[Fedora-packaging] Re: Possible UsersAndGroupsDraft
Simo Sorce
ssorce at redhat.com
Thu Jun 14 17:43:29 UTC 2007
On Thu, 2007-06-14 at 19:31 +0200, Axel Thimm wrote:
> On Thu, Jun 14, 2007 at 01:21:28PM -0400, Simo Sorce wrote:
> > Axel, you couldn't choose a worst example :)
>
> I didn't choose it, it's in the proposal.
I know :)
> > Amanda is also a real name (female in Italy), so it is plausible that
> > you have such user in your system.
>
> I know, it's very popular name especially in the US. I'm currently
> reading baby name books ... ;)
wow :)
> > It is also entirely possible that the admin does not know that such user
> > exists as users may come from ldap,nis,winbindd and not created by such
> > admin but by someone else.
>
> Well in that spirit it is also possible that the master admin manages
> /usr/local and has put something else called amanda in there. The
> point is we can't cater for all possible local configurations like
> split adminstration, we need to make some assumptions to remain sane.
ok, I should have used the term plausible, and plausible is different
from possible.
So while I think it is possible but rare to find an admin to create a
directory that conflicts with a package it is instead plausible he find
a name in the user db that conflicts.
> > I think at least a check to see if the "amanda" user is < 1000 would
> > make a lot of sense.
>
> Then maybe it makes more sense to have "useradd -r" fail when the user
> is > 500, e.g. outside the desired -r switch instead of obscuring the
> specfiles with wrappers, scripts, registries and all that. :)
dunno, maybe this is really better, but limiting system user to 500
could be a problem.
To be honest I think the username should always be configurable and
configuration be made by a config script run by the admin so that the
admin can take a conscious decision, but we are stuck with the fact that
rpm "owns" file (-V) and that it can't be interactive.
Simo.
More information about the Fedora-packaging
mailing list