Web lists-archives.com

Re: Namespace for system users




Hi!

On Sat, 2019-02-09 at 13:10:27 +0100, Philipp Kern wrote:
> at work we have a large fleet of Debian machines, but also more than 200k
> user accounts with no reuse and somewhat painful rename experiences.
> Obviously an increasing number of accounts leads to a much increased risk of
> collisions with system users as created by Debian packages.

Yes. :(

> Of course it is easy to precompile a basic list to ban users from taking
> names like postfix, bind, or sshd. But it will never be exhaustive, packages
> are still free to come up with random names and users are free to install
> them and see things break.
> 
> Some core packages recently adding system users resorted to names like
> systemd-$daemon and _apt, which both address my concerns - as you can come
> up with simple rules like "no user might include [-_] in their username". On
> the other hand I know that Debian-* was painful and annoying for exim, but I
> suspect mostly because of the length of the username and tools dealing
> poorly with >8 character usernames. I think FreeBSD (among others?) picked
> the underscore at the front of the username. Intuitively that feels like a
> somewhat clean proposal that is also friendly to derivatives.

This has been discussed in the past (several times I think), the last
incarnation (AFAIR) started at:

  <https://lists.debian.org/debian-devel/2016/10/msg00546.html>

IMO the only sensible option is to use the underscore prefix
convention. Because it is:

 - vendor neutral, so less unnatural on say downstreams/forks
 - has precedent on other systems, so less surprising
 - short, so does cause less display/truncation issues
 - less ugly

To that effect I sent a patch to adduser to allow these in #521883,
but it seems that's stuck. :/

> How do others deal with this problem? Could someone think of a viable
> approach on how to approach this from a policy side?

Unfortunately, last time it looked like there was some push bach, due
to there not being a clear winner in "current" practice at the time
AFAIR. I think a way forward would be to get that adduser patch merged,
then keep promoting the underscore usage, and possibly try to switch
existing users to use that.

Thanks,
Guillem