On Wed, 7 Sep 2016 17:48:51 +0200
Quentin Rameau <quinq_AT_fifth.space> wrote:
Hey Quentin,
> Just a question though, do we need to set a group to drop privileges
> to? Wouldn't getting the gid out of the user name sufficient?
why cut the flexibility there? If we extract the groups from a
username, we would also have to deal with supplementary groups which as
a big potential to fuck things up and impose security risks.
> Actually two questions, why the nogroup group instead of the nobody
> group? I know that nogroup is present on OpenBSD, but the LSB suggest
> the use of nobody:nobody[1] and doesn't evoke nogroup.
> I don't really mind, just raising question. :)
I don't know why the LSB suggests that and the LSB is a fucking mess
anyway. Point is, the NFS-argument is kinda bad, given for instance the
NFSv4 implementation on Linux (idmapd) also sets nobody:nogroup.
It's also been the standard value for quark since forever.
Cheers
FRIGN
--
FRIGN <dev_AT_frign.de>
Received on Wed Sep 07 2016 - 17:56:02 CEST