How to distinguish human users from system users

southsider · Guru Joined: 05 Jul 2004 Posts: 358

I see GNOME's "Users and Groups" configuration utility simply relies on UID to decide whether a user is human or not. Isn't this a little messy? I added a user called "icecast" and GNOME now think's it's a human user. If I change it's UID down to one below 1000 then the files it owns will be disowned.

How about adding all human users to the "human" group? This could be a purely superficial group or if you have any need you could use it for more than that?

I realise most UNIXy people don't like dumbing down, but please try and refrain from flaming, and let me know if it's an idea worth submitting somewhere.

Does freedesktop have any guidelines? *Takes a look.*

psychomunky · Guru Joined: 02 Nov 2004 Posts: 337 Location: Canada

maybe it would be better to do things like check to see if the user has a home directory or not. Or perhaps it could differentiate between whether the account is allowed to login or not. This way Sys admins can continue to do things as they always have (a good sys admin will lock the system accounts so the only way to use them is to su to them).

There should be other ways to tell if a user is "System" or "Human" in other ways besides the userID anyways....

I did read somewhere that traditionally the userids were setup in the way that the gnome application expects for exactly this reason...which means that if it is a POSIX standard, you should be creating your icecast user according to that...not the other way around

southsider · Guru Joined: 05 Jul 2004 Posts: 358

A lot of system accounts do have home directories still.

Thanks for the info though, will hunt around before I go rambling on at various bugzillas.

psychomunky · Guru Joined: 02 Nov 2004 Posts: 337 Location: Canada

Yeah I know, I was thinking about this more after I posted and remembered a few of my experiences when I was using a system user and it did have a home directory....this seems to be quite prevalent in the larger corporations I have been at. However, most of the system accounts were locked for security so that the only way to gain access was through a privileged user account.

I am hoping that a few of the more experienced Linux users will pick up this thread and voice their knowledge about such differentiations.

davey_freeman@yahoo.com · n00b Joined: 16 Jan 2005 Posts: 34

On my system I use an OpenBSD like naming scheme.
All system accounts start with a "_" prefix (except portmap which is used by some binary apps so I didn't touch that).

Other systems put a special string in the comment field of the passwd file to identify system users.

southsider · Guru Joined: 05 Jul 2004 Posts: 358

I don't wanna sound like a kid on a mission, but does using a "human" group sound like a bad idea to anyone?

It would make sysadmin'ing a little more clear for Joe GNOME-User Bloggs (rather than having to rely on UID), and it might be worth spreading around as an idea for freedesktop.

gkmac · Posted: Fri Feb 18, 2005 10:52 pm Post subject:

southsider · Guru Joined: 05 Jul 2004 Posts: 358

That's a good point. What is the purpose of this group?