main/alpine-baselayout: reconsider default users/groups
The alpine baselayout includes a lot of users and groups. Some of which are to my knowledge not used or should by added by the appropriate packages.
Examples:
ntp
(user/group) currently unused but should be moved to ntp packages actually using it
man
(user/group) what is that even for?
abuild
(group) is already created by the abuild package
vpopmail
(user/group) for a package that has been removed 13 years ago
xfs
(user/group) is a X font server used?
Now I am creating this issue because I don't know exactly which are used so I would appreciate some feedback.
name | keep? | notes |
---|---|---|
root (user/group) | yes | |
bin (user/group) | yes | legacy compatibility |
daemon (user/group) | yes | legacy user for deamons, dedicated users are better |
sys (group) | yes | historical |
adm ( |
only group | system monitoring |
tty (group) | yes | used by mdev/udev |
disk (group) | yes | used by mdev/udev |
lp (user/group) | yes | used by udev, not yet used by mdev (mdev-conf#3) |
no | using kmem group instead (mdev-conf!11 (merged)) (!60790 (merged)) | |
kmem (group) | yes | used by mdev/udev |
wheel (group) | yes | |
floppy (group) | yes | |
mail (user/group) | yes | debian doc |
news (user/group) | yes | used for news associated programs |
uucp (user/group) | no | used by mdev for serial tty, replace uucp with dialout group (mdev-conf!12 (merged)), TODO fix aports (!59845 (merged)) |
no | moved to man-db in !58251 (merged)
|
|
cron (user/group) | no | move to cron deamons? |
no | ||
audio (group) | yes | |
cdrom (group) | yes | used by mdev/udev |
dialout (group) | yes | used by mdev/udev |
ftp (user/group) | no | move to ftp deamons? |
sshd (user/group) | no | move to ssh deamons? |
input (group) | yes | used by mdev/udev |
no | created and used by at package, fixed in !58093 (merged)
|
|
tape (group) | yes | used by mdev/udev |
video (group) | yes | used by mdev/udev |
netdev (group) | yes | used by mdev |
no | old remnant, removed in !55375 (merged) | |
no | already created by squid package |
|
no | old gentoo remnant | |
kvm (group) | yes | used by mdev/udev |
games (user/group) | yes | |
shadow (group) | yes | /etc/shadow file |
no | used until 2007, now using cdrom group instead (!55378 (merged)) | |
www-data (group) | yes | used by some web servers?, added in b881d448f79 |
no | was gentoo specific, now using dialout group instead, removed from usbmuxd in !58574 (merged), removing in !60790 (merged) | |
no | removed related package | |
users (group) | yes | not needed |
ntp (user/group) | yes | should be added to ntp deamons when used, TODO add to openntpd, added in 601af9ebc43 |
no | was used by unused qmail* users |
|
no | created and used by milter-greylist
|
|
no | created and used by plocate
|
|
abuild (group) | no | should be moved to abuild package, added in 4f0ac3dd09f |
utmp (group) | yes |
used by some programms, (eg. utmps , openrc uses it when available) |
ping (group) | yes | added in 3579df3582b, used to give system users (eg. daemons) ping permission |
nogroup (group) | yes | |
nobody (user/group) | yes | |
sync (user) | ? | sync disks without root access, would recommend adding if people want |
shutdown (user) | no | we do not have /sbin/shutdown (#15453 (comment 381536)) |
halt (user) | ? | would recommend adding if people want |
no | historic | |
no | ||
no |
I think that technically video
, audio
, lp
and more are only used by the device manager and maybe should be moved there.
When a kernel driver initializes a device, the default state of the device node is to be owned by root:root, with permissions 600.
If a system doesn't have a device manager (or uses something different) then they don't need the groups.
TODO after this is (mostly) done it would make sense to do something similar in mkinitfs.
An overview of all uids/gids that are/have been used can be found here: https://wiki.alpinelinux.org/wiki/User:Sertonix/Known_UID_and_GID