On Thu, Feb 19, 2009 at 2:36 AM, Jan de Groot <jan@jgc.homeip.net> wrote:
On Wed, 2009-02-18 at 23:10 +0100, Andreas Radke wrote:
I didn't want to add a new system user "man" as the community package does. It seems to run fine without serious security concerns for me. If you think different feel free to drop a mail here.
chown -R man.users -> chown -R man:users. The . syntax is not POSIX compliant and I still have no idea why linux accepts this bullshit
post_remove: you remove the man user, which leaves a /var/cache/man directory with files owned by an unknown user. This is a security bug, as the user is created with a >1000 userid also. When adding a new user afterwards, the user owns /var/cache/man. Either don't remove the user on post_remove, or delete /var/cache/man with it.
Don't Andy's and Jan's words here contradict with regard to creating a man user? -Dan