On Thu, 2006-11-16 at 06:40 +0800, Thomas Goirand wrote: > Please post your thoughts here, so we can have a valuable chat on what > to do. There is a way to get static UID assignments. I'm not sure if that's the best solution here, or how easily they're granted, but I do know it's covered in the policy. I wrote a web configuration system for web hosting at my employer. I use named groups. How often do you really move sites? In that case, you could just do the move with something that'll preserve ownership by name rather than UID/GID. Also, for us, we end up creating our servers the same way, so the UIDs end up matching anyway. It seems to me like you should use whatever account is most appropriate for each task, rather than trying to pick one UID/GID for everything. For your daemon, that might be a particular user, such as dtc. For apache, leave its default alone. I don't think it's good form to be changing Apache's users. (I'd imagine that'd require modifying apache's conffiles anyway, which would be against policy.) For other daemons, do whatever is necessary... I'm not sure how much this helps. I'd be glad to discuss the users that we use in our package, if that helps. Richard
Attachment:
signature.asc
Description: This is a digitally signed message part