Patching config files (or not)
Tomas Mraz
tmraz at redhat.com
Tue Aug 16 09:25:36 UTC 2011
On Fri, 2011-08-12 at 18:50 +0200, Jos Vos wrote:
> Hi,
>
> Should configs files of a package be patched to have settings that
> make it work more or less out of the box (as far as possible, some
> setting like DB access etc. just can't be filled in in advance)?
If possible and does not really need individual configuration by a
system administrator, yes.
> I came across a package that defines to use "nogroup" in its config
> file as effective group (Fedora has no "nogroup", but has group "nobody")
> and defines to put a pid file in /var/run (which fails, as it appears to
> do that as nobody/nobody when running).
>
> Should this config file have been patched to use "nobody" as group and
> should the package (for example) include a package-specific directory
> below /var/run to put its own pid file in (and patch the config file
> to use this directory for pid files)?
It is generally insecure to share groups/uids between different system
daemons.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the devel
mailing list