Hi,
at work we have a large fleet of Debian machines, but also more than
200k user accounts with no reuse and somewhat painful rename
experiences. Obviously an increasing number of accounts leads to a much
increased risk of collisions with system users as created by Debian
packages.
Of course it is easy to precompile a basic list to ban users from taking
names like postfix, bind, or sshd. But it will never be exhaustive,
packages are still free to come up with random names and users are free
to install them and see things break.
Some core packages recently adding system users resorted to names like
systemd-$daemon and _apt, which both address my concerns - as you can
come up with simple rules like "no user might include [-_] in their
username". On the other hand I know that Debian-* was painful and
annoying for exim, but I suspect mostly because of the length of the
username and tools dealing poorly with >8 character usernames. I think
FreeBSD (among others?) picked the underscore at the front of the
username. Intuitively that feels like a somewhat clean proposal that is
also friendly to derivatives.
How do others deal with this problem? Could someone think of a viable
approach on how to approach this from a policy side?
Kind regards and thanks
Philipp Kern
