On Fri, 2011-08-12 at 18:50 +0200, Jos Vos wrote:
Hi,
Should configs files of a package be patched to have settings that
make it work more or less out of the box (as far as possible, some
setting like DB access etc. just can't be filled in in advance)?
If possible and does not really need individual configuration by a
system administrator, yes.
I came across a package that defines to use "nogroup" in
its config
file as effective group (Fedora has no "nogroup", but has group
"nobody")
and defines to put a pid file in /var/run (which fails, as it appears to
do that as nobody/nobody when running).
Should this config file have been patched to use "nobody" as group and
should the package (for example) include a package-specific directory
below /var/run to put its own pid file in (and patch the config file
to use this directory for pid files)?
It is generally insecure to share groups/uids between different system
daemons.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb