Re: exploring debian's users and groups

To: debian-devel@lists.debian.org
Subject: Re: exploring debian's users and groups
From: Ian Eure <ieure@qwest.net>
Date: Tue, 7 Aug 2001 02:53:11 -0700
Message-id: <[🔎] 15215.47751.752541.414232@Phaktory.earth.sickfuck.org>
In-reply-to: <[🔎] 20010807013548.A17529@kitenet.net>
References: <[🔎] 20010807013548.A17529@kitenet.net>

Joey Hess writes:
 > lp:
 > 
 > 	HELP: I assume it's used by lpr, as I have not owned a printer in
 > 	      years and have not used lpr in longer, I can't say what
 > 	      exactly the user is used for or what the group is used for.
 > 	      Or is the idea to make the printer device owned by one or the
 > 	      other, to let eg, users in group lp cat files to it directly?
 > 
dunno about the bsd lpr, but /var/spool/lpd/* are daemon:lp, and
/dev/lp* are root:lp. maybe users must be in the lp group to print to
locally-attached printers? it doesn't seem necessary to print to
network printers.

 > postgres:
 > 
 > 	HELP: Presumably used by the postgresql database?
 > 
yes. no idea why this user exists in base-passwd; mysql-server creates
& removes the "mysql" user & group on installation/removal.

 > www-data:
 > 
 > 	HELP: Er, I should know this, but this box doesn't run apache and
 > 	      I'm offline.
 > 
afaik, webservers are supposed to run as www-data:www-data. files
accessible by the webserver should never be writable by the www-data
user or group, so if the webserver gets cracked, the site can't be
defaced. i assume that they don't use the daemon user for the same
reason (e.g. limiting the damage if it's cracked).

 > disk:
 > 
 > 	HELP: Well, I have some disk devices in /dev/ owned by the group,
 > 	      but I can't see the point. On another system, I noticed that some
 > 	      of the files lilo puts in /boot/ are also owned by disk. I
 > 	      can imagine local uses for such a group, like if you want to
 > 	      give some users in the group direct access to some hard disk.
 > 	      But these uses I've found on my systems seem to preclude
 > 	      doing that easily; if I put a user in group disk here, they'd
 > 	      have write access to the root filesystem.
 > 
may be a bit off-topic, but how should removable disk devices
(e.g. iomega zip/jaz) be handled? it's nice to let power-users and/or
sysadmins have direct access to these devices, for example to
partition or mkfs them without using root. but it's not necessarily a
good idea to give disk group membership in these cases.

 > dip:
 > 
 > 	HELP: WHat did this group's name signify? DIaluP?
 > 
 > 	pppd may only be run by users in the dip group (and by root of
 > 	course).
 > 
this group has always irritated me. it seems awfully specific to the
"dip" package, which handles slip connections. as i understand it,
it's really used to control who may initiate dial-up
connections. a bunch of ppp files (/etc/chatscripts/* & some stuff in
/etc/ppp) are in the dip group. but we have a "dialout"
group. wouldn't it be better to roll this into the dialout group?

-- 
.--.:-:.-----------------------------------------------------------------------.
|  :; ;:      "i feel the cold knife blade of disgust in my gut, like a shot." |
|  ;| |; - chemlab, "suicide jag"                                              |
`--||-||-----------------------------------------------------------------------'
   |. .|
   .   .

Reply to:

Follow-Ups:
- Re: exploring debian's users and groups
  - From: idalton@ferret.dyndns.org
- Re: exploring debian's users and groups
  - From: Josip Rodin <joy@cibalia.gkvk.hr>

References:
- exploring debian's users and groups
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: Section oddities
Next by Date: Re: exploring debian's users and groups
Previous by thread: Re: exploring debian's users and groups
Next by thread: Re: exploring debian's users and groups
Index(es):
- Date
- Thread