Policy for use of Group Names
Hello All
I am looking at drawing up a policy for some of our local machines
and also client machines that we administer. Certain grades of
users will be made members of groups with specific privileges.
Then I can tweak things so that member of those groups have
access to things like read log files, update web pages in /var/www,
and upload files to /pub/ftp etc, without root access.
However, before I go and re-invent the wheel, I was just wondering if
there is a Debian policy (or unofficial policy or understanding) on
what the "traditional" unix groups are used for.
There are some of them which are obvious like
root:x:0:
lp:x:7:lp
mail:x:8:
news:x:9:
uucp:x:10:
majordom:x:31:
postgres:x:32:
www-data:x:33:
Others seem to be traditional unix names, but I am not sure what
privileges these group ID's have on a Debian or other typical unix
installation:
daemon:x:1:
bin:x:2:
sys:x:3:
However the ones I am most interested in are
adm:4:
tty:x:5:
disk:x:6:
cdrom:x:24:
floppy:x:25:
tape:x:26:
backup:x:34:
operator:x:37:
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
Which files and directories allow access from these groups in a
Debian installation?
Would it make sense to add certain users to say "cdrom", "adm" or
"staff" ? What rights would such a user be expected to gain from
this?
Any comments would be appreciated.
Thanks
Ian
---------------------------------------------------------------------
Ian Forbes ZSD
http://www.zsd.co.za
Office: +27 +21 683-1388 Fax: +27 +21 64-1106
Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa
---------------------------------------------------------------------
Reply to: