[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: exploring debian's users and groups

On Tue, Aug 07, 2001 at 12:29:08PM -0400, Joey Hess wrote:
> Colin Watson wrote:
> > It's no longer used by default, but is still supported, and
> > /var/cache/man is owned by user man. Personally, I happen to like having
> > the preformatted pages, I just don't like having to fix the security
> > bugs that result. :)
> 
> Agreed. Is the man group used for anything at all?

Not to my knowledge. It might be some day if somebody writes a man
program that uses setgid privileges rather than setuid ones (I think Red
Hat did that for a while).

> > Incidentally, /var/cache/man has been man:root mode 2755 on Debian for a
> > long time. Is it just me, or is the setgid bit rather unnecessary?
> 
> Presumably no point if man always runs as user man. Hmm, if man is not
> setuid, and root runs man and it writes a cat page, this bit may be
> useful to make the cat page come out owned by user man.

The setgid bit shouldn't affect that. It does avoid cat pages being
owned by random groups, although they should always be mode 644 anyway.

man-db doesn't really understand group privileges at the moment.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]
Reply to: