Re: Bug#80343: general: Lack of policy on which files should be owned by which user
>>>>> "Hamish" == Hamish Moffatt <firstname.lastname@example.org> writes:
Hamish> On Tue, Dec 26, 2000 at 11:13:13AM +1100, Brian May wrote:
>> However, the idea of one UID per daemon is (IMHO) a really
>> horrible solution, too, as you end up having more UIDs for
>> daemons then users.
Hamish> Why is that a problem? There are 65536 available UIDs.
Well yes and no. On most desktop systems there never will be a problem.
Some potential problems though:
- easy to hide back-door entry point in /etc/passwd if lots of entries
exist (eg. missing password field). Whether this is by mistake
or done on purpose by an attacker is not important, but the fact it
is harder to detect may be important.
- As the number of entries grows, the chance that one/more entries
will conflict with some NIS, openldap or remote NFS system increases.
Especially since adduser, etc, do not support NIS or openldap. I am
not sure of the details here - can adduser assign a local user a UID
that conflicts with that from some other source?
- harder to administrate /etc/passwd as more users exist.
Brian May <email@example.com>