Re: nogroup and nobody

To: Darren Williams <dsw@gelato.unsw.edu.au>
Cc: debian-policy@lists.debian.org
Subject: Re: nogroup and nobody
From: Colin Watson <cjwatson@debian.org>
Date: Wed, 14 Jul 2004 12:00:45 +0100
Message-id: <[🔎] 20040714110045.GC22077@riva.ucam.org>
Mail-followup-to: Darren Williams <dsw@gelato.unsw.edu.au>, debian-policy@lists.debian.org
In-reply-to: <[🔎] 20040714044821.GC31683@cse.unsw.EDU.AU>
References: <[🔎] 20040714044821.GC31683@cse.unsw.EDU.AU>

On Wed, Jul 14, 2004 at 02:48:21PM +1000, Darren Williams wrote:
> This has been brought up before and appears that it is not major
> concern for the Debian community.

Can you give me a reference? I don't recall ever seeing this in the
several years I've been a member of Debian or in the year and a half
I've been the Debian base-passwd maintainer.

> However, the current policy of nobody, nogroup subtly breaks Linux
> Test Project if you are unaware of Debian's policy. LTP expects that
> if user nobody exists then either a nobody group exists or it will
> create one if you desire. The problem becomes obvious when you run LTP
> on a network filesystem using NIS and ltp has created the group nobody
> under the NIS flag in /etc/group. This new group is never recognised
> and the hosting server is requested to fulfil the request, if that
> server is also a Debian system then it to will know nothing about the
> group nobody, and subsequent tests that rely on the group produce an
> incorrect result for the test. For details on LSB user groups see:
> http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB.html#TOCUSERSGROUPS

This does seem to be a straightforward bug in either Debian policy (and
base-passwd) or the LSB. Frankly I'm not sure how Debian could get there
from here; it entirely depends on how much the name 'nogroup' is
hardcoded in packages in our archive. I'd hope not very much, but I'm
reluctant to agree with changing policy and base-passwd without knowing
the impact. Has anyone audited this?

Similarly, is there a good reason for the LSB to mandate that name, or
is it just overspecification in the same way that it used to mandate
that the bin and daemon users should have uids 1 and 2 respectively? We
got that specification removed because there was really no good reason
for the LSB to specify it. The LSB says that the nobody group is for
distributions, not applications, so it seems unlikely that it would
matter if the alternative were offered.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

Follow-Ups:
- Re: nogroup and nobody
  - From: David Weinehall <tao@debian.org>
- Re: nogroup and nobody
  - From: Darren Williams <dsw@gelato.unsw.edu.au>

References:
- nogroup and nobody
  - From: Darren Williams <dsw@gelato.unsw.edu.au>

Prev by Date: nogroup and nobody
Next by Date: Re: nogroup and nobody
Previous by thread: nogroup and nobody
Next by thread: Re: nogroup and nobody
Index(es):
- Date
- Thread