Re: nogroup and nobody

To: Darren Williams <dsw@gelato.unsw.edu.au>, debian-policy@lists.debian.org
Subject: Re: nogroup and nobody
From: David Weinehall <tao@debian.org>
Date: Wed, 14 Jul 2004 14:04:01 +0200
Message-id: <[🔎] 20040714120401.GA22472@khan.acc.umu.se>
Mail-followup-to: Darren Williams <dsw@gelato.unsw.edu.au>, debian-policy@lists.debian.org
In-reply-to: <[🔎] 20040714110045.GC22077@riva.ucam.org>
References: <[🔎] 20040714044821.GC31683@cse.unsw.EDU.AU> <[🔎] 20040714110045.GC22077@riva.ucam.org>

On Wed, Jul 14, 2004 at 12:00:45PM +0100, Colin Watson wrote:
> On Wed, Jul 14, 2004 at 02:48:21PM +1000, Darren Williams wrote:
> > This has been brought up before and appears that it is not major
> > concern for the Debian community.
> 
> Can you give me a reference? I don't recall ever seeing this in the
> several years I've been a member of Debian or in the year and a half
> I've been the Debian base-passwd maintainer.
> 
> > However, the current policy of nobody, nogroup subtly breaks Linux
> > Test Project if you are unaware of Debian's policy. LTP expects that
> > if user nobody exists then either a nobody group exists or it will
> > create one if you desire. The problem becomes obvious when you run LTP
> > on a network filesystem using NIS and ltp has created the group nobody
> > under the NIS flag in /etc/group. This new group is never recognised
> > and the hosting server is requested to fulfil the request, if that
> > server is also a Debian system then it to will know nothing about the
> > group nobody, and subsequent tests that rely on the group produce an
> > incorrect result for the test. For details on LSB user groups see:
> > http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB.html#TOCUSERSGROUPS
> 
> This does seem to be a straightforward bug in either Debian policy (and
> base-passwd) or the LSB. Frankly I'm not sure how Debian could get there
> from here; it entirely depends on how much the name 'nogroup' is
> hardcoded in packages in our archive. I'd hope not very much, but I'm
> reluctant to agree with changing policy and base-passwd without knowing
> the impact. Has anyone audited this?
> 
> Similarly, is there a good reason for the LSB to mandate that name, or
> is it just overspecification in the same way that it used to mandate
> that the bin and daemon users should have uids 1 and 2 respectively? We
> got that specification removed because there was really no good reason
> for the LSB to specify it. The LSB says that the nobody group is for
> distributions, not applications, so it seems unlikely that it would
> matter if the alternative were offered.

At least AIX and Solaris both seem to have nobody in /etc/group, but not
/etc/nogroup.  Whether that's relevant or not, I cannot say...

BTW, group allows for several names to map to the same UID, so we could
add nobody to /etc/group and make sure it ends up before nogroup in the
file; that way we'd get backwards-compatibility as well as
LSB-compatibility.  And since nobody sorts before nogroup, grpck -s
shouldn't hurt either.  Whether there are applications that rely on an
1:1 mapping of gid:name, I cannot say.


Regards: David Weinehall
-- 
 /) David Weinehall <tao@acc.umu.se> /) Northern lights wander      (\
//  Maintainer of the v2.0 kernel   //  Dance across the winter sky //
\)  http://www.acc.umu.se/~tao/    (/   Full colour fire           (/

Reply to:

Follow-Ups:
- Re: nogroup and nobody
  - From: Darren Williams <dsw@gelato.unsw.edu.au>

References:
- nogroup and nobody
  - From: Darren Williams <dsw@gelato.unsw.edu.au>
- Re: nogroup and nobody
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Re: nogroup and nobody
Next by Date: Re: nogroup and nobody
Previous by thread: Re: nogroup and nobody
Next by thread: Re: nogroup and nobody
Index(es):
- Date
- Thread