Hey. The following probably doesn't qualify yet for a proper release goal proposal (I haven't written a wikipage yet)... further as non-DD I'm not sure how far I could actually coordinate that. So take that rather as presenting and idea[0] and asking for comments&feedback than a commitment to spend an FTE on it ;-) Nevertheless it may be found useful, so here it is for discussion: I think there should be a "reserved" namespace for users and groups, created by Debian packages. Maybe even further namespaces for other use cases (e.g. 3rd party packages). Right now, we have many daemons and other programs, which create their own users/and or groups, and while it may seem sometimes obvious that a name like, I don't know, "pulse" "belongs" to the Pulseaudio daemon, others may have never heard of that and may use the name completely differently, e.g. "Peter ULstein [from] SwEden" (bad example admittedly). In the best case, nothing happens at such collisions, in more worse cases things may just break, and it the worst (and unfortunately most likeliest case) it would cause some silent security problem (since different users/groups are typically used for privilege separation). A solution would be "namespaces" - that is namespaces by convention/definition. We could e.g. say names starting with "debian_" or "_debian_" or whatever may seem appropriate (and a conforming user name) must be expected to be used by Debian packages without further notice. Some packages already do this, e.g. there's"Debian-gdm" and "debian -sks". "debian-security-support" probably does it by accident ;-) The long term goal would be, that package are not allowed to use names outside that namespace, unless the user manually chose to (e.g. during debconf configuration - but even there the default should be a name in the Debian namespace). There should be also a small and well defined list of exceptions (unless people really insist on debian_root ;-P). /usr/share/doc/base-passwd/users-and-groups.txt.gz is surely the starting point for such exceptions. But at least personally, I'd be happy if that list could be trimmed down. E.g. I don't see why Majordomo, GNATS, postfix or PostgreSQL would need their name reserved outside the namespace. Maybe I miss some technical details but the same applies perhaps to messagebus, haldaemon (which is dead anyway), gdm, saned, fetchmail, cupsys, sshd. If the user/group name of such packages would really need to be known by other packages, then one should rather properly store it in some config file and have it read from there. Best wishes, Chris. [0] And yes I'm sure I'm not the first one who had it. So credits don't go to me.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature