Re: Bits from the release team: the plans for etch
Javier Fernández-Sanguino Peña <firstname.lastname@example.org> wrote:
> On Wed, Oct 26, 2005 at 01:53:19PM +0200, Gabor Gombas wrote:
>> On Wed, Oct 26, 2005 at 11:11:00AM +0200, Javier Fernández-Sanguino Pe?a wrote:
>> > That really depends on the daemon itself don't you think? There's a number of
>> > daemons that don't create any file at all or, if they do, are created
>> > only on a given directory which is removed on purge. In these cases, removing
>> > the user on postrm's purge might make sense. As I said, that would be an
>> > option.
>> It is still possible that those daemons _read_ some files (e.g. config
>> files), and the admin did a chown/chgrp to the daemon's user. Removing
>> the user and reusing the UID/GID will suddenly make those files
>> accessible for a random new package which may not be intended at all.
> Wrong. That is only true in the chown() case. Which is not a sensible thing
> to do. Daemons should be able to read their configuration files but they
> usually *don't* need to *write* them, so they should *not* own them.
What about log files with sensitive content?
Inst. f. Biochemie der Univ. Zürich