[Adduser-devel] Bug#693218: adduser --system should default to --group
Wessel Dankers
wsl-deb-bug-submit at fruit.je
Wed Nov 14 11:36:18 UTC 2012
Package: adduser
Version: 3.112+nmu2
Severity: wishlist
Tags: security
Hi,
Currently, system users get nogroup (65534) as their default primary group.
However, multiple (system) accounts sharing a common group is not good
from a security standpoint. It gives unrelated processes access to each
other's files and other resources.
While this could be considered a bug in the invoker's script, it's
something that is easy to overlook and it could be argued that defaults
should be sane and secure (‘graceful degradation’).
Please make --group the default for --system.
Kind regards,
--
Wessel Dankers <wsl-deb-bug-submit at fruit.je>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20121114/10c5fd63/attachment.pgp>
More information about the Adduser-devel
mailing list