Re: nogroup and nobody

To: Colin Watson <cjwatson@debian.org>
Cc: debian-policy@lists.debian.org
Subject: Re: nogroup and nobody
From: Darren Williams <dsw@gelato.unsw.edu.au>
Date: Thu, 15 Jul 2004 08:28:56 +1000
Message-id: <[🔎] 20040714222856.GA3189@cse.unsw.EDU.AU>
In-reply-to: <[🔎] 20040714110045.GC22077@riva.ucam.org>
References: <[🔎] 20040714044821.GC31683@cse.unsw.EDU.AU> <[🔎] 20040714110045.GC22077@riva.ucam.org>

Hi Colin

On Wed, 14 Jul 2004, Colin Watson wrote:

> On Wed, Jul 14, 2004 at 02:48:21PM +1000, Darren Williams wrote:
> > This has been brought up before and appears that it is not major
> > concern for the Debian community.
> 
> Can you give me a reference? I don't recall ever seeing this in the
> several years I've been a member of Debian or in the year and a half
> I've been the Debian base-passwd maintainer.
> 
http://lists.debian.org/debian-devel/2001/07/msg01296.html

This ia the start of the thread, and as you can see it is on the
developers list so you may have missed it.


> > However, the current policy of nobody, nogroup subtly breaks Linux
> > Test Project if you are unaware of Debian's policy. LTP expects that
> > if user nobody exists then either a nobody group exists or it will
> > create one if you desire. The problem becomes obvious when you run LTP
> > on a network filesystem using NIS and ltp has created the group nobody
> > under the NIS flag in /etc/group. This new group is never recognised
> > and the hosting server is requested to fulfil the request, if that
> > server is also a Debian system then it to will know nothing about the
> > group nobody, and subsequent tests that rely on the group produce an
> > incorrect result for the test. For details on LSB user groups see:
> > http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB.html#TOCUSERSGROUPS
> 
> This does seem to be a straightforward bug in either Debian policy (and
> base-passwd) or the LSB. Frankly I'm not sure how Debian could get there
> from here; it entirely depends on how much the name 'nogroup' is
> hardcoded in packages in our archive. I'd hope not very much, but I'm
> reluctant to agree with changing policy and base-passwd without knowing
> the impact. Has anyone audited this?
> 
> Similarly, is there a good reason for the LSB to mandate that name, or
> is it just overspecification in the same way that it used to mandate
> that the bin and daemon users should have uids 1 and 2 respectively? We
> got that specification removed because there was really no good reason
> for the LSB to specify it. The LSB says that the nobody group is for
> distributions, not applications, so it seems unlikely that it would
> matter if the alternative were offered.
> 

Overnight I though about the semantics of such naming and come up with
this reasoning.
If I am a 'nobody' ( which is debatable :) ) then I belong in the 'nobody'
group. So this means that I am a nobody and I also have a group.

Unlike if I am a 'nobody' (once again debatable) then I belong to the
'nogroup' group, which clearly does not correspond to the nobodies of
this world.

From the latest LSB I have this:
  "
   Rationale

   The purpose of specifying optional users and groups
   is to reduce the potential for name conflicts between
   applications and distributions.
  "
http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB.html#USERGRPRAT

Darren

> Cheers,
> 
> -- 
> Colin Watson                                  [cjwatson@flatline.org.uk]
--------------------------------------------------
Darren Williams <dsw AT gelato.unsw.edu.au>
Gelato@UNSW <www.gelato.unsw.edu.au>
--------------------------------------------------

Reply to:

References:
- nogroup and nobody
  - From: Darren Williams <dsw@gelato.unsw.edu.au>
- Re: nogroup and nobody
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Re: nogroup and nobody
Next by Date: Re: nogroup and nobody
Previous by thread: Re: nogroup and nobody
Next by thread: RE: Your bill
Index(es):
- Date
- Thread