Received: (at submit) by bugs.debian.org; 16 Nov 1999 03:50:11 +0000 Received: (qmail 1721 invoked from network); 16 Nov 1999 03:50:10 -0000 Received: from wks220.idiomtech.com (HELO nolfolan.idiomtech.com) (140.239.101.220) by master.debian.org with SMTP; 16 Nov 1999 03:50:10 -0000 Received: by idiomtech.com via sendmail from stdin id (Debian Smail3.2.0.102) for submit@bugs.debian.org; Mon, 15 Nov 1999 23:41:37 -0500 (EST) Message-Id: From: Andrew Pimlott To: Debian Bug Tracking System Subject: www-data considered harmful X-Reportbug-Version: 0.42 X-Mailer: reportbug 0.42 Date: Mon, 15 Nov 1999 23:41:37 -0500 Bcc: Package: base-passwd Version: 2.1.2 Severity: wishlist The www-data user and group should die. The hyphen is a gratuitous source of grief. One example is the config script for smail (bug 41240, still unfixed). It populates /etc/aliases from /etc/passwd, but misses www-data because it doesnt't expect a -. Go look at your /etc/aliases file if you use smail. exim inherited the config script and the bug, but it has been fixed there (bug expired). Another example (from memory) is postgresql. Some escaping was necessary to get postgresql to recognize www-data as a user, because of the hyphen. I believe there was a bug that has expired. There are mailing list posts on the topic, eg the thread containing http://www.debian.org/Lists-Archives/debian-devel-9905/msg00223.html . I understand that there may be challenges to changing an established user/groups, but www-data is tastless and should be changed. wwwdata would be fine. In addition, a convention should be establish somewhere, such as policy, that users and groups created by packages must have lowercase alphabetic names. Andrew -- System Information Debian Release: potato Architecture: i386 Kernel: Linux nolfolan 2.2.12 #1 Fri Aug 27 16:19:56 EDT 1999 i686 Versions of packages base-passwd depends on: ii libc6 2.1.2-10 GNU C Library: Shared libraries an