Re: exploring debian's users and groups
On Tue, 7 Aug 2001, Joey Hess wrote:
> Presumably so backup/restore responsibilities can be locally
> delegated to someone without full root permissions?
> HELP: Is that right? Amanda reportedly uses this, details?
Amanda uses rlogin-style access lists (.amandahosts) in the homedir of user
backup to determine who's allowed to pull backups off of remote machines, as
well as who's allowed to restore backups off of the backup server. User
backup is also a member of group disk, to allow raw access to disk partitions
> /dev/kmem and similar files are readably by this group. This is
> mostly a BSD relic, but any programs that need direct read access
> to the system's memory can thus be made sgid kmem.
If memory serves, there were reasons why wine used /dev/kmem at one point on
Linux; I suspect this has been superseded by kernel DRI drivers now, but it
does mean that group kmem isn't entirely a BSD relic.
> This group owns source code, including files in /usr/src. It can be
> used locally to give a user the ability to manage system source
> HELP: /usr/src is owned by group src and is setuid. This doesn't
> make files put there by foo-src packages necessarily be owned
> by group src though. If the intent is to make group src be
> able to manage source code, perhaps policy should say that
> foo-src packages make files in /usr/src owned and writable by
> the group (and files in tarballs dropped there likewise?)
This seems worthwhile to me.