[Fedora-packaging] Re: Possible UsersAndGroupsDraft
Ralf Corsepius
rc040203 at freenet.de
Fri Jun 15 05:47:42 UTC 2007
On Thu, 2007-06-14 at 13:21 -0400, Simo Sorce wrote:
> On Thu, 2007-06-14 at 17:25 +0200, Axel Thimm wrote:
> > On Thu, Jun 14, 2007 at 08:40:16AM -0500, Tom spot Callaway wrote:
> > > On Thu, 2007-06-14 at 10:19 +0200, Axel Thimm wrote:
> > > > On Wed, Jun 13, 2007 at 11:45:27PM -0500, Tom spot Callaway wrote:
> > > > > I'm not quite sure I'm ready to bring this to the FPC for a vote, but
> > > > > I've been working on a modified version of Ville's draft:
> > > > >
> > > > > http://fedoraproject.org/wiki/TomCallaway/UsersAndGroupsDraft
> > > > >
> > > > > While this is more complicated, I think it more adequately covers the
> > > > > corner cases of adding users and groups. Thoughts?
> > > >
> > > > It is far too complicated, Ville's version did the job already quite
> > > > well. You're also introducing non-standard tools again. :/
> > >
> > > Not really. The tools I introduced are helper scripts.
> > >
> > > Ville's draft only created the user/group if it didn't exist, and if
> > > not, didn't, but left the files owned as that user/group. That security
> > > issue concerns me.
Actually, I like Ville's proposal because of it's simplicity and don't
see the potential security risk as critical, because user/group and
uid/gid handling always will require admin intervention.
> > Yes, but the proposed complicated apparatus does not justify
> > this. Better to have %pre fail then and deal with the transaction
> > mess. After all how often will a sysadmin have created a non-system
> > user "amanda" (and accidentially install amanda w/o remembeing that he
> > had such a user)?
>
> Axel, you couldn't choose a worst example :)
The worst case probably is using a "last name is username" convention
and your last name being "Root", "Mail" or "Windows" ;)
> It is also entirely possible that the admin does not know that such user
> exists as users may come from ldap,nis,winbindd and not created by such
> admin but by someone else.
>
> I think at least a check to see if the "amanda" user is < 1000 would
> make a lot of sense.
I think restricting all rpm-created uids to < a limit (the value is
debatable) and presuming them to be local would be a reasonable
compromise
Ralf
More information about the packaging
mailing list