[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using the user nobody in my package

> For that system, we run in only one single UID/GID in the system: we use
> nobody:nogroup for all the hosted files. That includes: ftp access, mail
> system (delivered in user mailbox as nobody), and web. The control panel
> does the change of the User and Group directive in Apache so it doesn't
> use www-data anymore.

Editing other package's configuration files is proscribed by Policy,
however such is the entire point of control-panel-like software, so I
guess this isn't such a big issue.

> Daniel suggested that there was the possibility of setting-up a specific
> user "dtc" that I could setup on my postinst script. But this leads to
> MANY problems that I will explain here. First, there is no way to
> guarantee that the UID will be always the same, and that's the main
> problem.

As others have said, most tools will transfer file ownership information
by recording the user name, not the UID; however if this is not good
enough (you want to use NFS, for example), Policy section 9.2.2 says that
UIDs in the range 60000-64999 are "Globally allocated by the Debian
project, but only created on demand. The ids are allocated centrally and
statically, but the actual accounts are only created on users' systems on

More at <http://www.debian.org/doc/debian-policy/ch-opersys.html#s9.2.2>.
Of course, I guess you'd have to persuade whoever maintains the allocation
list that you really do need a static UID assignment. :)

Sam Morris

PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078

Reply to: