Control: Severity -1 wishlist
On Sun, Sep 02, 2007 at 05:27:29PM +0200, Joerg Hoh wrote:
> On Sun, Jun 24, 2007 at 11:56:31AM +0200, Joerg Hoh wrote:
> >
> > In my opinion any package who wants to use an unprivileged user ("nouser")
> > or
> > group ("nogroup") should create a separate user for that usage (see the
> > www-data user for httpd). In any other way there maybe conflicts/security
> > implications when 2 processes are there with with privileges dropped and
> > now
> > using "nouser:nogroup".
>
> I'll tag it as wontfix.
I think that in absence of advice from Policy, base-passwd sets the way
to go for this. And this is
(/usr/share/doc/base-passwd/users-and-groups.txt.gz):
nobody, nogroup
Daemons that need not own any files sometimes run as
user nobody and group nogroup, although using a
dedicated user is far preferable. Thus, no files on a
system should be owned by this user or group.
Since adduser is not in the situation to tell a package maintainer what
to do, nogroup is still the valid default that saves GID resources
instead of changing the default to "usergroups" for system users. This
was "discussed" on debian-devel in July 2022,
https://lists.debian.org/debian-devel/2022/07/msg00027.html, with not
much interest from the developer community. I'd take that as consent of
the project that the current default is fine and that we should not
change it just for the sake of changing it.
I'm open to more and new arguments and I would also accept advice from
the Technical Committee in this matter, but for the time being this is
going to stay at wontfix.
Greetings
Marc
