On Thu, 06.07.17 10:34, Reindl Harald (h.rei...@thelounge.net) wrote: > > > Am 06.07.2017 um 09:59 schrieb Jonathan de Boyne Pollard: > > Reindl Harald: > > > at least fall back to “nobody” > > > > Jonathan de Boyne Pollard: > > > That idea is wrong. > > > > > > https://news.ycombinator.com/item?id=14681377#14682059 > > > > Reindl Harald: > > > better than a stupid [...] > > > > Not really, no. It's the same category of error, in fact: substituting > > an account other than the one that the system administrator explicitly > > said to drop privileges to. > > yes, it's both nonsense, but when i only have the option to choose between > two types of nonsense i take the one which don't give root permissions
The "nobody" user has special semantics on Linux: it's where things are mapped to that can't be mapped otherwise. It's used by user namspacing, by NFS and others. It's really not a good idea, to permit random services to create and access files under that ID. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
