Re: nouser/nogroup clarification

To: Jean Pierre LeJacq <jplejacq@quoininc.com>
Cc: debian-policy@lists.debian.org
Subject: Re: nouser/nogroup clarification
From: Jules Bean <jmlb2@hermes.cam.ac.uk>
Date: Thu, 23 Jul 1998 01:00:04 +0100 (BST)
Message-id: <[🔎] Pine.SOL.3.95q.980723005740.4447A-100000@red.csi.cam.ac.uk>
In-reply-to: <[🔎] m0yz47o-000b9HC@mail.quoininc.com>

On Wed, 22 Jul 1998, Jean Pierre LeJacq wrote:

> On Mon, 20 Jul 1998, Philip Hands wrote:
> 
> > Lars Wirzenius <liw@iki.fi> wrote:
> > > Philip Hands:
> > > > Is nogroup guaranteed never to own any files ?
> > > 
> > > The Policy manual does not guarantee it, but it's the only reason for
> > > the group (and the corresponding user) to exist in the first place.
> > > Actually, the Policy manual doesn't even mention nogroup.
> > > 
> > > A change to the policy manual might be good to document this, so perhaps
> > > those who are on debian-policy could suggest something along the following
> > > lines:
> > > 
> > > 	3.2 Users and groups 
> > > 	
> > > 	...
> > > 	
> > > 	65534:
> > > 	      User `nobody' or group `nogroup'. No files should be
> > > 	      owned by this user or group.
> > 
> > This seems reasonable.
> 
> I'm not sure if I agree.  I maintain the http server, wn, for
> debian.  At startup, it switches to user nobody.  If this policy
> is adopted, it could not write to its log file.
> 
> I could modify the source code so it switches to another user,
> maybe www-data or a new user just for wn.  This may result in a
> proliferation of new users.
> 
> The other option is to force use of syslog.

The correct option is undoubtedly eithe www-data or wn.  To know which,
I'd need to study the package.  My guess is www-data. There is no point
having a 'nobody user' if it is not used as 'nobody'.

An example of the correct use of nobody is the 'all-squash' option of nfs
(although I have a funny feeling that this may not in fact use it).

Jules

/----------------+-------------------------------+---------------------\
|  Jelibean aka  | jules@jellybean.co.uk         |  6 Evelyn Rd	       |
|  Jules aka     | jules@debian.org              |  Richmond, Surrey   |
|  Julian Bean   | jmlb2@hermes.cam.ac.uk        |  TW9 2TF *UK*       |
+----------------+-------------------------------+---------------------+
|  War doesn't demonstrate who's right... just who's left.             |
|  When privacy is outlawed... only the outlaws have privacy.          |
\----------------------------------------------------------------------/


--  
To UNSUBSCRIBE, email to debian-policy-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: nouser/nogroup clarification
  - From: Jean Pierre LeJacq <jplejacq@quoininc.com>

Prev by Date: Re: nouser/nogroup clarification
Next by Date: Re: nouser/nogroup clarification
Previous by thread: Re: nouser/nogroup clarification
Next by thread: Re: nouser/nogroup clarification
Index(es):
- Date
- Thread