Fedora User Management (revisited)
Axel Thimm
Axel.Thimm at ATrpms.net
Sat Mar 10 11:27:15 UTC 2007
On Sat, Mar 10, 2007 at 12:19:08PM +0100, Enrico Scholz wrote:
> Axel Thimm <Axel.Thimm at ATrpms.net> writes:
>
> >> > Indeed, most of the packages we're talking about (if not all) don't
> >> > need a fixed uid/gid at all.
> >>
> >> When a package/daemon writes files and/or reads files which are protected
> >> by file permissions, it is a good candidate for fixed uids.
> >
> > Don't userdel the user.
>
> ??? When I install a package on machine A and machine B, I do not use
> 'userdel' overall.
"a package/daemon writes files and/or reads files which are protected
by file permissions" does not do so by default from machine A to
machine B, right?
> > Check out httpd, a prominent package which can have sensitive data
> > underneath its user.
>
> 'httpd' has the comfort to have a really fixed uid < 100...
Even if not, it would not relocate the uid because it simply does not
delete the user when uninstalling. See nx or torrent for similar
examples with non-fixed uid.
We *do* have methods for dealing with both fixed and non-fixed uids.
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-maintainers/attachments/20070310/8fc54c5e/attachment.sig>
More information about the Fedora-maintainers
mailing list