From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 3881A1387FD for ; Wed, 26 Mar 2014 14:50:00 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 848D6E0B89; Wed, 26 Mar 2014 14:49:54 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 8D347E0AC8 for ; Wed, 26 Mar 2014 14:49:53 +0000 (UTC) Received: by smtp.gentoo.org (Postfix, from userid 617) id D1A0233FB91; Wed, 26 Mar 2014 14:49:52 +0000 (UTC) Date: Wed, 26 Mar 2014 14:49:52 +0000 From: Sven Vermeulen To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] RFC: Namespace for users created for packages Message-ID: <20140326144952.GA6650@gentoo.org> Mail-Followup-To: gentoo-dev@lists.gentoo.org References: <20140326133258.GB18451@susebook.ipv6.hrusecky.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline In-Reply-To: <20140326133258.GB18451@susebook.ipv6.hrusecky.net> User-Agent: Mutt/1.5.21 (2010-09-15) X-Archives-Salt: 84f6c691-080c-4b98-8319-eeadcba8f190 X-Archives-Hash: 249839071a403597abe4a679a8e32d61 On Wed, Mar 26, 2014 at 02:32:58PM +0100, Michal Hrusecky wrote: > Hi all, > > interesting discussion started in openSUSE mailing list[1][2] and I would like > to open up the same question on this mailing list. > > Basically it is about the following problem. Citing parts of proposal: > > Many packages need to add user and group names for their unprivileged daemons. > Many names are short for convenience, e.g. 'pop', 'vdr', 'tor' or 'znc'. Since > there is no separate name space for system users those names may collide with > names of real persons. Sharing a user name between a system user and a normal > user leads to surprising or even security relevant misbehavior as the daemon > user may write to files in the real user's home or vice versa. > > Conclusion, in short, is to prefix system users (with some exceptions like root > or nobody) with underscore '_'. So you would get users like '_pop', '_vdr', > '_tor' or '_znc'. OpenBSD already does that[3]. openSUSE proposal with more > details can be seen on GitHub[4]. > > So the question is, what would you think about such a policy in Gentoo? I'm in favor. It shouldn't be used as *the* check to make sure that an account is a functional (non-interactive/daemon) account (for that there is also the user id range and so on) but for visibility it's definitely worth persuing. Wkr, Sven Vermeulen