Re: Package-created usernames

To: fw@deneb.enyo.de (Florian Weimer)
Cc: debian-ctte@lists.debian.org
Subject: Re: Package-created usernames
From: Bdale Garbee <bdale@gag.com>
Date: Sun, 30 Dec 2007 09:26:14 -0700
Message-id: <[🔎] 871w94w3mh.fsf@rover.gag.com>
Mail-followup-to: debian-ctte@lists.debian.org
In-reply-to: <list.debian.ctte%87tzmc6qkn.fsf@mid.deneb.enyo.de> (Florian Weimer's message of "21 Dec 07 15\:00\:08 GMT")
References: <list.debian.ctte%18261.52565.113902.559459@davenant.relativity.greenend.org.uk> <[🔎] 87abop94sd.fsf@rover.gag.com> <list.debian.ctte%87tzmc6qkn.fsf@mid.deneb.enyo.de>

fw@deneb.enyo.de (Florian Weimer) writes:

> * Bdale Garbee:
>
>> The second is whether it's acceptable for a Debian package to
>> *require* a specific username.
>
> There are a couple of setuid binaries which might have problems
> switching to a more flexible scheme.  I fear such a requirement might
> actually reduce overall security.

Right.  

After digesting the replies here and some off-list discussions, I 
now agree that while it is desireable for packages to be flexible about 
usernames to support the kinds of situations I described, requiring all 
Debian packages to be flexible in this way is not a reasonable objective.

Bdale

Reply to:

References:
- Re: Package-created usernames
  - From: Bdale Garbee <bdale@gag.com>

Prev by Date: Re: RFC3484 s6 rule 9 should not apply
Previous by thread: Re: Package-created usernames
Next by thread: RFC3484 s6 rule 9 should not apply
Index(es):
- Date
- Thread