Hello All I am looking at drawing up a policy for some of our local machines and also client machines that we administer. Certain grades of users will be made members of groups with specific privileges. Then I can tweak things so that member of those groups have access to things like read log files, update web pages in /var/www, and upload files to /pub/ftp etc, without root access.
However, before I go and re-invent the wheel, I was just wondering if there is a Debian policy (or unofficial policy or understanding) on what the "traditional" unix groups are used for. There are some of them which are obvious like root:x:0: lp:x:7:lp mail:x:8: news:x:9: uucp:x:10: majordom:x:31: postgres:x:32: www-data:x:33: Others seem to be traditional unix names, but I am not sure what privileges these group ID's have on a Debian or other typical unix installation: daemon:x:1: bin:x:2: sys:x:3: However the ones I am most interested in are adm:4: tty:x:5: disk:x:6: cdrom:x:24: floppy:x:25: tape:x:26: backup:x:34: operator:x:37: staff:x:50: games:x:60: users:x:100: nogroup:x:65534: Which files and directories allow access from these groups in a Debian installation? Would it make sense to add certain users to say "cdrom", "adm" or "staff" ? What rights would such a user be expected to gain from this? Any comments would be appreciated. Thanks Ian --------------------------------------------------------------------- Ian Forbes ZSD http://www.zsd.co.za Office: +27 +21 683-1388 Fax: +27 +21 64-1106 Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa ---------------------------------------------------------------------