Re: exploring debian's users and groups
On Tue, Aug 07, 2001 at 04:46:22PM +1000, Sam Couter wrote:
> Joey Hess <joeyh@debian.org> wrote:
> > man:
> >
> > The man program (sometimes) runs as user man, so it can write cat
> > pages to /var/cache/man
> >
> > HELP: My system has no files owned by user man, and I don't see
> > the point of the user, aside from symmetry.
>
> Wasn't there a proposal to remove it (and pre-formatted man pages
> along with it) a while back?
It's no longer used by default, but is still supported, and
/var/cache/man is owned by user man. Personally, I happen to like having
the preformatted pages, I just don't like having to fix the security
bugs that result. :)
> man running as set{u,g}id man is commonly regarded as a security
> hazard, and preformatted man pages present an easy DoS attack.
Well, you can fill up disk space, yes, but otherwise not really. Pages
formatted with strange terminal sizes and such aren't cached.
Incidentally, /var/cache/man has been man:root mode 2755 on Debian for a
long time. Is it just me, or is the setgid bit rather unnecessary?
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: