Re: Seeking consensus for some changes in adduser

To: debian-devel@lists.debian.org
Subject: Re: Seeking consensus for some changes in adduser
From: Simon McVittie <smcv@debian.org>
Date: Wed, 9 Mar 2022 14:16:55 +0000
Message-id: <[🔎] Yii21xwQ1OuvLzkQ@momentum.pseudorandom.co.uk>
In-reply-to: <[🔎] 40cca538-7b1b-c111-90a0-27c3948b4ba6@aixigo.com>
References: <[🔎] YieJALY0ny0+07pw@torres.zugschlus.de> <[🔎] 40cca538-7b1b-c111-90a0-27c3948b4ba6@aixigo.com>

On Wed, 09 Mar 2022 at 14:10:04 +0100, Harald Dunkel wrote:
> I think it would be helpful to define "system account" and "normal user".
> Neither adduser(8) nor useradd(8) provide a sufficient definition,
> especially wrt the existing network directory services (LDAP, AD, etc).
> Is a "system user" supposed to be a local account, defined in /etc/passwd
> only?

I think the intention is:

- a system account is a uid used internally by system services
  (some common examples: www-data, messagebus, Debian-exim, _apt)

- a normal user is either an account representing a person
  (like the 'smcv' user on Debian infrastructure), or a "role" account
  shared by several people but otherwise used in the same way as an
  account representing a person (like the "release" user on Debian
  infrastructure, which is used by the release team)

That definition doesn't say anything about whether a system user
is defined locally or in a directory service, but there are serious
practical problems with managing system users via directory services,
so system users should usually (always?) be defined locally.
Normal users can either be local or in a directory service.

In particular, if an early-boot service (like systemd or udev) or
a service that might be required before networking comes up (like
dbus-daemon) needs to know about a system user, then the system user
must be defined locally, to avoid sequencing problems during boot.

> Related question: How are naming collisions between local entries and
> the entries in a network directory service supposed to be handled?

Debian Policy now encourages new system accounts to be created with
an underscore prefix (like _apt and _flatpak), so that they will not
collide with human users' login names. This convention was borrowed
from one of the BSDs, as a pragmatic way to reserve a namespace while
keeping account names short.

System accounts that existed before that Policy change have a bewildering
variety of naming conventions, and renaming a pre-existing account is
not straightforward, so older system account naming conventions like
Debian-exim, systemd-coredump, debian-tor and messagebus (dbus-daemon)
will unfortunately continue to exist for a long time.

    smcv

Reply to:

References:
- Seeking consensus for some changes in adduser
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Seeking consensus for some changes in adduser
  - From: Harald Dunkel <harald.dunkel@aixigo.com>

Prev by Date: Re: Seeking consensus for some changes in adduser
Next by Date: Re: proposed MBF: packages still using source format 1.0
Previous by thread: Re: Seeking consensus for some changes in adduser
Next by thread: Re: Seeking consensus for some changes in adduser
Index(es):
- Date
- Thread