Web lists-archives.com

Re: Namespace for system users




On Sat, 09 Feb 2019 at 13:10:27 +0100, Philipp Kern wrote:
> Obviously an increasing number of accounts leads to a much increased risk of
> collisions with system users as created by Debian packages.

This topic comes up every so often and doesn't ever seem to come to a
conclusion.

One complicating factor is that after a package has created its system
user, renaming that system user is difficult and has a high regression
risk, so most packages that already have a system user will need a
permanent exception from whatever naming policy we choose.

> I think FreeBSD (among others?) picked
> the underscore at the front of the username. Intuitively that feels like a
> somewhat clean proposal that is also friendly to derivatives.

This seems a good idea to me, and if I remember correctly, it is the
closest there has been to a consensus. _apt is a prominent example.

Names that contain a dash and are namespaced by the name of an upstream
project (systemd-network, libvirt-qemu, quake2-server) or are namespaced
by Debian (Debian-gdm, debian-tor) also seem reasonably unlikely to
collide.

I think it would be a good idea to deprecate system user names that don't have
any particular punctuation (avahi, clamav, messagebus, uuidd), although again,
fixing existing instances of this anti-pattern is problematic.

    smcv