From owner-freebsd-ports  Thu Oct 18 13:16: 4 2001
Delivered-To: freebsd-ports@freebsd.org
Received: from mail.tgd.net (rand.tgd.net [64.81.67.117])
	by hub.freebsd.org (Postfix) with SMTP id 7FC2D37B401
	for <ports@freebsd.org>; Thu, 18 Oct 2001 13:15:59 -0700 (PDT)
Received: (qmail 54861 invoked by uid 1001); 18 Oct 2001 20:15:56 -0000
Date: Thu, 18 Oct 2001 13:15:56 -0700
From: Sean Chittenden <sean@chittenden.org>
To: Ollivier Robert <roberto@ns2.freenix.org>
Cc: Sheldon Hearn <sheldonh@starjuice.net>,
	"Andrey A. Chernov" <ache@nagual.pp.ru>, ports@freebsd.org,
	developers@freebsd.org
Subject: UID proposal for ports (apache, postfix, squid, postgres)...
Message-ID: <20011018131556.D54066@rand.tgd.net>
References: <20011017155854.A43168@nagual.pp.ru> <26334.1003400552@axl.seasidesoftware.co.za> <20011018214551.A23964@ns2.freenix.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20011018214551.A23964@ns2.freenix.org>; from "roberto@ns2.freenix.org" on Thu, Oct 18, 2001 at = 09:45:52PM
X-PGP-Key: 0x1EDDFAAD
X-PGP-Fingerprint: C665 A17F 9A56 286C 5CFB 1DEA 9F4F 5CEF 1EDD FAAD
X-Web-Homepage: http://sean.chittenden.org/
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org

> > Hold on a second.  What files does Apache _write_ as user nobody?
> 
> Log files for instance.

Log files are written as root.

I think the real issue is whether or not the Apache port should create
the www uid, or whether or not the UID should be included in the base
system.  For the sake of consistency across installations, I really like
the idea of having the UID in the base system (along with postfix,
squid, cvsup, cvsupin, etc).  For installations with lots of machines,
this'd be a dream come true.  For smaller installations, however, I
don't think they'd care or notice.  My personal preference is to have 
everything in the base system and then let applications use the 
standardized UIDs.  While it's nice that a port can create a UID, I like 
keeping UIDs aligned across multiple servers.



How about this (best of both worlds):

The port (Apache, postfix, squid, etc) creates their necessary UID/GIDs
using reserved ID numbers that are hard coded (ex: apache == www == 80).  
The advantage to a system like this would be that there wouldn't be
excessive or unneeded UIDs on a system, but when it comes to installing
a service on many machines, it has a standardized UID that's consistent
across the various servers.  The accountancy for keeping track of the
reserved UIDs would be a simple services-esque flat file kept in CVS
that would associate UIDs with usernames and in the comments field, the
application.  Comments/suggestions?

	-sc

-- 
Sean Chittenden

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message