Bug#949390: Newly created package usernames should begin with an underscore

2020-01-20 Thread Russ Allbery 
Sean Whitton  writes:
> On Sun 05 Jan 2020 at 11:33PM +01, Philipp Kern wrote:

>>> --- a/policy/ch-opersys.rst
>>> +++ b/policy/ch-opersys.rst
>>> @@ -231,7 +231,10 @@ starting at 100.
>>>
>>>  Apart from this we should have dynamically allocated ids, which should
>>>  by default be arranged in some sensible order, but the behavior should
>>> -be configurable.
>>> +be configurable. When maintainers choose a new hardcoded or dynamically
>>> +generated username for packages to use, they should start this username
>>> +with an underscore. This minimizes collisions with locally created user
>>> +accounts.
>>>
>>>  Packages other than ``base-passwd`` must not modify ``/etc/passwd``,
>>>  ``/etc/shadow``, ``/etc/group`` or ``/etc/gshadow``.

> Seconded.

> Filing a separate bug for this as we ought to get it into the next
> Policy release to avoid creating any more cases that have to be migrated.

Seconded as well.  I don't see any reason why this part can't go in now.

The one thing that I think might be worth adding to this is to carve out
an explicit exception for users starting with systemd-*, since we're
unlikely to rename those and it seems reasonable to reserve that namespace
for the systemd project (which is somewhat unique in the number of
low-level users that it wants to create).  But we can deal with that in a
separate bug; this is only a should, so it doesn't require the systemd
maintainers do something different with new systemd users.

-- 
Russ Allbery (r...@debian.org)

Bug#949390: Newly created package usernames should begin with an underscore

2020-01-20 Thread Sean Whitton 
Package: debian-policy
Version: 4.4.1.2
Tags: patch

Hello,

On Sun 05 Jan 2020 at 11:33PM +01, Philipp Kern wrote:

>> --- a/policy/ch-opersys.rst
>> +++ b/policy/ch-opersys.rst
>> @@ -231,7 +231,10 @@ starting at 100.
>>
>>  Apart from this we should have dynamically allocated ids, which should
>>  by default be arranged in some sensible order, but the behavior should
>> -be configurable.
>> +be configurable. When maintainers choose a new hardcoded or dynamically
>> +generated username for packages to use, they should start this username
>> +with an underscore. This minimizes collisions with locally created user
>> +accounts.
>>
>>  Packages other than ``base-passwd`` must not modify ``/etc/passwd``,
>>  ``/etc/shadow``, ``/etc/group`` or ``/etc/gshadow``.

Seconded.

Filing a separate bug for this as we ought to get it into the next
Policy release to avoid creating any more cases that have to be migrated.

-- 
Sean Whitton


signature.asc
Description: PGP signature