Re: nouser/nogroup clarification
On Wed, 22 Jul 1998, Jean Pierre LeJacq wrote:
> On Mon, 20 Jul 1998, Philip Hands wrote:
>
> > Lars Wirzenius <liw@iki.fi> wrote:
> > > Philip Hands:
> > > > Is nogroup guaranteed never to own any files ?
> > >
> > > The Policy manual does not guarantee it, but it's the only reason for
> > > the group (and the corresponding user) to exist in the first place.
> > > Actually, the Policy manual doesn't even mention nogroup.
> > >
> > > A change to the policy manual might be good to document this, so perhaps
> > > those who are on debian-policy could suggest something along the following
> > > lines:
> > >
> > > 3.2 Users and groups
> > >
> > > ...
> > >
> > > 65534:
> > > User `nobody' or group `nogroup'. No files should be
> > > owned by this user or group.
> >
> > This seems reasonable.
>
> I'm not sure if I agree. I maintain the http server, wn, for
> debian. At startup, it switches to user nobody. If this policy
> is adopted, it could not write to its log file.
>
> I could modify the source code so it switches to another user,
> maybe www-data or a new user just for wn. This may result in a
> proliferation of new users.
>
> The other option is to force use of syslog.
The correct option is undoubtedly eithe www-data or wn. To know which,
I'd need to study the package. My guess is www-data. There is no point
having a 'nobody user' if it is not used as 'nobody'.
An example of the correct use of nobody is the 'all-squash' option of nfs
(although I have a funny feeling that this may not in fact use it).
Jules
/----------------+-------------------------------+---------------------\
| Jelibean aka | jules@jellybean.co.uk | 6 Evelyn Rd |
| Jules aka | jules@debian.org | Richmond, Surrey |
| Julian Bean | jmlb2@hermes.cam.ac.uk | TW9 2TF *UK* |
+----------------+-------------------------------+---------------------+
| War doesn't demonstrate who's right... just who's left. |
| When privacy is outlawed... only the outlaws have privacy. |
\----------------------------------------------------------------------/
--
To UNSUBSCRIBE, email to debian-policy-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: