> The footnote for "daemon" says: > > The 'daemon' UID/GID was used as an unprivileged UID/GID for daemons > to execute under in order to limit their access to the system. > Generally daemons should now run under individual UID/GIDs in order to > further partition daemons from one another.
The preconfigured 'daemon' seems to be less of a risk than for daemons to run under individual UID/GIDs. > > Although "nobody" hasn't been quite the security nightmare that > "daemon" has (as far as I know), it seems a bit odd to overload the > NFS thing (which doesn't even seem to apply to my Red Hat system, as > nobody is UID 99 rather than 65534 or whatever it is in the NFS case) > and the Apache thing. > > The flip side of course is that Apache running as nobody is pretty > long-standing tradition and people (or even applications) might be > used to making files owned by nobody if CGI's need to write them.
