On Sat, Mar 10, 2007 at 12:19:08PM +0100, Enrico Scholz wrote: > Axel Thimm <Axel.Thimm@xxxxxxxxxx> writes: > > >> > Indeed, most of the packages we're talking about (if not all) don't > >> > need a fixed uid/gid at all. > >> > >> When a package/daemon writes files and/or reads files which are protected > >> by file permissions, it is a good candidate for fixed uids. > > > > Don't userdel the user. > > ??? When I install a package on machine A and machine B, I do not use > 'userdel' overall. "a package/daemon writes files and/or reads files which are protected by file permissions" does not do so by default from machine A to machine B, right? > > Check out httpd, a prominent package which can have sensitive data > > underneath its user. > > 'httpd' has the comfort to have a really fixed uid < 100... Even if not, it would not relocate the uid because it simply does not delete the user when uninstalling. See nx or torrent for similar examples with non-fixed uid. We *do* have methods for dealing with both fixed and non-fixed uids. -- Axel.Thimm at ATrpms.net
Attachment:
pgpFNLiXmbirM.pgp
Description: PGP signature
-- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers
-- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
