Randy McMurchy wrote:
That said, what should we do for users that don't need group ID?
I've always thought that it was good to dump these types of users
into the users group, but thinking about it, perhaps not.
I'd appreciate input from the group.
I really don't think that it matters a
Archaic wrote these words on 09/26/05 00:56 CST:
I've always preferred to segregate them in their own group. But if the
group ID is truly never going to be used, and there is no security
implication of allowing these types of programs to share a group, then
perhaps the nogroup group?
That is
On Mon, Sep 26, 2005 at 01:10:38AM -0500, Randy McMurchy wrote:
That is a good idea. Let's see if others respond with any different
suggestions. If not, I'll go with nogroup and change the PostgreSQL
instructions as well.
Just to clarify, the first preference was for uid=gid. The latter was
DJ Lucas wrote these words on 09/26/05 01:09 CST:
I really don't think that it matters a whole lot so long as the chosen
group does exist ;-) and is not given perms where they're not needed,
but I'll throw out a suggestion anyway. The group 'nogroup' might work
well. For me personally on my
On Mon, Sep 26, 2005 at 01:15:46AM -0500, Randy McMurchy wrote:
Thoughts from the group would be appreciated...
A generic users groups seems like it could be a security nightmare for a
sysadmin. People who do need to share files generally belong to a
descriptive group such as research,
Randy McMurchy wrote:
I'm creating instructions for the BLFS book to add the D-BUS package.
There is a user that needs to be created but this user has no
specific group that it needs to be added to.
In its short life, I believe tradition has this user set up as
'messagebus' in group
Matthew Burgess wrote these words on 09/26/05 01:44 CST:
In its short life, I believe tradition has this user set up as
'messagebus' in group 'messagebus'. I know it doesn't answer the full
question, for that I'm in vehement agreement with archaic - just put
users that don't specifially
Archaic wrote:
On Mon, Sep 26, 2005 at 01:15:46AM -0500, Randy McMurchy wrote:
Thoughts from the group would be appreciated...
A generic users groups seems like it could be a security nightmare for a
sysadmin. People who do need to share files generally belong to a
descriptive group such
Consensus from the group though, seems that gid=uid is the most
proper solution. Thanks to everyone for their input so far. I'm
hoping that Bruce throws his two cents in as well, as I noticed
when he created the groups/users table recently, the PostgreSQL
user does not have a gid assigned to
Randy McMurchy wrote:
Matthew Burgess wrote these words on 09/26/05 01:44 CST:
In its short life, I believe tradition has this user set up as
'messagebus' in group 'messagebus'. I know it doesn't answer the full
question, for that I'm in vehement agreement with archaic - just put
users
Bruce Dubbs wrote these words on 09/26/05 10:39 CST:
When I added the section About System Users and Groups, I didn't
analyze each section, but basically grepped for useradd and groupadd
instructions and added those. I didn't notice the users group in the
useradd instruction. It certainly
Instead of assigning a specific UID and GID, we could use the
following commands when creating the system users (FYI I use a similar
construct for my pkg-user pkg manager). This way we don't need to hard
code values for each user/group and it is guaranteed to not clash with
any existing UID/GID:
Tushar Teredesai wrote:
Instead of assigning a specific UID and GID, we could use the
following commands when creating the system users (FYI I use a similar
construct for my pkg-user pkg manager). This way we don't need to hard
code values for each user/group and it is guaranteed to not clash
Bruce Dubbs wrote these words on 09/26/05 12:15 CST:
P.S. Glad to see all the Houstonites back on the job now. :)
That would be Houstonians. :-)
--
Randy
rmlscsi: [GNU ld version 2.15.94.0.2 20041220] [gcc (GCC) 3.4.3]
[GNU C Library stable release version 2.3.4] [Linux 2.6.10 i686]
In WvDial-1.54.0 the *more information* link:
http://www.electronicschat.org/nonroot-dialout/index.html seems to have
been taken down.
I thought this one was good:
http://gentoo-wiki.com/HOWTO_Setup_a_Dialup_Connection
or we could write our own. Anyone have a suggested link or text. We
Hi all,
I've committed the first pass at getting D-BUS into BLFS. I would
sure appreciate it if you folks that have experience using D-BUS
would look over the instructions for mistakes. I do not claim to
be an expert on D-BUS.
These issues are specifically where I may have made mistakes:
1. I
Hi all,
Both D-BUS and HAL look for a SELinux-enabled system. I have no
clue about SELinux, as I've never looked into it. Best I can tell
you must patch the kernel sources with the NSA SELinux patches,
then install some userland tools to use the SELinux-patched kernel.
Is SELinux something I
On Mon, Sep 26, 2005 at 07:20:52PM -0500, Randy McMurchy wrote:
Is SELinux something I should be listing as a dependency for the
D-BUS and HAL packages?
Not unless you want an absolute flurry of support questions. SELinux
will completely change the security model of an LFS system.
Anyone
Archaic wrote these words on 09/26/05 19:27 CST:
Not unless you want an absolute flurry of support questions. SELinux
will completely change the security model of an LFS system.
The reason I asked about this is because I like being technically
accurate, however, I'm not knowledgeable enough
On Mon, Sep 26, 2005 at 07:36:13PM -0500, Randy McMurchy wrote:
Can you help me determine which it is?
A fundamental change at the base system level would have to occur. Just
throwing selinux into the kernel of an existing system will not work. A
total system recompile with many non-LFS
On Mon, Sep 26, 2005 at 07:45:28PM -0500, Randy McMurchy wrote:
I will interpret this as something you cannot add to a base LFS
system, thus, I don't need to list it as a dependency.
Correct interpretation.
Thanks for your help, dude.
NP. :)
--
Archaic
Want control, education, and
Randy McMurchy wrote:
Bruce Dubbs wrote these words on 09/26/05 12:13 CST:
sendmail uses the group mail.
Indirectly, I suppose. I have Sendmail installations, with mailboxes,
and there is not one file on my systems that have group ownership of
'mail'. Anduin is the same way. I believe
Randy McMurchy wrote:
Hi all,
Both D-BUS and HAL look for a SELinux-enabled system. I have no
clue about SELinux, as I've never looked into it. Best I can tell
you must patch the kernel sources with the NSA SELinux patches,
then install some userland tools to use the SELinux-patched kernel.
Bruce Dubbs wrote these words on 09/26/05 21:57 CST:
You don't need to patch the kernel any more. It is there. From `make
xconfig`:
NSA SELinux Support (SECURITY_SELINUX)
My earlier point is the NSA provides *patches* to the kernel source.
The current NSA patch is for the 2.6.13 kernel
On Mon, Sep 26, 2005 at 09:57:03PM -0500, Bruce Dubbs wrote:
You will also need a policy configuration and a labeled filesystem.
And a rebuilt glibc, and a rebuilt coreutils (with patches), and other
rebuilt LFS programs for this to do any good.
--
Archaic
Want control, education, and
25 matches
Mail list logo