Re: conflict between system user and normal user
Vincent Bernat <bernat@debian.org> writes:
> There was no consensus if I remember correctly. And many of the
> expressed voices preferred the `Debian-` prefix. As far as I am
> concerned, I don't understand why we can't follow systems that have
> solved this problem since years by adopting the underscore prefix (*BSD,
> OS X), with the additional "plus" that it keeps the name short to avoid
> truncation or replacement by uid.
I've started using underscore for my packages that introduce users.
I would really like to standardize on some prefix. I realize that Colin
(the base-passwd maintainer) doesn't feel like this is a big enough
problem to worry about, but I'm not sure if Colin has had the experience
of running central authentication services with >250,000 user accounts.
Most short alphanumeric patterns are taken over time, even if they don't
look like something someone would pick as a username. For example, we had
huge technical problems dealing with the conflict over "oracle," which
Oracle's software hard-codes as the database user, but which was already
the username of a student.
I like _ as a prefix because adduser doesn't allow the local sysadmin to
create accounts with that prefix without special flags, which I think
makes it a more useful reserved namespace.
The one piece that we do need if we're going to standardize, on top of an
agreement that standardization is useful, is an adduser --rename command.
There are a bunch of packages in the archive right now that stomp on the
normal account namespace (such as my own lbcd package), but removing and
recreating the user has a ton of problems. If there were a way that I
could just rename the system lbcd user to _lbcd, with some additional
sanity checks, I would do so, and deal with the required updates to the
init script and similar configurations.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: