On Wed, May 22, 2013 at 02:16:34PM -0700, Russ Allbery wrote: > We currently have no good policy about how to name system users, but > despite that I personally would recommend against using simple > alphanumeric usernames like those. (They are longer than eight > characters, which avoids some local namespaces, but not all.)
I've never been a fan of worrying about this, largely because the names that are really a practical problem are mostly the ones that have been around forever and that we're stuck with (things like "man" could well be a real name; I have a co-worker whose initials are apparently SSH; people occasionally try to use things like "staff"; and so on), while most of the ones that have been introduced more recently, and certainly the longer and/or more elaborate ones, are likely to be innocuous. Pragmatically, I wouldn't be inclined to lose any sleep over the chances of somebody having a local username called opensmtpd that wasn't actually for a local installation of this very same package. And our user/group namespace is such that it really almost has to be handled pragmatically. > There are two conventions that other packages have used to make it less > likely that system accounts will conflict with local usernames: > > * Append "Debian-" to the username, as in Debian-opensmtpd This was used by Debian-exim and not a lot else that I ever heard of. In my view this scheme rightly failed; plenty of simple system monitoring tools (top, ps, and the like) truncate long usernames in many modes or turn them into UIDs, and sticking a seven-character prefix on the front just seems to be trying to maximise the probability of trouble like this, even though it is certainly clear. Cheers, -- Colin Watson [cjwat...@debian.org] -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130522215516.gg5...@riva.ucam.org
