[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Adding system users and setuid

On Thu, 2002-08-29 at 17:56, Roger Leigh wrote:
> In the work I'm doing on packaging buildd, I would need to have some
> programs setuid buildd (and setuid rbuilder and setuid wanna-build).
> I can easily create the user in postinst if it does not exist, but
> that means I then need to change the ownership of all files that
> should be owned by buildd etc, and then set the setuid bit on all
> necessary binaries.
> Is there a standard way to do this, when you do not know the UID in
> advance?  I guess it's not possible to do this at build time?
> Is postinst the best place for this, or is there a better way?

>From reading policy section 10.2, it seems you can either dynamically
allocate the users and change all the permissions or get an assigned
range of uids in the range 60000-64999:

"    Globally allocated by the Debian project, but only created on
demand. The ids are allocated centrally and statically, but the actual
accounts are only created on users' systems on demand.

These ids are for packages which are obscure or which require many
statically-allocated ids. These packages should check for and create the
accounts in /etc/passwd or /etc/group (using adduser if it has this
facility) if necessary. Packages which are likely to require further
allocations should have a `hole' left after them in the allocation, to
give them room to grow. "

| Mark Howard               cam.ac.uk   mh344@ |
| http://www.tildemh.com    tildemh.com    mh@ |

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: