From owner-freebsd-ports@FreeBSD.ORG Sun May 23 03:59:41 2010 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1C4A81065670 for ; Sun, 23 May 2010 03:59:41 +0000 (UTC) (envelope-from swell.k@gmail.com) Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by mx1.freebsd.org (Postfix) with ESMTP id 941A58FC13 for ; Sun, 23 May 2010 03:59:40 +0000 (UTC) Received: by fxm4 with SMTP id 4so2352696fxm.13 for ; Sat, 22 May 2010 20:59:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:cc:subject:references :date:in-reply-to:message-id:user-agent:mime-version:content-type; bh=KpDSSu4P2qZMxxft/N/4APKSbt2GNB3vs8zD9Q5DEas=; b=PYq2jyufESOfFxR36YO1Hs/OW4x7NHAFszmOEYVwmOkSiKTO5G6e5ioVN/QGvuK5ZM UhXAVAte7XMB4poxu3ubqUH7fOve0Fi9eqgyv5/5UAwGvCQHPfK1gMIX6Vrmd3lTsiUt aIUkNqSktIQywQslM6Gr3PzXi6ubYU5ISIrH0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version:content-type; b=ATeTLKpTjuUqyOYcUIabJYMaPlz6AZ1Xo8PpvXzje1A6iA5hXfVQadWNcd6gXAog1f S+ptB4j7cGRULGNeqm59O3keiwviXViZRNxOejcMYVYMeQHojngYuehWXKhHyeyYpgXh pG+95/ePfXjiWTHcGKBPl1oMQ7fy6gUFwP7zk= Received: by 10.223.56.212 with SMTP id z20mr3222347fag.1.1274587176766; Sat, 22 May 2010 20:59:36 -0700 (PDT) Received: from localhost (95-25-188-72.broadband.corbina.ru [95.25.188.72]) by mx.google.com with ESMTPS id g10sm12592299fai.12.2010.05.22.20.59.35 (version=SSLv3 cipher=RC4-MD5); Sat, 22 May 2010 20:59:36 -0700 (PDT) From: Anonymous To: RW References: <20100522005313.26dcfbdb@gumby.homeunix.com> <4BF787E2.9010907@dataix.net> <20100522120815.063975ae@gumby.homeunix.com> <4BF7C6EE.3010001@dataix.net> <20100522134212.3d5447a8@gumby.homeunix.com> <4BF7FB7D.1010501@dataix.net> <20100522235425.1ab2c504@gumby.homeunix.com> <86aarr8q0m.fsf@gmail.com> <20100523021135.7e5dbb4f@gumby.homeunix.com> Date: Sun, 23 May 2010 07:57:36 +0400 In-Reply-To: <20100523021135.7e5dbb4f@gumby.homeunix.com> (RW's message of "Sun, 23 May 2010 02:11:35 +0100") Message-ID: <86d3wnxob3.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-ports@freebsd.org Subject: Re: Users and groups kept after a port deinstallation X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 May 2010 03:59:41 -0000 RW writes: > On Sun, 23 May 2010 03:39:53 +0400 > Anonymous wrote: > >> RW writes: >> >> > On Sat, 22 May 2010 11:42:53 -0400 >> > jhell wrote: >> >> This is more of a best practices case than what the implications of >> >> leaving users in the master.passwd are. >> > >> > Why is it best practice? Why add extra complexity to solve a problem >> > that doesn't actually exist? >> >> Such unused entries in passwd add clutter. It in turn makes managing >> users more complex. You have to remember which users are created by >> you and which ones are created by ports. > > You don't have to remember, just look at the UID/GID values, ordinary > users start at 1001, ports create UIDs < 1000. You're presuming non-ordinary users are created only by ports framework. That's not always the case. I may want for example a separate user for telnetd to broadcast ascii movies or youterm sessions. ;) Besides, some ports do not create users by default but may use them if available, e.g. dns/dnsmasq & dnsmasq user. This case is more like a bug, though. > > The base system alone creates 18 such users, if you have problems with > this kind of thing a few stale uids are the least of your problems. > >> So, if you change home dir >> of some user there may be undesireble consequences. And only then >> security becomes a concern because port app may be run with >> privilegies that are higher than intended. > > This appears to refer to an admin confusing a normal user with a > system user that's still in use by a port, so I don't see the > relevance. No. It's about conflict: system user created by admin and system user created by port happen to have same username.