Axel Thimm <Axel.Thimm@xxxxxxxxxx> writes: >> >> When a package/daemon writes files and/or reads files which are protected >> >> by file permissions, it is a good candidate for fixed uids. >> > >> > Don't userdel the user. >> >> ??? When I install a package on machine A and machine B, I do not use >> 'userdel' overall. > > "a package/daemon writes files and/or reads files which are protected > by file permissions" does not do so by default from machine A to > machine B, right? Perhaps not "by default"; but this package might be used in a setup which shares network resources betwen A and B. >> > Check out httpd, a prominent package which can have sensitive data >> > underneath its user. >> >> 'httpd' has the comfort to have a really fixed uid < 100... > > Even if not, it would not relocate the uid because it simply does not > delete the user when uninstalling. I do not see why you want to delete the user resp. why you are speaking about this. Problem happens when 'httpd' has uid 100 on A, uid 101 on B and both are using a common, NFS-shared /srv/www. Or, when /srv/www is on the local machine, contains an huge amount of data, and the system must be reinstalled for some reason. 'fedora-usermgmt' solves this problem by allowing the adminstrator to use a fixed window for daemon uids. With this setup, 'httpd' will have same uid on machine A and B, and after the reinstallation. Enrico
Attachment:
pgpFaLp8s6nox.pgp
Description: PGP signature
-- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers
-- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
