Re: system users/groups (was: nobody/nogroup - ITP maildir-bulletin)

To: debian-devel@lists.debian.org
Subject: Re: system users/groups (was: nobody/nogroup - ITP maildir-bulletin)
From: Raul Miller <moth@debian.org>
Date: Sat, 23 Oct 1999 15:41:13 -0400
Message-id: <[🔎] 19991023154113.J26033@usatoday.com>
In-reply-to: <[🔎] 19991021213113.A17638@pimlott.ne.mediaone.net>
References: <[🔎] 9910201601450C.24633@lyta> <[🔎] 19991021114051.A2268@snoopy.apana.org.au> <[🔎] 9910211255310R.24633@lyta> <[🔎] 19991021213113.A17638@pimlott.ne.mediaone.net>

On Thu, Oct 21, 1999 at 12:44:13PM +0200, Russell Coker wrote:
> > However we don't want to have too many system users and groups...

On Thu, Oct 21, 1999 at 09:31:13PM -0400, Andrew Pimlott wrote:
> On the contrary, we should have as many as is practical.
> 
> - There is no shortage of dynamic system user and group ids.
> - Every privilege boundaries we establish limits the potential damage of a
>   bug or security breach.
> - There is rarely any loss in flexibility, since system programs know ahead
>   of time what files they need special privileges for.

While this is all true for the current context, I'd like to remind you
that there's a limit to how many groups a running process can acquire.

-- 
Raul

Reply to:

References:
- nobody/nogroup - ITP maildir-bulletin
  - From: Russell Coker <russell@coker.com.au>
- Re: nobody/nogroup - ITP maildir-bulletin
  - From: Brian May <bam@snoopy.apana.org.au>
- Re: nobody/nogroup - ITP maildir-bulletin
  - From: Russell Coker <russell@coker.com.au>
- system users/groups (was: nobody/nogroup - ITP maildir-bulletin)
  - From: Andrew Pimlott <andrew@pimlott.ne.mediaone.net>

Prev by Date: SVGAlib suid binaries?
Next by Date: Re: SVGAlib suid binaries?
Previous by thread: system users/groups (was: nobody/nogroup - ITP maildir-bulletin)
Next by thread: Re: nobody/nogroup - ITP maildir-bulletin
Index(es):
- Date
- Thread