Re: Using the user nobody in my package

To: Thomas Goirand <thomas@goirand.fr>
Cc: debian-mentors@lists.debian.org
Subject: Re: Using the user nobody in my package
From: martin f krafft <madduck@debian.org>
Date: Wed, 15 Nov 2006 23:57:25 +0100
Message-id: <[🔎] 20061115225725.GA30870@piper.oerlikon.madduck.net>
Mail-followup-to: Thomas Goirand <thomas@goirand.fr>, debian-mentors@lists.debian.org
In-reply-to: <[🔎] 455B975A.3090809@goirand.fr>
References: <[🔎] 455B975A.3090809@goirand.fr>

also sprach Thomas Goirand <thomas@goirand.fr> [2006.11.15.2340 +0100]:
> For that system, we run in only one single UID/GID in the system: we use
> nobody:nogroup for all the hosted files. That includes: ftp access, mail
> system (delivered in user mailbox as nobody), and web. The control panel
> does the change of the User and Group directive in Apache so it doesn't
> use www-data anymore.

Why nobody? Why don't you create your own user? Other daemons run as
nobody and can hence access and manipulate files, potentially.

> Daniel suggested that there was the possibility of setting-up
> a specific user "dtc" that I could setup on my postinst script.
> But this leads to MANY problems that I will explain here. First,
> there is no way to guarantee that the UID will be always the same,
> and that's the main problem.

Why do you care about the UID? I agree with Daniel, make a user dtc.

> If you have many servers using the control panel like we do (we
> run more than 100 servers using it ATM in production), and need to
> move files from one server to another, then the UID wont be the
> same. It would be really anoying to do chown all the time.

rsync and others usually copy files by user name, not UID. For
instance, you have to pass --numeric-ids to rsync to make it *not*
do that.

> With other operating systems running the same control panel, the 1/
> might be even worth.

Don't ever assume you know the UID.

> Most daemons we use are running by default using nobody:nogroup,
> so it might be quite complicate to have it use another UID.

Well, you'll have to. Sorry.

I suggest you make it configurable this time by using a variable or
#define setting. :_)

Thanks for your work regardless; looks cool.

-- 
Please do not send copies of list mail to me; I read the list!
 
 .''`.   martin f. krafft <madduck@debian.org>
: :'  :  proud Debian developer, author, administrator, and user
`. `'`   http://people.debian.org/~madduck - http://debiansystem.info
  `-  Debian - when you have better things to do than fixing systems
 
NP: Dream theater / Metropolis Pt 2: Scenes from a memory

Attachment: signature.asc
Description: Digital signature (GPG/PGP)

Reply to:

References:
- Using the user nobody in my package
  - From: Thomas Goirand <thomas@goirand.fr>

Prev by Date: Using the user nobody in my package
Next by Date: Re: Using the user nobody in my package
Previous by thread: Using the user nobody in my package
Next by thread: Re: Using the user nobody in my package
Index(es):
- Date
- Thread