Re: ITP: opensmtpd -- Simple Mail Transfer Protocol daemon
On Wed, May 22, 2013 at 09:13:18PM +0100, Daniel Walrond wrote:
> As per policy 10.9 - Permissions and owners[0], opensmtpd requires
> some system users for running non-root-privileged processes. I propose
> to user the following dynamic accounts; opensmtpd, opensmtpq, opensmtpf.
Thanks for CCing me, which I assume was in my rôle as base-passwd
maintainer. I only really need to be involved if you need static IDs
for some reason, rather than the normally-preferred method of using
dynamic IDs via 'adduser --system'. If so, please give a short
explanation of why that's the case.
Policy 10.9 does say to check even dynamic names with the base-passwd
maintainer, and I congratulate you for being one of the very few
developers to read it in close enough detail to notice that. ;-) That
wording should perhaps be revised, as neither I nor (as far as I know)
any of my predecessors have kept a registry of all dynamic names used in
Debian, only of the IDs we've allocated from the static ranges 0-99 and
60000-64999, so we aren't really in a position to perform a reliable
check for name uniqueness.
I'd normally just require that statically-allocated user/group names
should be obviously derived either from your package name or,
occasionally, from the name of one of the commands you ship, and that's
generally good practice for dynamically-allocated names too. The names
you suggest are close enough to your package name, and that package name
is distinct enough, that I think there's very unlikely to be a clash and
you should be fine. So, if all you need is dynamically-allocated IDs,
then go ahead.
Cheers,
--
Colin Watson [cjwatson@debian.org]
Reply to: