On 05/09/14 16:03, Ian Jackson wrote: > Simon McVittie writes ("Re: daemon user naming scheme"): >> It is reasonable to use /var/lib/foo (or /run/foo or /var/cache/foo or >> /var/games/foo) as the home directory of a system user whose name is >> _foo, debian-foo, Debian-foo or whatever. > > You need to be careful that the directory chosen never has undesirable > permissions, since there are many ways that access can be granted to a > user foo by putting things in ~foo.
Yes, a good point which I should have mentioned. Please read as "it is reasonable to use ... as long as that directory's permissions only allow that user to write there". > For example, /var/games/foo seems like a bad idea since it will > probably be g+w games. Hmm, not on my system - /var/games is 0755 root:root, and the openarena-server and quake{,2,3}-server subdirectories created by my Quake-based game packages are 0755 some-daemon-user:games. I agree that if the foo subdirectory in games was used for a system-wide shared high-score table or something (g+w games, with the game setgid games so it can write there), then that would make it unsuitable. On the other hand, using setgid for shared high-score tables on a multi-user system has always seemed to me like using a sledgehammer (or possibly a railgun) to crack a nut :-) S -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5409d2d4.4070...@debian.org