also sprach Thomas Goirand <thomas@goirand.fr> [2006.11.15.2340 +0100]: > For that system, we run in only one single UID/GID in the system: we use > nobody:nogroup for all the hosted files. That includes: ftp access, mail > system (delivered in user mailbox as nobody), and web. The control panel > does the change of the User and Group directive in Apache so it doesn't > use www-data anymore. Why nobody? Why don't you create your own user? Other daemons run as nobody and can hence access and manipulate files, potentially. > Daniel suggested that there was the possibility of setting-up > a specific user "dtc" that I could setup on my postinst script. > But this leads to MANY problems that I will explain here. First, > there is no way to guarantee that the UID will be always the same, > and that's the main problem. Why do you care about the UID? I agree with Daniel, make a user dtc. > If you have many servers using the control panel like we do (we > run more than 100 servers using it ATM in production), and need to > move files from one server to another, then the UID wont be the > same. It would be really anoying to do chown all the time. rsync and others usually copy files by user name, not UID. For instance, you have to pass --numeric-ids to rsync to make it *not* do that. > With other operating systems running the same control panel, the 1/ > might be even worth. Don't ever assume you know the UID. > Most daemons we use are running by default using nobody:nogroup, > so it might be quite complicate to have it use another UID. Well, you'll have to. Sorry. I suggest you make it configurable this time by using a variable or #define setting. :_) Thanks for your work regardless; looks cool. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems NP: Dream theater / Metropolis Pt 2: Scenes from a memory
Attachment:
signature.asc
Description: Digital signature (GPG/PGP)