On Mon, Jun 01, 2009 at 11:20:19PM -0600, Theo de Raadt wrote: > > Hmm.. kinda feels like a waste to create a new user/group. > > The app doesn't write to any files nor does it have any > > config files (ATM). > > > > How about I stick with nobody? > > How about everyone just share the root account? > > What are you afraid of, that we'll run out of users and groups? > > There are very good documented reasons why we have all daemons > use different uids. Much security is failed from seperation.
OK. I was just trying to use an available non-privileged account. I had not realized nobody was "special" in that it is being used for NFS. On Tue, Jun 02, 2009 at 11:43:50AM +0100, Stuart Henderson wrote: > On 2009/06/01 22:07, patrick keshishian wrote: > > How about I stick with nobody? > > "nobody" is special; it is definitely not a non-privileged account. > > $ grep nobody /etc/passwd > nobody:*:32767:32767:Unprivileged user for NFS:/nonexistent:/sbin/nologin That is definitely odd :) Thanks for the pointers. --patrick
