On Thu, 2007-06-14 at 13:21 -0400, Simo Sorce wrote: > On Thu, 2007-06-14 at 17:25 +0200, Axel Thimm wrote: > > On Thu, Jun 14, 2007 at 08:40:16AM -0500, Tom spot Callaway wrote: > > > On Thu, 2007-06-14 at 10:19 +0200, Axel Thimm wrote: > > > > On Wed, Jun 13, 2007 at 11:45:27PM -0500, Tom spot Callaway wrote: > > > > > I'm not quite sure I'm ready to bring this to the FPC for a vote, but > > > > > I've been working on a modified version of Ville's draft: > > > > > > > > > > http://fedoraproject.org/wiki/TomCallaway/UsersAndGroupsDraft > > > > > > > > > > While this is more complicated, I think it more adequately covers the > > > > > corner cases of adding users and groups. Thoughts? > > > > > > > > It is far too complicated, Ville's version did the job already quite > > > > well. You're also introducing non-standard tools again. :/ > > > > > > Not really. The tools I introduced are helper scripts. > > > > > > Ville's draft only created the user/group if it didn't exist, and if > > > not, didn't, but left the files owned as that user/group. That security > > > issue concerns me. Actually, I like Ville's proposal because of it's simplicity and don't see the potential security risk as critical, because user/group and uid/gid handling always will require admin intervention. > > Yes, but the proposed complicated apparatus does not justify > > this. Better to have %pre fail then and deal with the transaction > > mess. After all how often will a sysadmin have created a non-system > > user "amanda" (and accidentially install amanda w/o remembeing that he > > had such a user)? > > Axel, you couldn't choose a worst example :) The worst case probably is using a "last name is username" convention and your last name being "Root", "Mail" or "Windows" ;) > It is also entirely possible that the admin does not know that such user > exists as users may come from ldap,nis,winbindd and not created by such > admin but by someone else. > > I think at least a check to see if the "amanda" user is < 1000 would > make a lot of sense. I think restricting all rpm-created uids to < a limit (the value is debatable) and presuming them to be local would be a reasonable compromise Ralf -- Fedora-packaging mailing list Fedora-packaging@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-packaging
