[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Using the user nobody in my package

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I am working with Daniel Baumann so my package can be uploaded to
Debian. He has helped me really a lot, and I want to thanks him so much
in here, publicly, for doing so. With him, I now understand a lot more
about how debian packaging, and I did more progress than I could do in
few years. But that's not the topic of this message.

Me and some contributors have written DTC, a web control panel written
in open source, designed from scratch since about 4 to 5 years now. Our
goal is clearly to make very expensive commercial solutions like cPanel,
Plesk and so on something of the past. See the project page here:

http://www.gplhost.com/software-dtc.html

For that system, we run in only one single UID/GID in the system: we use
nobody:nogroup for all the hosted files. That includes: ftp access, mail
system (delivered in user mailbox as nobody), and web. The control panel
does the change of the User and Group directive in Apache so it doesn't
use www-data anymore.

The problem is that this breaks the policy in Debian, and that Daniel
told me that this could not be acceptable for being uploaded to Unstable
(it would be refused by FTP master). Daniel thought that I should ask in
here what other think about it.

Daniel suggested that there was the possibility of setting-up a specific
user "dtc" that I could setup on my postinst script. But this leads to
MANY problems that I will explain here. First, there is no way to
guarantee that the UID will be always the same, and that's the main problem.

1/ Portability between servers
If you have many servers using the control panel like we do (we run more
than 100 servers using it ATM in production), and need to move files
from one server to another, then the UID wont be the same. It would be
really anoying to do chown all the time.

2/ Portability between systems
With other operating systems running the same control panel, the 1/
might be even worth.

3/ Changing the defaults for all daemons
Most daemons we use are running by default using nobody:nogroup, so it
might be quite complicate to have it use another UID.

4/ All daemons have to use the same single UID/GID
In our system, all hosted files are in /var/www/sites, using a single
UID/GID. Meaning that with FTP, you can upload files for your web site,
but as well see the messages for the mail. Also, generated files for all
the daemons will be done under the UID/GID of Apache, so it can be
generated by clicking on a button on the interface.

Please post your thoughts here, so we can have a valuable chat on what
to do.

Thomas

P.S: I'd love to have our panel upload for the next release of Etch, but
more and more, it seems too late...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFW5dYl4M9yZjvmkkRAqYAAJ974DrO3NGOI7LzAhJKRgIt1ZsQUwCggxxa
znH9bSnHZOPDtdhaymAxbAY=
=5Sas
-----END PGP SIGNATURE-----
Reply to: