Re: exploring debian's users and groups

To: <debian-devel@lists.debian.org>
Cc: <debian-doc@lists.debian.org>, <debian-user@lists.debian.org>, <base-passwd@packages.debian.org>
Subject: Re: exploring debian's users and groups
From: Adam Heath <doogie@debian.org>
Date: Tue, 7 Aug 2001 08:12:37 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.4.33.0108070807460.1515-100000@localhost>
In-reply-to: <[🔎] 20010807013548.A17529@kitenet.net>

On Tue, 7 Aug 2001, Joey Hess wrote:

> Debian has always lacked an explanation of what the various users and
> groups are for. Such a document is useful for sysadmins who must
> determine the correct way to use various users and groups. It's useful
> for developers as well, and it might help us find unused users and
> groups, or find unstated requirements about use of users and groups that
> could be put in policy.
>
> So here's a start. There are a lot of unanswered questions; can you help me
> answer some of them?
>
> ------------------------------------------------------------------------------
>
> uucp:
>
> 	HELP: Presumably used for UUCP, which I know nothing of.

This is kinda like group mail.  People can be added to group uucp, then be
able to call the uucp binaries, to interact with the uucp subsystem.

uucp also has the ability to copy files(and run programs) between machines,
and I think having it as a separate user gives a little more security.

> 	HELP: Why is minicom owned by group uucp? Is this a bug?

I would think so.

> majordom:
>
> 	Majordomo has a statically allocated uid on Debian systems for
> 	historical reasons.
>
> 	HELP: Do we still even ship that buggy old POS? And can someone
> 	       remember what the hysterical raisins were?

majordomo is non-free.  IMHO *NO* static user ids should be given to non-free
'POS'.

> postgres:
>
> 	HELP: Presumably used by the postgresql database?

Security, to keep people from reading the database files.

>
> www-data:
>
> 	HELP: Er, I should know this, but this box doesn't run apache and
> 	      I'm offline.

No webfiles should be owned by www-data, as that is what httpd daemons run as.
However, some cgi scripts(and the daemons themselves) need to write temp
files, so they are given a separate user.

> dialout:
>
> 	HELP: Is this used for /dev/cua devices or something?

cua devices are not used anymore.

> audio:
>
> 	This group can be used locally to give a set of users access to an
> 	audio device.
> ...
> video:
>
>         This group can be used locally to give a set of users access to an
> 	video device.

It has been discussed in the past, that audio is a poor name for this.  We now
have video, audio, mixer, joystick, cdrom, dvd(others).  All are multi-media
devices.

Reply to:

Follow-Ups:
- Re: exploring debian's users and groups
  - From: Marco d'Itri <md@Linux.IT>

References:
- exploring debian's users and groups
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: GNU Tools and KDE under solaris
Next by Date: Re: FW: Careful. This is for information only.
Previous by thread: Re: exploring debian's users and groups
Next by thread: Re: exploring debian's users and groups
Index(es):
- Date
- Thread