OpenBSD (like openntpd
> which uses "ntpd"). Is there some drawbacks with underscore?

None. In fact, is a damn good solution to the problem.

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-16-2008, 09:41 AM
Vincent Bernat
 
Default system users

OoO En cette matinée pluvieuse du samedi 15 novembre 2008, vers 10:16,
Thomas Viehmann <tv@beamnet.de> disait*:

>> On some systems like OpenBSD, all those users are starting with
>> underscore to avoid collision with real users. On Debian, I have never
>> seen this, even for packages that comes from OpenBSD (like openntpd
>> which uses "ntpd"). Is there some drawbacks with underscore?

> This has been discussed a couple of times, but IIRC without definitive
> conclusion. "Debian-" and "debian-" seem to be as prefixes as well.
> Maybe it is easiest to just go with something that is popular among
> existing packages you care about.

On systems that I have access to, there is Debian-exim and no user
starting with underscore. However, I have a lot of system users without
special prefixes. Do you have some popular packages with a system user
starting with "debian-" in mind?
--
No fortunes found
 
Old 11-16-2008, 09:41 AM
Vincent Bernat
 
Default system users

OoO En ce début d'après-midi nuageux du samedi 15 novembre 2008, vers
14:02, Henrique de Moraes Holschuh <hmh@debian.org> disait*:

>> On some systems like OpenBSD, all those users are starting with
>> underscore to avoid collision with real users. On Debian, I have never
>> seen this, even for packages that comes from OpenBSD (like openntpd
>> which uses "ntpd"). Is there some drawbacks with underscore?

> None. In fact, is a damn good solution to the problem.

Unfortunately, by default, NAME_REGEX does not allow the use of
underscore. The user needs to be created with --force-badname.
--
No fortunes found
 
Old 11-16-2008, 09:46 AM
Osamu Aoki
 
Default system users

On Sat, Nov 15, 2008 at 08:49:12AM +0100, Vincent Bernat wrote:
> Hi!
>
> ,----[ http://wiki.debian.org/AccountHandlingInMaintainerScripts ]
> | A collision free way to name system accounts should really be mentioned
> | in Debian policy to stop this uncontrolled growth of different methods.
> `----
>
> Is it any progress on this matter? While more and more daemon become
> unprivileged or "privilege separation"-able, we get more and more system
> users.
>
> On some systems like OpenBSD, all those users are starting with
> underscore to avoid collision with real users. On Debian, I have never
> seen this, even for packages that comes from OpenBSD (like openntpd
> which uses "ntpd"). Is there some drawbacks with underscore?

That is nice. We will be able to get reasonable output under ps command
for exim4 too.

Osamu


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-16-2008, 10:24 AM
Thomas Viehmann
 
Default system users

Vincent Bernat wrote:
>>> On some systems like OpenBSD, all those users are starting with
>>> underscore to avoid collision with real users. On Debian, I have never
>>> seen this, even for packages that comes from OpenBSD (like openntpd
>>> which uses "ntpd"). Is there some drawbacks with underscore?

>> This has been discussed a couple of times, but IIRC without definitive
>> conclusion. "Debian-" and "debian-" seem to be as prefixes as well.
^used
>> Maybe it is easiest to just go with something that is popular among
>> existing packages you care about.

> On systems that I have access to, there is Debian-exim and no user
> starting with underscore. However, I have a lot of system users without
> special prefixes. Do you have some popular packages with a system user
> starting with "debian-" in mind?

I was thinking about popular amongst Debian packages, not in popular
packages... tor has "debian-".

Kind regards

T.
--
Thomas Viehmann, http://thomas.viehmann.net/


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-16-2008, 10:33 AM
Sven Joachim
 
Default system users

On 2008-11-16 11:41 +0100, Vincent Bernat wrote:

> Unfortunately, by default, NAME_REGEX does not allow the use of
> underscore. The user needs to be created with --force-badname.

Why is that unfortunate? IMO it is good if system users have "bad"
names since that makes clashes with names for real users less likely.

Sven


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-16-2008, 05:18 PM
Vincent Bernat
 
Default system users

OoO En cette fin de matinée radieuse du dimanche 16 novembre 2008, vers
11:46, Osamu Aoki <osamu@debian.org> disait*:

>> On some systems like OpenBSD, all those users are starting with
>> underscore to avoid collision with real users. On Debian, I have never
>> seen this, even for packages that comes from OpenBSD (like openntpd
>> which uses "ntpd"). Is there some drawbacks with underscore?

> That is nice. We will be able to get reasonable output under ps command
> for exim4 too.

You are right. Too long usernames are displayed numerically.
--
BOFH excuse #258:
That's easy to fix, but I can't be bothered.
 
Old 11-20-2008, 04:54 PM
Vincent Bernat
 
Default system users

OoO En ce doux début de matinée du samedi 15 novembre 2008, vers 08:49,
je disais:

> ,----[ http://wiki.debian.org/AccountHandlingInMaintainerScripts ]
> | A collision free way to name system accounts should really be mentioned
> | in Debian policy to stop this uncontrolled growth of different methods.
> `----

> Is it any progress on this matter? While more and more daemon become
> unprivileged or "privilege separation"-able, we get more and more system
> users.

> On some systems like OpenBSD, all those users are starting with
> underscore to avoid collision with real users. On Debian, I have never
> seen this, even for packages that comes from OpenBSD (like openntpd
> which uses "ntpd"). Is there some drawbacks with underscore?

I wanted to file a wishlist bug against policy about this matter but
there is already one that exists:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248809

The bug is pretty old and the discussion stopped a few years ago. The
problem of too long usernames when using "Debian-" prefix was already
mentioned.

The possibility to use "_${package}" is mentioned once as an
example.

IMO, there are three advantages to using underscore:
- it defines a namespace (like using "Debian-" prefix)
- the name is kept short
- it is easy to spot those system names in ps or other tools

Is there some way to easily retrieve all postinst scripts to check how
adduser is called?
--
printk("autofs: Out of inode numbers -- what the heck did you do??
");
2.0.38 /usr/src/linux/fs/autofs/root.c
 

Thread Tools




All times are GMT. The time now is 08:35 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org