[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Bug#134658: ITP: lsb -- Linux Standard Base 1.1 core support package

>From: "David D.W. Downey" <david-downey@codecastle.com>

>WHY does the LSB even _define_ numeric UID settings? For every distrib I've
>used, Slackware, SuSe, Mandrake, Red Hat, Debian, Peanut, Stampede, and
>others, any system user (meaning system related such as bin, adm, wheel, ect
>ect) were always extrememly low UID numbers. This in turn signifies to the
>system, as stated in the POSIX standard (don't shoot me if I'm wrong, been a
>LONG time since I've read it), are reserved specificly for system related
>accounts. These accounts have the required access privileges set up before
>any distrib is relased, regardless of maker. So, if X for instances, needs
>access to the video hardware (using sys or some other system defined
>account) all one needs to do is set the permissions to that user.

Let me do a second try...

If you believe that there is no need to garantee people to NFS mount /usr
or anything that comes SUID/SGID to one of the system accounts, you don't need 
to specify numeric id's for anything than root.

However, not specifying the numeric ID for "nobody" will introduce a big 
potential security problem when old (outdated) program implementations like gnutar 
or pax try to unpack TAR archives that conform to POSIX-2001 and hold users with
numeric IDs > 2097151 whily unpacking based on numeric IDs (e.g. because
the the passwd file is missing the right entries).


 EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
       js@cs.tu-berlin.de		(uni)  If you don't have iso-8859-1
       schilling@fokus.gmd.de		(work) chars I am J"org Schilling
 URL:  http://www.fokus.gmd.de/usr/schilling   ftp://ftp.fokus.gmd.de/pub/unix

Reply to: