[vox-tech] Groups and Users?

vox-tech@lists.lugod.org vox-tech@lists.lugod.org
Wed, 10 Apr 2002 12:32:34 -0400


On Tue, Apr 09, 2002 at 11:35:18AM -0700, ALLO (Alfredo Lopez) wrote:
> I have a couple of Bioinformatics applications that are accessed through a
> Web server.  Some of the folders have as the User and Group: root; others
> have:1000 and another set has User:543  Group:63. 

> Why do I have this weird (at least to me) collection of users and groups?  I
> guess that those that have root, have it because I was root when I created
> them, but the others? 

Alfredo,

  Actually your must have been root when you created all of those files
(via extracting a tar or whatever)... because had you been any normal 
user the files would have been owned by the user who extracted them.  root
is the only account that can change the ownership of files away from
itself.

> Do I need to change everything to root or something else?  Does it matter?
> Is there a "good practice" rule that I can follow?

  You should probably change all the files to be owned by a single user
account, and it would probably be a good idea to name the user/group after 
something close to what the files are user for... like creating a 'bioinf'
user/group to own the bio-informatics stuff.  That would only be to make
life easier for one looking at your system... changing ownership of normal
files doesn't make anything more secure.  (to make things more secure
make sure things are set-uid and executable, and make sure that none
of the directories are group or world writable (unless they really must be)).

  I would recommend that if you setup a user to 'own' the bioinf stuff that
when you do future installs that you switch to that user before unpacking
and installing things... so that they are automatically owned by whoever.
It is slightly more secure _doing_ things as a non-root user when possible,
because if you make a typo you can 'only' wipe out all the bioinf stuff
instead of the rest of the system. ;)

    Later,
      Mike