From owner-freebsd-ports  Thu Oct 18 13:12:14 2001
Delivered-To: freebsd-ports@freebsd.org
Received: from smtp.noos.fr (racine.noos.net [212.198.2.71])
	by hub.freebsd.org (Postfix) with ESMTP id 317E337B408
	for <ports@FreeBSD.ORG>; Thu, 18 Oct 2001 13:12:05 -0700 (PDT)
Received: (qmail 7438293 invoked by uid 0); 18 Oct 2001 20:07:22 -0000
Received: from unknown (HELO gits.dyndns.org) ([212.198.231.187]) (envelope-sender <root@gits.dyndns.org>)
          by 212.198.2.71 (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP
          for <arch@FreeBSD.ORG>; 18 Oct 2001 20:07:22 -0000
Received: (from root@localhost)
	by gits.dyndns.org (8.11.6/8.11.6) id f9IK7Jl05225;
	Thu, 18 Oct 2001 22:07:19 +0200 (CEST)
	(envelope-from root)
Message-Id: <200110182007.f9IK7Jl05225@gits.dyndns.org>
Subject: Re: nobody war (was Re: HEADS UP: Apache port change from nobody:nogroup
 to www:www planned)
In-Reply-To: <20011018162214.A65563@exxodus.fedaykin.here>
To: Mario Sergio Fujikawa Ferreira <lioux@uol.com.br>
Date: Thu, 18 Oct 2001 22:07:18 +0200 (CEST)
Cc: Dag-Erling Smorgrav <des@ofug.org>,
	Sheldon Hearn <sheldonh@starjuice.net>,
	"Andrey A. Chernov" <ache@nagual.pp.ru>, ports@FreeBSD.ORG,
	arch@FreeBSD.ORG
Reply-To: clefevre@citeweb.net
From: Cyrille Lefevre <clefevre@citeweb.net>
Organization: ACME
X-Face: 
X-Mailer: ELM [version 2.4ME+ PL94c (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org

Mario Sergio Fujikawa Ferreira wrote:
> On Thu, Oct 18, 2001 at 07:54:30PM +0200, Dag-Erling Smorgrav wrote:
> > Cyrille Lefevre <clefevre@citeweb.net> writes:
> > > how about setiathome, dnetc and junkbuster which also run as nobody.
> > > setiathome and dnetc own files respectively in /var/db/setiathome and
> > > /usr/local/distributed.net.
> > > 
> > > I'm not running it, but squid is probably running as nobody as well since
> > > /usr/local/squid/{logs,cache} are owned by nobody.
> > 
> > I am not responsible for other people's broken software.
> 
> 	I run squid as squid:squid and http as www:www with no
> problems. I don't understand what's the point of this discussion.
> Since we stablished that running as nobody is not a good thing,
> we should be discussing what to replace it with.
> 	I vote to creating uid:gid for all appropriate services:

I'm all w/ you. how about uid:gid numbering ?

> mail or smtp

which packages use these user names ?

> www

 no comment.

> squid

does it require static uid:gid numbers or follow the postfix dynamic
rule ?

/usr/ports/mail/postfix/pkg-install seem to be a good starting
point to create uid:gid dynamically and is BATCH (aka PACKAGE_BUILDING)
compliant. /usr/ports/mail/qmail/pkg-install is a little bit
complicated but seems to be also BATCH compliant.

could we stated that all packages using user nobody should be
switched to package name uid:gid (such as setiathome -> seti,
dnetc -> dnetc, etc.) and use some sort of script ?

Cyrille.
-- 
Cyrille Lefevre                 mailto:clefevre@citeweb.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message