Date: Thu, 18 Oct 2001 13:15:56 -0700 From: Sean Chittenden <sean@chittenden.org> To: Ollivier Robert <roberto@ns2.freenix.org> Cc: Sheldon Hearn <sheldonh@starjuice.net>, "Andrey A. Chernov" <ache@nagual.pp.ru>, ports@freebsd.org, developers@freebsd.org Subject: UID proposal for ports (apache, postfix, squid, postgres)... Message-ID: <20011018131556.D54066@rand.tgd.net> In-Reply-To: <20011018214551.A23964@ns2.freenix.org>; from "roberto@ns2.freenix.org" on Thu, Oct 18, 2001 at = 09:45:52PM References: <20011017155854.A43168@nagual.pp.ru> <26334.1003400552@axl.seasidesoftware.co.za> <20011018214551.A23964@ns2.freenix.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Hold on a second. What files does Apache _write_ as user nobody? > > Log files for instance. Log files are written as root. I think the real issue is whether or not the Apache port should create the www uid, or whether or not the UID should be included in the base system. For the sake of consistency across installations, I really like the idea of having the UID in the base system (along with postfix, squid, cvsup, cvsupin, etc). For installations with lots of machines, this'd be a dream come true. For smaller installations, however, I don't think they'd care or notice. My personal preference is to have everything in the base system and then let applications use the standardized UIDs. While it's nice that a port can create a UID, I like keeping UIDs aligned across multiple servers. How about this (best of both worlds): The port (Apache, postfix, squid, etc) creates their necessary UID/GIDs using reserved ID numbers that are hard coded (ex: apache == www == 80). The advantage to a system like this would be that there wouldn't be excessive or unneeded UIDs on a system, but when it comes to installing a service on many machines, it has a standardized UID that's consistent across the various servers. The accountancy for keeping track of the reserved UIDs would be a simple services-esque flat file kept in CVS that would associate UIDs with usernames and in the comments field, the application. Comments/suggestions? -sc -- Sean Chittenden To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011018131556.D54066>