Re: conflict between system user and normal user
Simon McVittie smcv at debian.org writes: If we standardize on _* (or capital letters or whatever) for packaged Users with capital letters sometimes cannot receive eMail correctly. (Using _ in my packages since I think the BSDs’ approach sensible.) accounts, then adduser --system could also start accepting _* without needing --force-badname, if desired. No. “adduser --system” is for the local admin to use, too, and _they_ should have the extra warning. bye, //mirabilos -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/loom.20140211t123222-...@post.gmane.org
Re: conflict between system user and normal user
previously on this list Peter Palfrader contributed: I would really like to standardize on some prefix. I like _ as a prefix because adduser doesn't allow the local sysadmin to create accounts with that prefix without special flags, which I think makes it a more useful reserved namespace. Just a me too: If we could actually agree and document in policy that the _ prefix is the way to go that'd be great. I'd be more than happy to rename debian-tor to _tor for instance. Guidance (or even code) on how to properly rename existing system users would be appreciated. OpenBSD uses _ntp for ntpd and apparently all services since just after sshd was added to base, so there is some synergy there. Apparently it happened to ensure no namespace collision of system bundled services. On OpenBSD I use the same syntax when adding things like my automounter user for my hotplugd script. So I'd agree with the underscore but see the not allowing the local sysadmin to create accounts easily with it as a bad thing as they could perfectly well want to avoid collisions with packages as much as a debian dev. It is the admins system primarily after all and purposefully getting in the way is completely wrong in my opinion, warnings even with relentless beeping if you must. This is something I disagree with the stance on udev about for removing LAST_ACTION too. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd ___ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/648834.53502...@smtp102.mail.ir2.yahoo.com
Re: conflict between system user and normal user
On 10/02/14 13:46, Kevin Chadwick wrote: So I'd agree with the underscore but see the not allowing the local sysadmin to create accounts easily with it as a bad thing as they could perfectly well want to avoid collisions with packages as much as a debian dev. A concrete example, please? If you (as local sysadmin) always create accounts matching [a-z]*, and Debian packages always create accounts matching _*, then your local actions can't collide with Debian packages. If you're creating and installing a local .deb package, then you could use exactly the same mechanism that Debian developers do; there's no functional difference between an official Debian .deb, an Ubuntu .deb, and a locally-created .deb. You presumably control the namespace in which your users are allowed to create accounts, so if you're worried about collisions between your users' account names and your local system accounts' names, you can use whatever namespacing you want to. For instance, I use accounts with - in for service accounts, like smtp-foo and backup-foo to receive authenticated SMTP submissions and periodic backups from machine foo, and I don't create real person accounts with - in them. It is the admins system primarily after all and purposefully getting in the way is completely wrong in my opinion, warnings even with relentless beeping if you must. You can always force it with adduser --force-badname if you need to. If we standardize on _* (or capital letters or whatever) for packaged accounts, then adduser --system could also start accepting _* without needing --force-badname, if desired. S -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/52f8de7d.3030...@debian.org
Re: conflict between system user and normal user
previously on this list Simon McVittie contributed: So I'd agree with the underscore but see the not allowing the local sysadmin to create accounts easily with it as a bad thing as they could perfectly well want to avoid collisions with packages as much as a debian dev. A concrete example, please? If you (as local sysadmin) always create accounts matching [a-z]*, and Debian packages always create accounts matching _*, then your local actions can't collide with Debian packages. Oops, I guess I read it too fast, sorry for wasting your time. I thought system accounts were going to get the underscore. Which means the preventing admin makes more sense but the synergy possibly being the opposite. In any case, before this morning I thought OpenBSD underscored users were chrooted or something along those lines and it turns out it was the Absolute OpenBSD book that says they are unpriviledged users which from taking a look stands up with mysql package/port unpriviledged user also using underscore. The fact that basically all of the daemons are unpriviledged is a testament to OpenBSD I guess. So the mailing list thread I based OpenBSD using underscore for non base users was wrong despite being made by a usually reliable source or actually I'm guessing has possibly changed now that basically all base daemons are unpriviledged. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd ___ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/84316.34880...@smtp108.mail.ir2.yahoo.com
Re: conflict between system user and normal user
❦ 7 février 2014 10:52 CET, Paul Wise p...@debian.org : Choose a name which is less likely to conflict, e.g. exim uses Debian-exim. I think consensus was converging on prefixing an underscore for system users (_foo) last time we discussed this. There was no consensus if I remember correctly. And many of the expressed voices preferred the `Debian-` prefix. As far as I am concerned, I don't understand why we can't follow systems that have solved this problem since years by adopting the underscore prefix (*BSD, OS X), with the additional plus that it keeps the name short to avoid truncation or replacement by uid. -- Use variable names that mean something. - The Elements of Programming Style (Kernighan Plauger) signature.asc Description: PGP signature
Re: conflict between system user and normal user
Vincent Bernat ber...@debian.org writes: There was no consensus if I remember correctly. And many of the expressed voices preferred the `Debian-` prefix. As far as I am concerned, I don't understand why we can't follow systems that have solved this problem since years by adopting the underscore prefix (*BSD, OS X), with the additional plus that it keeps the name short to avoid truncation or replacement by uid. I've started using underscore for my packages that introduce users. I would really like to standardize on some prefix. I realize that Colin (the base-passwd maintainer) doesn't feel like this is a big enough problem to worry about, but I'm not sure if Colin has had the experience of running central authentication services with 250,000 user accounts. Most short alphanumeric patterns are taken over time, even if they don't look like something someone would pick as a username. For example, we had huge technical problems dealing with the conflict over oracle, which Oracle's software hard-codes as the database user, but which was already the username of a student. I like _ as a prefix because adduser doesn't allow the local sysadmin to create accounts with that prefix without special flags, which I think makes it a more useful reserved namespace. The one piece that we do need if we're going to standardize, on top of an agreement that standardization is useful, is an adduser --rename command. There are a bunch of packages in the archive right now that stomp on the normal account namespace (such as my own lbcd package), but removing and recreating the user has a ton of problems. If there were a way that I could just rename the system lbcd user to _lbcd, with some additional sanity checks, I would do so, and deal with the required updates to the init script and similar configurations. -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87y51lmhsn@windlord.stanford.edu
Re: conflict between system user and normal user
Quoting Russ Allbery (2014-02-08 22:11:04) The one piece that we do need if we're going to standardize, on top of an agreement that standardization is useful, is an adduser --rename command. There are a bunch of packages in the archive right now that stomp on the normal account namespace (such as my own lbcd package), but removing and recreating the user has a ton of problems. If there were a way that I could just rename the system lbcd user to _lbcd, with some additional sanity checks, I would do so, and deal with the required updates to the init script and similar configurations. Seems you are essentially talking about this; usermod -l $NEWNAME $OLDNAME What would such --rename option to adduser script contain, beyond that? -- * Jonas Smedegaard - idealist Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Re: conflict between system user and normal user
Jonas Smedegaard d...@jones.dk writes: Seems you are essentially talking about this; usermod -l $NEWNAME $OLDNAME What would such --rename option to adduser script contain, beyond that? Ah, I was looking in the wrong place. Thanks! I would like something to check that the account is a system account, but that's the only other thing that occurs to me. I'm not sure if it would need a debconf prompt before making the change. (I'd prefer not, but as we found with base-passwd, people end up using system accounts for all sorts of odd things.) -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87lhxlmg6u@windlord.stanford.edu
Re: conflict between system user and normal user
On Sat, 08 Feb 2014, Russ Allbery wrote: I would really like to standardize on some prefix. I like _ as a prefix because adduser doesn't allow the local sysadmin to create accounts with that prefix without special flags, which I think makes it a more useful reserved namespace. Just a me too: If we could actually agree and document in policy that the _ prefix is the way to go that'd be great. I'd be more than happy to rename debian-tor to _tor for instance. Guidance (or even code) on how to properly rename existing system users would be appreciated. Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal http://www.palfrader.org/ | `. `' Operating System | `-http://www.debian.org/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2014020900.ga14...@anguilla.noreply.org
