Package: debian-policy Version: 3.6.1.1 Priority: wishlist There is currently no policy on how should per-package users be created and removed. Eeven though the 'UID and GID classes' sections determines that packages _should_ use adduser --system in some occasions it doesn't describe why a package would want to do that.
IMHO it would be worthwhile writing in the policy that: - maintainers should strive to make daemons run as non-root users (this helps reduce the severity of many security bugs) - maintainers scripts should create a system user for their daemon in postinst. User creation should not fail if the user already exists (example code should be provided here, since this is sometimes not done properly in maintainer scripts). Maintainer scripts can ask to the admin if the user already exists. - maintainers scripts can remove users on purge of the package. This should only be done if the files created by the user are being removed in purge too. - package configuration files (under /etc) should not be owned by the package user (this is to prevent attacks to daemons that might introduce a way to modify their own configuration). In some occasions access to a file (since it includes sensitive information) needs to be restricted, for this, a group should be created and the files should be chowned root:group. (note that there is some *buggy* software in which the daemon needs to write to its configuration files) For reference here are some relevant discussions: (there are probably many more) http://lists.debian.org/debian-policy/2003/05/msg00022.html http://lists.debian.org/debian-devel/2001/09/msg01960.html http://lists.debian.org/debian-devel/2004/08/msg01798.html http://lists.debian.org/debian-devel/2004/05/msg01156.html http://lists.debian.org/debian-devel/2003/11/msg02231.html http://lists.debian.org/debian-devel/1996/05/msg00159.html http://lists.debian.org/debian-user/1996/05/msg00106.html http://lists.debian.org/debian-mentors/2004/10/msg00338.html If others agree I can go forward, write a proposal text for this and provide a patch. Regards Javier
signature.asc
Description: Digital signature