From owner-freebsd-ports Thu Oct 18 17:13:47 2001 Delivered-To: freebsd-ports@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40]) by hub.freebsd.org (Postfix) with ESMTP id 2F50237B401; Thu, 18 Oct 2001 17:13:43 -0700 (PDT) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.11.3/8.11.3) with ESMTP id f9J0DeV124302; Thu, 18 Oct 2001 20:13:40 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <20011018131556.D54066@rand.tgd.net> References: <20011017155854.A43168@nagual.pp.ru> <26334.1003400552@axl.seasidesoftware.co.za> <20011018214551.A23964@ns2.freenix.org> <20011018131556.D54066@rand.tgd.net> Date: Thu, 18 Oct 2001 20:13:36 -0400 To: Sean Chittenden From: Garance A Drosihn Subject: Re: UID proposal for ports (apache, postfix, squid, postgres)... Cc: ports@FreeBSD.org, arch@FreeBSD.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I don't wish to be annoying here, but this is a topic for -arch (and probably -ports), and not -developer. I have thus copied the full message, and referenced -arch instead of -developer. At 1:15 PM -0700 10/18/01, Sean Chittenden wrote: > > > Hold on a second. What files does Apache _write_ as user nobody? >> >> Log files for instance. > >Log files are written as root. > >I think the real issue is whether or not the Apache port should create >the www uid, or whether or not the UID should be included in the base >system. For the sake of consistency across installations, I really like >the idea of having the UID in the base system (along with postfix, >squid, cvsup, cvsupin, etc). For installations with lots of machines, >this'd be a dream come true. For smaller installations, however, I >don't think they'd care or notice. My personal preference is to have >everything in the base system and then let applications use the >standardized UIDs. While it's nice that a port can create a UID, I like >keeping UIDs aligned across multiple servers. > > > >How about this (best of both worlds): > >The port (Apache, postfix, squid, etc) creates their necessary UID/GIDs >using reserved ID numbers that are hard coded (ex: apache == www == 80). >The advantage to a system like this would be that there wouldn't be >excessive or unneeded UIDs on a system, but when it comes to installing >a service on many machines, it has a standardized UID that's consistent >across the various servers. The accountancy for keeping track of the >reserved UIDs would be a simple services-esque flat file kept in CVS >that would associate UIDs with usernames and in the comments field, the >application. Comments/suggestions? > > -sc > >-- >Sean Chittenden To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message