On 2011 Oct 04 (Tue) at 11:09:49 -0600 (-0600), Theo de Raadt wrote: > > Hm. Very intresting, because I remember discussions that where very much the > > opposite of this conclusion that the linkage between NFS and nobody is > > confusing > > and a lie. > > > > As far as I can tell, the nobody user was introduced with NFS for specific > > reasons > > (uid/gid mappings) and has always been associated with NFS. There was even > > talk > > about the gross misuse of this user for purposes other then NFS. > > > > There is no point in a general "nobody" user, it is horrifing actually. > > > > If nobody is not for or to be linked with NFS, what is it then ? > > If I recall correctly, the situation is: > > NFS itself uses uid -1 (an int) to handle various things in special > ways. > > The passwd NFS is 32767 (an unsigned short, which in some cases looks > like -1 short), and is used by things like locate to ensure that it > only sees files visible to everyone. > > If I recall this correctly, they are orthogonal. I don't follow here.
In anycase. Whatever NFS might to internally, that is to use a a integer uid -1 (uid_t is a int32_t) doesnt really matter. The problem is in mountd and exports. The nobody user is for doing things like: -maproot=nobody or -mapall=nobody in your export lists, right ? If not, then a new user needs to be created for this purpose. Having multiple things use the same "dummy" user is IMO bad practice, so nobody should continue to be the "NFS user" if for nothing less then historical reasons and in-the-wild setups.
