On 05/09/14 16:03, Ian Jackson wrote:
> Simon McVittie writes ("Re: daemon user naming scheme"):
>> It is reasonable to use /var/lib/foo (or /run/foo or /var/cache/foo or
>> /var/games/foo) as the home directory of a system user whose name is
>> _foo, debian-foo, Debian-foo or whatever.
>
> You need to be careful that the directory chosen never has undesirable
> permissions, since there are many ways that access can be granted to a
> user foo by putting things in ~foo.
Yes, a good point which I should have mentioned. Please read as "it is
reasonable to use ... as long as that directory's permissions only allow
that user to write there".
> For example, /var/games/foo seems like a bad idea since it will
> probably be g+w games.
Hmm, not on my system - /var/games is 0755 root:root, and the
openarena-server and quake{,2,3}-server subdirectories created by my
Quake-based game packages are 0755 some-daemon-user:games.
I agree that if the foo subdirectory in games was used for a system-wide
shared high-score table or something (g+w games, with the game setgid
games so it can write there), then that would make it unsuitable. On the
other hand, using setgid for shared high-score tables on a multi-user
system has always seemed to me like using a sledgehammer (or possibly a
railgun) to crack a nut :-)
S
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5409d2d4.4070...@debian.org
