[Adduser-devel] Bug#290623: adduser should never use "nogroup" as a user's group
joerg at joerghoh.de
Sun Jun 24 09:56:31 UTC 2007
On Samstag 15 Januar 2005, you wrote:
> Package: adduser
> Version: 3.59
> Severity: normal
> adduser should never use "nogroup" as the group for a user by default.
> The reason nobody and nogroup exists is so that processes can be sure of
> having no special access to the file system. For this to work there
> musn't be anything in the file system with uid/gid set to either.
> With system users in nogroup it's easy for files to be created with
> nogroup as their group, and though they usually won't be group writable,
> it's asking for trouble, with no benefit.
In my opinion any package who wants to use an unprivileged user ("nouser") or
group ("nogroup") should create a separate user for that usage (see the
www-data user for httpd). In any other way there maybe conflicts/security
implications when 2 processes are there with with privileges dropped and now
What did you do to the cat? It looks half-dead. -Schroedinger's wife
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20070624/cc4a7fea/attachment.pgp
More information about the Adduser-devel