On l�rdagen den 13 juli 2002 21.55 Stefan van der Eijk wrote: > Oden Eriksson wrote: > >On l�rdagen den 13 juli 2002 11.34 Stefan van der Eijk wrote: > >>Oden Eriksson wrote: > >>>On l�rdagen den 13 juli 2002 09.37 Stefan van der Eijk wrote: > >>>>When installing ypbind: > >>>> > >>>>warning: group rpcuser does not exist - using root > >>>> > >>>>I've seen more of these lately... (same goes for apache) > >>> > >>>If you ask me this is just plain stupid... The latest setup package > >>> lacks nearly all system (daemon/services) accounts. qmail, djbdns, > >>> apache, etc. I still haven't gotten an answer why this change. > >> > >>Nobody will complain about it because the file gets created as > >>.rpmnew... once you put the file in place, the party starts... > > > >That only if you upgrade right? > > With a new install (how else) it'll be different... > > I think I'm going to reinstall one system tonight... and see how that > one ends up. > > Anyway, another one: > > warning: user rpm does not exist - using root > warning: group rpm does not exist - using root > > >The thing is that if you manually migrate stuff later you need to do a lot > > of chown:ing. And copying/synching files between machines won't work as > > easily anymore because there's no more static uid/gid:s. > > most copy programs like rsync work with names and not uid:gid, right? > With removeable media it is different.
Yes sorry, I was thinking qmail, vpopmail and such which requires static uid/gid:s. If for some reason an account in etc passwd/group conflicts, _those_ needs to be moved (re-made) and chowned etc. I wonder what vdanen has to say about this... Me personally won't _ever_ use anything else but qmail, not a single security hole for what is it now, 4 years?, that fact speaks for itself... > >The only way to make a "server farm" with identical Mandrake machines from > > now on is to a.) use disk cloning, b.) use replay_install.img or c.) use > > your own setup rpm (your own distro...). > > Uh... not quite... Yes, in the scenario I described above. > Mostly only users will access media from different machine, the services > (webserver, etc) mostly don't (if they do, why?). When you store the > users passwd / group data in LDAP or NIS, then you shouldn't have > problems with NFS / removeable media. > > >This is a bad move Mandrake... > > I'm not sure... > > What I'm not happy about is that the rpm's that could use non-root > accounts don't make them when being installed (/ upgraded). This could > make it easier for systems to be hacked (why not walk in as root instead > of as apache?). Let's hope the rpm's involved will get updated to comply > with the change... That's one of the reasons to go back to the 8.2 way of handling it. The new way is like going back to the beginning of Mandrake (like in 5.x) where the accounts were created like this, eg. when installing apache. > What I'm wondering: if & where is this descision documented? Are > instructions / guidelines available on how this should work and on how > to update the packages? --> Would be nice for your apache2 package too, > right? I don't know how and why this happened. Yes I stole the adduser macro stuff from apache1, so it's allready fixed in apache2. But the rpm-helper; adduser script isn't enough, you can't make an account like this: groupadd -g 48 -r -f apache useradd -g apache -o -c 'Apache User' -u 48 \ -s /bin/false -r -d /var/www apache -- Regards // Oden Eriksson Looking for a scalable and error free (q)mail solution?, look no further, visit http://d-srv.com
