Es schrieb Leon Brooks:
On Thursday 17 January 2002 19:29, Stefan Siegel wrote:
May anybody explain me please why those groups are needet over all?
We have the group nobody, so why do we need a group nogroup?
For non-packaged applications, many daemons expect to run as one of
nobody or nogroup. Also, some apps ported from other systems expect
these groups to be at specific group numbers (e.g. 98 or 99 for nobody,
65535 or 100 for nogroup) but since different alien Unices have different
expectations for these numbers Mandrake can't please everyone.
Having the names present is a start.
If they use nogroup instead of nobody they have to be considered
buggy, in a linux world. As an experianced admistrator, you are able
to fix this problem very fast, when installing alien software on your
machine. Feel free to contact the author of the software, so that he
can fix this problem ...
I've never seen any application/user using ntools or ctools what are
they good for?
Network tools and compiler tools, and they're useful for denying dangerous
users access to specific powerful tool sets.
Let me resume it correctly: No Mandrake Linux package nedds them, but
neverless they get created as SOME adminstrators MAY LIKE them.
As a result they are not part of the /etc/group flie in the setup
package (hello Chmouel :-), but msec adds them with a random number on
EVERY Mandrake Linux box.
This is a very bad thing. I mean I might like other groups to prevent some
people accessing tools and applications (e.g. web-cams/video/tv/multimedia).
So ither they get added to the /etc/group file as common sense to be
needet in the distribution or totally removed. In any case it doesn't
belong to mesecs jobs to add totally new groups as seen in
/usr/share/msec/lib.sh which is sourced by msec in every security level:
-
# default group which must exist on the system
# groupadd already check for their existance...
groupadd nogroup /dev/null
groupadd audio /dev/null
groupadd xgrp /dev/null
groupadd ntools /dev/null
groupadd ctools /dev/null
-
And if they aren't of any use, why not silently remove them ...
Because they're useful, if not to you then to many others. When Mandrake
produce the Siegel release, complain if these are still in here. (-:
OK, this is a nice try to convince mie, but there are so many goups wich
MIGHT be usefull for SOME users - but adding them all is a little bit of
overkill, don't you think. E.g. I have a group webcam with only trusted
people in there, as I don't want any user of my server to be able to
remotly lounch tools to spy out the cam in my room, when I think to be
allone (and: No I have no interrest in telling you, what I am doing
in my room, when I feel private ;-) ...
This MIGHT be considered much more important for a Joe Everyone
distribution like Mandrake Linux than the need for groups only needet by
experianced administrators knowing what tools they'd like to place in
some sort of sandbox of trusted users. Those admins should have enough
knowledge to add groups like ntools if they feel a need for them,
don't you think so?
So, Once again: If they aren't of any use, why not silently remove them?
--
_
Tschüss und bis demnächst/à bientôt, _|_|_
() *
Stefan /v\ /
»( )« Penguin Powered!
+(m-m)--+
