[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ITP: opensmtpd -- Simple Mail Transfer Protocol daemon



On Wed, May 22, 2013 at 09:13:18PM +0100, Daniel Walrond wrote:
> As per policy 10.9 - Permissions and owners[0], opensmtpd requires
> some system users for running non-root-privileged processes. I propose
> to user the following dynamic accounts; opensmtpd, opensmtpq, opensmtpf.

Thanks for CCing me, which I assume was in my rôle as base-passwd
maintainer.  I only really need to be involved if you need static IDs
for some reason, rather than the normally-preferred method of using
dynamic IDs via 'adduser --system'.  If so, please give a short
explanation of why that's the case.

Policy 10.9 does say to check even dynamic names with the base-passwd
maintainer, and I congratulate you for being one of the very few
developers to read it in close enough detail to notice that. ;-)  That
wording should perhaps be revised, as neither I nor (as far as I know)
any of my predecessors have kept a registry of all dynamic names used in
Debian, only of the IDs we've allocated from the static ranges 0-99 and
60000-64999, so we aren't really in a position to perform a reliable
check for name uniqueness.

I'd normally just require that statically-allocated user/group names
should be obviously derived either from your package name or,
occasionally, from the name of one of the commands you ship, and that's
generally good practice for dynamically-allocated names too.  The names
you suggest are close enough to your package name, and that package name
is distinct enough, that I think there's very unlikely to be a clash and
you should be fine.  So, if all you need is dynamically-allocated IDs,
then go ahead.

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]


Reply to: