On Thu, 2007-06-14 at 19:31 +0200, Axel Thimm wrote:
On Thu, Jun 14, 2007 at 01:21:28PM -0400, Simo Sorce wrote:
> Axel, you couldn't choose a worst example :)
I didn't choose it, it's in the proposal.
I know :)
> Amanda is also a real name (female in Italy), so it is plausible
that
> you have such user in your system.
I know, it's very popular name especially in the US. I'm currently
reading baby name books ... ;)
wow :)
> It is also entirely possible that the admin does not know that
such user
> exists as users may come from ldap,nis,winbindd and not created by such
> admin but by someone else.
Well in that spirit it is also possible that the master admin manages
/usr/local and has put something else called amanda in there. The
point is we can't cater for all possible local configurations like
split adminstration, we need to make some assumptions to remain sane.
ok, I should have used the term plausible, and plausible is different
from possible.
So while I think it is possible but rare to find an admin to create a
directory that conflicts with a package it is instead plausible he find
a name in the user db that conflicts.
> I think at least a check to see if the "amanda" user
is < 1000 would
> make a lot of sense.
Then maybe it makes more sense to have "useradd -r" fail when the user
is > 500, e.g. outside the desired -r switch instead of obscuring the
specfiles with wrappers, scripts, registries and all that. :)
dunno, maybe this is really better, but limiting system user to 500
could be a problem.
To be honest I think the username should always be configurable and
configuration be made by a config script run by the admin so that the
admin can take a conscious decision, but we are stuck with the fact that
rpm "owns" file (-V) and that it can't be interactive.
Simo.