RE: Bug#134658: ITP: lsb -- Linux Standard Base 1.1 core support package
>From: "David D.W. Downey" <david-downey@codecastle.com>
>WHY does the LSB even _define_ numeric UID settings? For every distrib I've
>used, Slackware, SuSe, Mandrake, Red Hat, Debian, Peanut, Stampede, and
>others, any system user (meaning system related such as bin, adm, wheel, ect
>ect) were always extrememly low UID numbers. This in turn signifies to the
>system, as stated in the POSIX standard (don't shoot me if I'm wrong, been a
>LONG time since I've read it), are reserved specificly for system related
>accounts. These accounts have the required access privileges set up before
>any distrib is relased, regardless of maker. So, if X for instances, needs
>access to the video hardware (using sys or some other system defined
>account) all one needs to do is set the permissions to that user.
Let me do a second try...
If you believe that there is no need to garantee people to NFS mount /usr
or anything that comes SUID/SGID to one of the system accounts, you don't need
to specify numeric id's for anything than root.
However, not specifying the numeric ID for "nobody" will introduce a big
potential security problem when old (outdated) program implementations like gnutar
or pax try to unpack TAR archives that conform to POSIX-2001 and hold users with
numeric IDs > 2097151 whily unpacking based on numeric IDs (e.g. because
the the passwd file is missing the right entries).
Jörg
EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
js@cs.tu-berlin.de (uni) If you don't have iso-8859-1
schilling@fokus.gmd.de (work) chars I am J"org Schilling
URL: http://www.fokus.gmd.de/usr/schilling ftp://ftp.fokus.gmd.de/pub/unix
Reply to: