On Wed, May 22, 2013 at 09:13:18PM +0100, Daniel Walrond wrote: > As per policy 10.9 - Permissions and owners[0], opensmtpd requires > some system users for running non-root-privileged processes. I propose > to user the following dynamic accounts; opensmtpd, opensmtpq, opensmtpf.
Thanks for CCing me, which I assume was in my rĂ´le as base-passwd maintainer. I only really need to be involved if you need static IDs for some reason, rather than the normally-preferred method of using dynamic IDs via 'adduser --system'. If so, please give a short explanation of why that's the case. Policy 10.9 does say to check even dynamic names with the base-passwd maintainer, and I congratulate you for being one of the very few developers to read it in close enough detail to notice that. ;-) That wording should perhaps be revised, as neither I nor (as far as I know) any of my predecessors have kept a registry of all dynamic names used in Debian, only of the IDs we've allocated from the static ranges 0-99 and 60000-64999, so we aren't really in a position to perform a reliable check for name uniqueness. I'd normally just require that statically-allocated user/group names should be obviously derived either from your package name or, occasionally, from the name of one of the commands you ship, and that's generally good practice for dynamically-allocated names too. The names you suggest are close enough to your package name, and that package name is distinct enough, that I think there's very unlikely to be a clash and you should be fine. So, if all you need is dynamically-allocated IDs, then go ahead. Cheers, -- Colin Watson [cjwat...@debian.org] -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130522210821.gf5...@riva.ucam.org
