> For that system, we run in only one single UID/GID in the system: we use > nobody:nogroup for all the hosted files. That includes: ftp access, mail > system (delivered in user mailbox as nobody), and web. The control panel > does the change of the User and Group directive in Apache so it doesn't > use www-data anymore.
Editing other package's configuration files is proscribed by Policy, however such is the entire point of control-panel-like software, so I guess this isn't such a big issue. > Daniel suggested that there was the possibility of setting-up a specific > user "dtc" that I could setup on my postinst script. But this leads to > MANY problems that I will explain here. First, there is no way to > guarantee that the UID will be always the same, and that's the main > problem. As others have said, most tools will transfer file ownership information by recording the user name, not the UID; however if this is not good enough (you want to use NFS, for example), Policy section 9.2.2 says that UIDs in the range 60000-64999 are "Globally allocated by the Debian project, but only created on demand. The ids are allocated centrally and statically, but the actual accounts are only created on users' systems on demand". More at <http://www.debian.org/doc/debian-policy/ch-opersys.html#s9.2.2>. Of course, I guess you'd have to persuade whoever maintains the allocation list that you really do need a static UID assignment. :) -- Sam Morris http://robots.org.uk/ PGP key id 1024D/5EA01078 3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
