Bug#949390: Newly created package usernames should begin with an underscore

Russ Allbery rra at debian.org
Mon Jan 20 18:08:39 GMT 2020


Sean Whitton <spwhitton at spwhitton.name> writes:
> On Sun 05 Jan 2020 at 11:33PM +01, Philipp Kern wrote:

>>> --- a/policy/ch-opersys.rst
>>> +++ b/policy/ch-opersys.rst
>>> @@ -231,7 +231,10 @@ starting at 100.
>>>
>>>  Apart from this we should have dynamically allocated ids, which should
>>>  by default be arranged in some sensible order, but the behavior should
>>> -be configurable.
>>> +be configurable. When maintainers choose a new hardcoded or dynamically
>>> +generated username for packages to use, they should start this username
>>> +with an underscore. This minimizes collisions with locally created user
>>> +accounts.
>>>
>>>  Packages other than ``base-passwd`` must not modify ``/etc/passwd``,
>>>  ``/etc/shadow``, ``/etc/group`` or ``/etc/gshadow``.

> Seconded.

> Filing a separate bug for this as we ought to get it into the next
> Policy release to avoid creating any more cases that have to be migrated.

Seconded as well.  I don't see any reason why this part can't go in now.

The one thing that I think might be worth adding to this is to carve out
an explicit exception for users starting with systemd-*, since we're
unlikely to rename those and it seems reasonable to reserve that namespace
for the systemd project (which is somewhat unique in the number of
low-level users that it wants to create).  But we can deal with that in a
separate bug; this is only a should, so it doesn't require the systemd
maintainers do something different with new systemd users.

-- 
Russ Allbery (rra at debian.org)              <https://www.eyrie.org/~eagle/>



More information about the Pkg-systemd-maintainers mailing list