On 2005-05-05 Marc Sherman <[EMAIL PROTECTED]> wrote: > It seems to me that the check_local_user router option should fail for > system users. Some packages that create system users already put them > in /etc/aliases pointing to root, but there are a number of system users > on my machine that are not currently aliased to root. This seems like a > maintenance hassle, and possibly a security problem.
> I suspect that if you agree with me, this would be a debian specific > patch, not something upstream would accept; the concept of system users > vs. regular users seems to be a debian concept introduced in adduser. Hello, I am currently strongly tending to close this bug as - unsolvable - cost/benefit. Solving is probably going to intoduce severe problems for some people while only only fixing a wishlist request otherwise. The main point is that "system user that should not receive any mail" is very hard to detect: UID is useless for that purpose in heterogen environments (centralized user-managment using NIS or LDAP.) In http://news.gmane.org/find-root.php?message_id=%3c443AA769.4050705%40bcgreen.com%3e Stephen Samuel <samnospam <at> bcgreen.com> writes: | I run a hybred Red-Hat/Debian system, (started on Red-Hat), so I | definitely have users in the 500-1000 | range. | I know that Solaris systems used to start at uid=100. | | In other words, dumping email just based on the UID seems like a | dangerous thing if you want to run in a mixed environment. Even somehow managing to detect whether the user was generated with adduser --system wouldn't help, as it seems to be perfectly allowable to have "adduser --system"-generated users receive mail (I could think of e.g. a ~/.forward-using e-mail bot running under a dedicated UID). http://news.gmane.org/find-root.php?message_id=%3c20060410174921.GB11258%40boogie.lpds.sztaki.hu%3e These reasons also apply to the alternative proposal #331716 (forwarding system-user mail automatically to root). cu andreas -- The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal vision of the emperor's, and its inclusion in this work does not constitute tacit approval by the author or the publisher for any such projects, howsoever undertaken. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
