[2016-12-19 09:04] Russ Allbery <r...@debian.org> > > part text/plain 564 > Dmitry Bogatov <kact...@gnu.org> writes: > > > After all, leftover system user is just one extra line in /etc/passwd > > and one more wasted UID, but we have ~32k of them. > > Er, no, we have 900 of them. Maybe 1433 of them if we steal 65000-65533. > Anywhere else will run into the UID space reserved for the local > administrator, which would cause serious problems. > > Given that, I do think something like this would be a good idea if all the > tricky implementation details can be worked out.
You are right. But what are we going to do anyway in case if user installs 901 different daemons? Seems that approach of system users does not scale at all. Just a thought: `setuid(2)' accepts uid_t, which is 32bit on my 64 bit system. So probably it possible to run process isolated without creating entry in /etc/passwd? Here is little C program: #include <sys/types.h> #include <unistd.h> #include <stdio.h> int main(void) { printf("%d\n", (int)(sizeof(uid_t))); setuid(100000); sleep(1000); return 0; } Will it misbehave on different kernels or architectures, then x86_64 GNU/Linux? If it is okay, then let's consider why system users are usually used? As far as I understand, to run some process and - protect it from other processed - protect other processes from it - do not allow it to write files it do not need - do not allow it to read files it do not need setuid(BIG_INT) is fine to solve first two tasks. About third we can do following: $ setuid $BIG_INT my-daemon <<EOF /var/log/my-daemon.log /var/spool/my-data.log EOF setuid will touch this files as root, chown them to $BIG_INT, run daemon as setuid($BIG_INT) and when it dies, chown files back to root. This way there no need to assign any specific number to daemon, question is just to aquire number not occupied right now. We can do similiar thing with files meant to be read. What do you think? This way we can save some of 900 system users for cases, where we can't know in advance list of files needed to be readable/writeable. -- X-Web-Site: https://sinsekvu.github.io | Note that I process my email in batch, Accept-Languages: eo,ru,en | at most once every 24 hours. If matter Accept: text/plain, text/x-diff | is urgent, you have my phone number.
pgpesJ7Td1zHP.pgp
Description: PGP signature