Re: exploring debian's users and groups

To: Stephen Stafford <stephen@clothcat.demon.co.uk>
Cc: debian-devel@lists.debian.org
Subject: Re: exploring debian's users and groups
From: Robert van der Meulen <rvdm@cistron.nl>
Date: Tue, 7 Aug 2001 13:07:47 +0200
Message-id: <[🔎] 20010807130747.E745@wiretrip.org>
In-reply-to: <[🔎] E15U4W2-000Lyj-0X@anchor-post-33.mail.demon.net>

Hi,

Quoting Stephen Stafford (stephen@clothcat.demon.co.uk):
> On Tuesday 07 Aug 2001 6:35 am, Joey Hess wrote:
> > bin:
> > 	HELP: No files on my system are owned by user or group bin. What
> > 	      good are they? Historically they were probably the owners of
> > 	      binaries in /bin? It is not mentioned in the FHS, debian
> > 	      policy, or the changelog of base-passwd or base-files.
> The only files on my system owned by bin:bin are in the unpacked 
> sources for cdrtools, but that hardly counts.
I'm not sure what to do with this, but it seems like having binaries owned
by group bin would be useful; especially in situations where one would want
to limit executing rights for certain binaries to certain users.

> > operator:
> >
> > 	HELP: No files owned by it here, what's it good for?
> Historical reasons I suspect
'operator' is historically (and practically) the only 'user' account that
can login remotely, and doesn't depend on NIS/NFS.
On a system with no remote root access, you need this (incidentally, on all
my systems running NIS, and lots of other's boxes too).

> It is used so that unpriveleged users can be added to the group dialout 
> and be able to use the modem devices, that is what I use it for here 
> anyway.  I am afraid I don't recall if it was as simple as just adding 
> the user to the group, or if I had to do some playing with permissions 
> as well, sorry.  The group dip appears to have a similar function.  It 
> is entirely possible that I added users to dialout, and when that 
> didn't work added them to dip as well.  Curse my crap memory.
Adding them to 'dialout' should be sufficient.

> > fax:
> >
> > 	HELP: ?
> I imagine similarly, although I don't use fax from this box.
Similar to 'dialout' indeed.

> > dip:
> >
> > 	HELP: WHat did this group's name signify? DIaluP?
> >
> > 	pppd may only be run by users in the dip group (and by root of
> > 	course).
>           Dial-up Internet Protocol (Linux)
dip - Tool for handling SLIP/PPP dialup IP connections

I'm not sure if this needs a user.

> > staff:
> >
> > 	HELP: So, /usr/local and /var/local are owned by it, but how's it
> > 	      differ from say, adm, and what's the historical meaning, and
> > 	      the current purpose?
<snip anecdote>
I use 'staff' as a default group to add users to that have 'elevated'
priviliges; afaik that is correct ( 'staff members').

Greets,
	Robert

-- 
			      Linux Generation
   encrypted mail preferred. finger rvdm@debian.org for my GnuPG/PGP key.
	     Fighting for peace is like screwing for virginity.

Reply to:

Follow-Ups:
- Re: exploring debian's users and groups
  - From: Wichert Akkerman <wichert@wiggy.net>

References:
- Re: exploring debian's users and groups
  - From: Stephen Stafford <stephen@clothcat.demon.co.uk>

Prev by Date: Re: Linux console tools and kbd
Next by Date: make-kpkg, dpkg, dpkg-architecture
Previous by thread: Re: exploring debian's users and groups
Next by thread: Re: exploring debian's users and groups
Index(es):
- Date
- Thread