~alpine/devel

3 3

[alpine-devel] system groups

Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20101207151943.60bfb747@alpinelinux.org>
Sender timestamp
1291735183
DKIM signature
missing
Download raw message
Hi,

We have introduced a special system group with gid 700. All users in
this group will have permission to see all processes, network info and
kernel symbols. The purpose of this is to have monitorig software like
zabbix and nagios agents running as users that are in this group.

I will update alpine-baselayout (which has not been touched for years)
with a new group, called 'readproc', which will be used for gid 700.

While here, are there other standard system groups that are missing in
our default /etc/groups? What about 'netdev' (for avahi),
'messagebus' (for dbus) etc. Should any be removed?

The current list is:
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root,adm
lp:x:7:lp
mem:x:8:
kmem:x:9:
wheel:x:10:root
floppy:x:11:root
mail:x:12:mail
news:x:13:news
uucp:x:14:uucp
man:x:15:man
cron:x:16:cron
console:x:17:
audio:x:18:
cdrom:x:19:
dialout:x:20:root
ftp:x:21:
sshd:x:22:
at:x:25:at
tape:x:26:root
video:x:27:root
squid:x:31:squid
gdm:x:32:gdm
xfs:x:33:xfs
games:x:35:
named:x:40:named
mysql:x:60:
postgres:x:70:
cdrw:x:80:
apache:x:81:
nut:x:84:
usb:x:85:
vpopmail:x:89:
users:x:100:games
ntp:x:123:
nofiles:x:200:
qmail:x:201:
postfix:x:207:
postdrop:x:208:
smmsp:x:209:smmsp
slocate:x:245:
portage:x:250:portage
utmp:x:406:
nogroup:x:65533:
nobody:x:65534:


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Nathan Angelacos <nangel@nothome.org>
Details
Message ID
<4CFE5FFC.7010308@nothome.org>
In-Reply-To
<4CFE5E40.6030705@iki.fi> (view parent)
Sender timestamp
1291739132
DKIM signature
missing
Download raw message
On 12/07/10 08:18, Timo Teräs wrote:
> On 12/07/2010 06:02 PM, Natanael Copa wrote:
>> On Tue, 2010-12-07 at 15:19 +0000, Natanael Copa wrote:
>>> Hi,
>>>
>>> We have introduced a special system group with gid 700. All users in
>>> this group will have permission to see all processes, network info and
>>> kernel symbols. The purpose of this is to have monitorig software like
>>> zabbix and nagios agents running as users that are in this group.
>>>
>>> I will update alpine-baselayout (which has not been touched for years)
>>> with a new group, called 'readproc', which will be used for gid 700.
>>
>> I should have picked a lower gid. Seems like 30 is free. Everybody ok
>> with me updating the kernel to use GID=30 and update
>> alpine-baselayout's /etc/group to hold 'readproc:x:30:'?
>
> Yes, that sounds better. Usually gid 100-1000 can be assigned by
> "addgroup --system". We would not want this GID to get autoassigned on
> systems where the entry does not exist.
>
> GID=30 sounds ok.
>

42...

http://en.wikipedia.org/wiki/Answer_to_the_Ultimate_Question_of_Life,_the_Universe,_and_Everything


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<1291737766.7439.8.camel@ncopa-desktop.nor.wtbts.net>
In-Reply-To
<20101207151943.60bfb747@alpinelinux.org> (view parent)
Sender timestamp
1291737766
DKIM signature
missing
Download raw message
On Tue, 2010-12-07 at 15:19 +0000, Natanael Copa wrote:
> Hi,
> 
> We have introduced a special system group with gid 700. All users in
> this group will have permission to see all processes, network info and
> kernel symbols. The purpose of this is to have monitorig software like
> zabbix and nagios agents running as users that are in this group.
> 
> I will update alpine-baselayout (which has not been touched for years)
> with a new group, called 'readproc', which will be used for gid 700.

I should have picked a lower gid. Seems like 30 is free. Everybody ok
with me updating the kernel to use GID=30 and update
alpine-baselayout's /etc/group to hold 'readproc:x:30:'?

Thanks!

-nc



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Timo Teräs <timo.teras@iki.fi>
Details
Message ID
<4CFE5E40.6030705@iki.fi>
In-Reply-To
<1291737766.7439.8.camel@ncopa-desktop.nor.wtbts.net> (view parent)
Sender timestamp
1291738688
DKIM signature
missing
Download raw message
On 12/07/2010 06:02 PM, Natanael Copa wrote:
> On Tue, 2010-12-07 at 15:19 +0000, Natanael Copa wrote:
>> Hi,
>>
>> We have introduced a special system group with gid 700. All users in
>> this group will have permission to see all processes, network info and
>> kernel symbols. The purpose of this is to have monitorig software like
>> zabbix and nagios agents running as users that are in this group.
>>
>> I will update alpine-baselayout (which has not been touched for years)
>> with a new group, called 'readproc', which will be used for gid 700.
> 
> I should have picked a lower gid. Seems like 30 is free. Everybody ok
> with me updating the kernel to use GID=30 and update
> alpine-baselayout's /etc/group to hold 'readproc:x:30:'?

Yes, that sounds better. Usually gid 100-1000 can be assigned by
"addgroup --system". We would not want this GID to get autoassigned on
systems where the entry does not exist.

GID=30 sounds ok.

- Timo



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)