After the feedback of the recent d-d thread, I've adapted the section I wrote on the best practices related to system users and groups, it is currently available at: http://www.debian.org/doc/manuals/developers-reference/ch-best-pkging-practices.en.html#s-bpp-lower-privs
I would like developers to review and provide feedback for that section, specially in form of patches. I'm considering doing a bug hunt for: a) packages that should create a system user for their normal operation and do not b) packages that use a system user but do not do handle it properly (for example, they unconditionally delete the user without checking if the package, and not the admin, actually created it) Thoughts? Javier
signature.asc
Description: Digital signature
