Ted Gould [2009-09-03 14:02 -0000]:
> In the future, it'd probably be nice if packages could add to that
> list... so the apache package could blacklist an apache user if it was
> to create one. Off-topic, sorry :)
But if the apache package creates a non-system user, that's a serious
bug. System users like www-data should be in the system UID range
(100..499).
> There is two places. The home directory and a global directory. I'm
> not sure if anyone is using the /usr/share/faces anymore, but GDM does
> support it.
Ah, thanks for the heads-up.
> > What do you mean, if there are too many users? (Isn't that why it says
> > "less than 6"?)
>
> Yes, but one of the cases here is dealing with that intelligently.
> Things like getent don't really have ways of saying anything other than
> going through the whole list, and they're not naturally asynchronous.
You could just stop after reading 6 users?
> All solvable, but something that should be done once and handled by one
> person in the system.
Right, I wasn't saying that there shouldn't be such an interface, just
that creating one shouldn't be a blocker for this, since it won't work to
create such an API in a hurry. If it should make any sense, it needs
to be discussed with and accepted by upstream first, etc.
Ted Gould [2009-09-03 14:02 -0000]:
> In the future, it'd probably be nice if packages could add to that
> list... so the apache package could blacklist an apache user if it was
> to create one. Off-topic, sorry :)
But if the apache package creates a non-system user, that's a serious
bug. System users like www-data should be in the system UID range
(100..499).
> There is two places. The home directory and a global directory. I'm
> not sure if anyone is using the /usr/share/faces anymore, but GDM does
> support it.
Ah, thanks for the heads-up.
> > What do you mean, if there are too many users? (Isn't that why it says
> > "less than 6"?)
>
> Yes, but one of the cases here is dealing with that intelligently.
> Things like getent don't really have ways of saying anything other than
> going through the whole list, and they're not naturally asynchronous.
You could just stop after reading 6 users?
> All solvable, but something that should be done once and handled by one
> person in the system.
Right, I wasn't saying that there shouldn't be such an interface, just
that creating one shouldn't be a blocker for this, since it won't work to
create such an API in a hurry. If it should make any sense, it needs
to be discussed with and accepted by upstream first, etc.
OK, thanks for the heads-up!