Re: Namespace for system users
- Date: Sat, 9 Feb 2019 13:51:10 +0100
- From: Guillem Jover <guillem@xxxxxxxxxx>
- Subject: Re: Namespace for system users
On Sat, 2019-02-09 at 13:10:27 +0100, Philipp Kern wrote:
> at work we have a large fleet of Debian machines, but also more than 200k
> user accounts with no reuse and somewhat painful rename experiences.
> Obviously an increasing number of accounts leads to a much increased risk of
> collisions with system users as created by Debian packages.
> Of course it is easy to precompile a basic list to ban users from taking
> names like postfix, bind, or sshd. But it will never be exhaustive, packages
> are still free to come up with random names and users are free to install
> them and see things break.
> Some core packages recently adding system users resorted to names like
> systemd-$daemon and _apt, which both address my concerns - as you can come
> up with simple rules like "no user might include [-_] in their username". On
> the other hand I know that Debian-* was painful and annoying for exim, but I
> suspect mostly because of the length of the username and tools dealing
> poorly with >8 character usernames. I think FreeBSD (among others?) picked
> the underscore at the front of the username. Intuitively that feels like a
> somewhat clean proposal that is also friendly to derivatives.
This has been discussed in the past (several times I think), the last
incarnation (AFAIR) started at:
IMO the only sensible option is to use the underscore prefix
convention. Because it is:
- vendor neutral, so less unnatural on say downstreams/forks
- has precedent on other systems, so less surprising
- short, so does cause less display/truncation issues
- less ugly
To that effect I sent a patch to adduser to allow these in #521883,
but it seems that's stuck. :/
> How do others deal with this problem? Could someone think of a viable
> approach on how to approach this from a policy side?
Unfortunately, last time it looked like there was some push bach, due
to there not being a clear winner in "current" practice at the time
AFAIR. I think a way forward would be to get that adduser patch merged,
then keep promoting the underscore usage, and possibly try to switch
existing users to use that.