Date: Thu, 18 Oct 2001 09:41:36 -0700 (PDT) From: John Baldwin <jhb@FreeBSD.org> To: Mike Barcroft <mike@FreeBSD.org> Cc: cvs-all@FreeBSD.org, cvs-committers@FreeBSD.org, "Andrey A. Chernov" <ache@FreeBSD.org>, Christopher Masto <chris@netmonger.net> Subject: Re: cvs commit: src/etc group master.passwd Message-ID: <XFMail.011018094136.jhb@FreeBSD.org> In-Reply-To: <20011017140633.B64561@coffee.q9media.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 17-Oct-01 Mike Barcroft wrote: > Christopher Masto <chris@netmonger.net> writes: >> On Wed, 2001-10-17 at 14:34, Mike Barcroft wrote: >> > No, but enough installations require a www pseudo-user to make this >> > change worthwhile. >> >> Why can't that user be created as needed? I already have an "apache" >> user and group on my web servers - I create them when I install Apache. >> I also have users on various machines for PostgreSQL, Cyrus, GDM, >> NetSaint, MySQL, Courier, Gale, and Minivend, among others. But I don't >> suggest that my needs should be added to the FreeBSD base system. > > The aformentioned software packages would be candidates for specific > user accounts in the base system if there was enough of a userbase to > justify their inclusion. > >> What's special about "www"? (Apart from being a horrible >> unpronounceable word that's bugged me since it first appeared.) > > It's a somewhat generic username that's applicable to most web > servers. It's not in the base system. Period. People may already use this uid. In fact, why the number 80? Only the name is important, the number is irrelevant in all honesty. The port should just pick an unused uid and gid during it's install, adn this is the _port_'s job to create this user. Having a util in the base system (gee, we have pw already) to create the user and group in a standard fashion that ports can use is fine, but we don't need to add users for things that aren't in the base system. Also, which user a local admin uses for their daemons is a lcoal policy decision. FreeBSD should not be setting that policy. I can see the arguments for having each server run under its own dedicated user to isolate services from each other in the case of a compromise, but this is a local policy decision, not something FreeBSD should cram down people's throats. I request that the www user and group be backed out. If we had a web server in the base system, this might be different (like the bind user and the presently non-existent but potential sendmail/smtp/mail user), but since web servers are currently all in ports, the ports install is where the user add belongs. -- John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/ PGP Key: http://www.baldwin.cx/~john/pgpkey.asc "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.011018094136.jhb>