[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFC] adding system users: which is the best way??

On Sun, 30 Nov 2003 15:15, Anthony Towns <aj@azure.humbug.org.au> wrote:
> On Sun, Nov 30, 2003 at 04:42:44AM +0100, Peter Palfrader wrote:
> > > Presumable, if you purge the package, then the user is no longer
> > > needed. So shouldn't the user be deleted?
> >
> > We cannot guarantee that no file on disk is owned by the user or group.
> > The local admin may for instance have made a backup copy of files owned
> > by the user (cp -a /etc/foo/ /etc/foo.bak;  suppose something in that
> > dir is uid or gid user).
> Erm, surely everything in /etc should be owned by root? The group mightn't
> be, but surely the user should be? (Otherwise you're allowing random
> daemons to _modify_ your configuration, rather than just read it)

Some daemons such as cups are written in a way that requires that they be able 
to write to their own configuration files.  If such a daemon is run as 
non-root then the files will have to be owned by non-root if the "create new 
file and rename" method of file update is used.

Of course having CUPS operate in a different manner would be a really good 
idea, but I don't see it getting changed in the near future.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: