From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 84C9A1387FD for ; Wed, 26 Mar 2014 14:10:41 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 00BDBE0B82; Wed, 26 Mar 2014 14:10:35 +0000 (UTC) Received: from baptiste.telenet-ops.be (baptiste.telenet-ops.be [195.130.132.51]) by pigeon.gentoo.org (Postfix) with ESMTP id EFCBEE0B65 for ; Wed, 26 Mar 2014 14:10:33 +0000 (UTC) Received: from localhost ([94.226.55.127]) by baptiste.telenet-ops.be with bizsmtp id iEAZ1n00A2khLEN01EAZyP; Wed, 26 Mar 2014 15:10:33 +0100 Date: Wed, 26 Mar 2014 15:10:08 +0100 From: Tom Wijsman To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] RFC: Namespace for users created for packages Message-ID: <20140326151008.5de62b06@gentoo.org> In-Reply-To: <20140326133258.GB18451@susebook.ipv6.hrusecky.net> References: <20140326133258.GB18451@susebook.ipv6.hrusecky.net> X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.22; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Archives-Salt: c3c384d5-ad6b-44ce-95ed-a2c56baab9cf X-Archives-Hash: 63d2065e1dcf35780abc2e14c68b738f On Wed, 26 Mar 2014 14:32:58 +0100 Michal Hrusecky wrote: > Many packages need to add user and group names for their unprivileged > daemons. Many names are short for convenience, e.g. 'pop', 'vdr', > 'tor' or 'znc'. Since there is no separate name space for system > users those names may collide with names of real persons. Sharing a > user name between a system user and a normal user leads to surprising > or even security relevant misbehavior as the daemon user may write to > files in the real user's home or vice versa. > > Conclusion, in short, is to prefix system users (with some exceptions > like root or nobody) with underscore '_'. So you would get users like > '_pop', '_vdr', '_tor' or '_znc'. OpenBSD already does that[3]. > openSUSE proposal with more details can be seen on GitHub[4]. > > So the question is, what would you think about such a policy in > Gentoo? > > [1] http://lists.opensuse.org/opensuse-factory/2014-03/msg00333.html > [2] http://lists.opensuse.org/opensuse-packaging/2014-02/msg00136.html > [3] > http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/infrastructure/db/user.list?rev=HEAD;content-type=text%2Fplain > [4] > https://github.com/lnussel/osep_opensuse_usernames/blob/master/opensuse_usernames.txt +1, it also helps spot the difference between normal users and those that were made by the system; eg. `grep -v ^_ /etc/passwd` to only quickly only list normal users there (while you have 'added by portage' in this case you might not have that available in other cases). -- With kind regards, Tom Wijsman (TomWij) Gentoo Developer E-mail address : TomWij@gentoo.org GPG Public Key : 6D34E57D GPG Fingerprint : C165 AF18 AB4C 400B C3D2 ABF0 95B2 1FCD 6D34 E57D