In article <[EMAIL PROTECTED]> you write: >Things like qmail and postfix should not really be sharing queues over NFS = >and >hence do not need static IDs (am I right?).
Its not the queues or the data files I am worried about. Someone else said that this was an issue, but I remain unconvinced. /var isn't meant to be shared. Similarly, if /home is shared, then this is the system administrator's responsibility. It is the SUID and SGID programs I am worried about. Suppose on machine A has postdrop has the GID=103 (for instance.) postfix is installed on this computer, so you get: [507] [snoopy:bam] ~ >ls -n -l /usr/sbin/postdrop -r-xr-sr-x 1 102 103 48244 Jul 1 13:45 /usr/sbin/postdrop* [508] [snoopy:bam] ~ >ls -l /usr/sbin/postdrop -r-xr-sr-x 1 postfix postdrop 48244 Jul 1 13:45 /usr/sbin/postdrop* However, when you installed postfix, you forgot about NFS. When somebody else does ls on a remote computer, they could get, for instance [508] [snoopy:bam] ~ >ls -l /usr/sbin/postdrop -r-xr-sr-x 1 www-data www-data 48244 Jul 1 13:45 /usr/sbin/postdrop* Because, when installing this program www-data:www-data just happened to have the same IDs is postfix. Which, IMHO, is not good. Even if postdrop is never going to be used on this remote computer, the SetGID www-data still remains. Not to mention the postfix queue may not have been configured on the remote computer, which *could* trigger security bugs (general case - not specific to postfix)... Another point: It is not a good idea to log in the computer as www-data to modify web files. You should use the group instead. However, if you *did* log in as www-data, *and* /usr was mounted read-write you could modify /usr/sbin/postdrop as much as you like! Not to mention security holes inside CGI-scripts, etc. This is an important issue as the filesystem standards say /usr should be shared, and while this is currently clumsy to do, I think we need to keep these issues in mind. Thinking aloud here: Perhaps the real problem though, is that scripts have to use adduser and addgroup to add new users and groups, but these only operate on local versions of the /etc/passwd and /etc/shadow files, and AFAIK don't support distributed systems like NIS or LDAP. Are NIS and/or LDAP available in time for boot? ie could you boot a computer with passwd and group containing entries for root (and nothing else) and have everything else use NIS and/or LDAP? -- Brian May <[EMAIL PROTECTED]>