conflict between system user and normal user
Hello, I am the maintainer of the tango package which contain the tango-db binary. This tango-db provide a service called tango-db which connect to a mysql database. I follow the debian-policy to create a dedicated system user for this services. So I used the tango user which is the name of the community in charge of the tango-control system. during the installation I generate a .my.cnf in the system user tango home which I set under /usr/lib/tango in the package now If a non-system user tango exist the home is not /usr/lib/tango but most probably /hom/tango. so the installation process faild because it can not create the /usr/lib/tango/.my.cnf What is the correct way to deal with this kind of problem ? I cannot find in the policy something about conflict between system and non-system user. thanks Frederic -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/a2a20ec3b8560d408356cac2fc148e53b1dea...@sun-dag3.synchrotron-soleil.fr
Re: conflict between system user and normal user
On Fri, Feb 7, 2014 at 5:48 PM, Neil Williams wrote: Choose a name which is less likely to conflict, e.g. exim uses Debian-exim. I think consensus was converging on prefixing an underscore for system users (_foo) last time we discussed this. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caktje6fwag2rhxs9genqtxuzwtmdjuzy6aspkh9h2q3s5w9...@mail.gmail.com
Re: conflict between system user and normal user
On Fri, 7 Feb 2014 08:57:32 + PICCA Frederic-Emmanuel frederic-emmanuel.pi...@synchrotron-soleil.fr wrote: Hello, I am the maintainer of the tango package which contain the tango-db binary. This tango-db provide a service called tango-db which connect to a mysql database. I follow the debian-policy to create a dedicated system user for this services. So I used the tango user which is the name of the community in charge of the tango-control system. Choose a name which is less likely to conflict, e.g. exim uses Debian-exim. -- Neil Williams = http://www.linux.codehelp.co.uk/ signature.asc Description: PGP signature
re: conflict between system user and normal user
What is the correct way to deal with this kind of problem ? I cannot find in the policy something about conflict between system and non-system user. I don't think there is much that can reall be done to fix the fundamental problem which is that system users and regular users have to live in the same namespace causing a risk of conflicts. There are two things I can see you could do to impreove the situation with your package. 1: Fail early, it's better to have preinst fail than it is to start creating stuff with wrong permissions/ownership. 2: Choose a less generic name that is less likely to cause conflicts. Do you plan to use this user only for the db? if so tango-db might make sense, if not maybe something like tango-control-system. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/52f4b091.5020...@p10link.net
Re: conflict between system user and normal user
* Paul Wise p...@debian.org, 2014-02-07, 17:52: Choose a name which is less likely to conflict, e.g. exim uses Debian-exim. I think consensus was converging on prefixing an underscore for system users (_foo) last time we discussed this. Well, #248809 is still open… -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140207101428.ga5...@jwilk.net
Re: conflict between system user and normal user
On Fri, 7 Feb 2014 10:15:18 + PICCA Frederic-Emmanuel frederic-emmanuel.pi...@synchrotron-soleil.fr wrote: I don't think there is much that can reall be done to fix the fundamental problem which is that system users and regular users have to live in the same namespace causing a risk of conflicts. There are two things I can see you could do to impreove the situation with your package. 1: Fail early, it's better to have preinst fail than it is to start creating stuff with wrong permissions/ownership. Yes I nedd to faisl with a human comprehensible error explaining that the requested users is already there but that is not a system user. Just use a generic name and be done with it. 2: Choose a less generic name that is less likely to cause conflicts. Do you plan to use this user only for the db? if so tango-db might make sense, if not maybe something like tango-control-system. no this user will be used by all tango controls system daemon. The name should not be hardcoded - if it is, patch upstream in each case and fix it. Don't waste your time and user time on a hacky workaround - fix the code. -- Neil Williams = http://www.linux.codehelp.co.uk/ signature.asc Description: PGP signature
Re: conflict between system user and normal user
On 2014-02-07 09:57, PICCA Frederic-Emmanuel wrote: during the installation I generate a .my.cnf in the system user tango home which I set under /usr/lib/tango in the package That should be under /var, not /usr, especially if you dynamically generate stuff there. And if that is a configuration file that is supposed to be editable by the admin, it should live in /etc (maybe using a different name, and/or a subdirectory), symlinked from the tango users home. Andreas -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/52f52c59.4010...@debian.org