On Wed, 22 Jul 1998, Jean Pierre LeJacq wrote: > On Mon, 20 Jul 1998, Philip Hands wrote: > > > Lars Wirzenius <[EMAIL PROTECTED]> wrote: > > > Philip Hands: > > > > Is nogroup guaranteed never to own any files ? > > > > > > The Policy manual does not guarantee it, but it's the only reason for > > > the group (and the corresponding user) to exist in the first place. > > > Actually, the Policy manual doesn't even mention nogroup. > > > > > > A change to the policy manual might be good to document this, so perhaps > > > those who are on debian-policy could suggest something along the following > > > lines: > > > > > > 3.2 Users and groups > > > > > > ... > > > > > > 65534: > > > User `nobody' or group `nogroup'. No files should be > > > owned by this user or group. > > > > This seems reasonable. > > I'm not sure if I agree. I maintain the http server, wn, for > debian. At startup, it switches to user nobody. If this policy > is adopted, it could not write to its log file. > > I could modify the source code so it switches to another user, > maybe www-data or a new user just for wn. This may result in a > proliferation of new users. > > The other option is to force use of syslog.
The correct option is undoubtedly eithe www-data or wn. To know which, I'd need to study the package. My guess is www-data. There is no point having a 'nobody user' if it is not used as 'nobody'. An example of the correct use of nobody is the 'all-squash' option of nfs (although I have a funny feeling that this may not in fact use it). Jules /----------------+-------------------------------+---------------------\ | Jelibean aka | [EMAIL PROTECTED] | 6 Evelyn Rd | | Jules aka | [EMAIL PROTECTED] | Richmond, Surrey | | Julian Bean | [EMAIL PROTECTED] | TW9 2TF *UK* | +----------------+-------------------------------+---------------------+ | War doesn't demonstrate who's right... just who's left. | | When privacy is outlawed... only the outlaws have privacy. | \----------------------------------------------------------------------/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
