groups, etc.

Archaic archaic at linuxfromscratch.org
Thu Feb 17 02:36:47 PST 2005


On Thu, Feb 17, 2005 at 03:36:15AM -0500, Robert Connolly wrote:
> Hi. Our /etc/group could use some thinning. A few of the groups are not useful 
> to the majority of us. Just these might be alright:
> 
> root:x:0:
> bin:x:1:
> sys:x:2:
> kmem:x:3:
> daemon:x:4:
> utmp:x:5:

Daemon is a bad one. We should make all daemons run in their own unique
uid/gid.

> The rest can be added on our own. This will affect our udev setup. LFS is 
> debating this topic too, no one knows yet how it will turn out. They are more 
> likely to keep groups like floppy and audio.

I would like to wait to see how they do it, then perhaps thin it down a
bit more if necessary.

> I want to install daemon groups, like syslog, starting at gid 25 to give us a 
> buffer zone between root's supplemental groups and daemon groups.

This is an admin-specific thing that I don't think the book should
attempt to enforce.

> Although, we can get away with just having a root group and forget the rest.

Again, it will depend on how LFS decides because it will determine how
BLFS does things. And since we will be linking to BLFS pages, and in
some cases modifying BLFS pages for our own use, then it would behoove
us to wait for things to unfold.

> And, having a nobody user/group can be usefull too, like for coreutils 
> testsuite, and for running things in /etc/weekly.

Agreed, it is useful, but anything we do differently from LFS we will
need to document why and have a valid reason (like if we install
something that needs the nobody user).

-- 
Archaic

Want control, education, and security from your operating system?
Hardened Linux From Scratch
http://www.linuxfromscratch.org/hlfs




More information about the hlfs-dev mailing list