Re: one user per daemon?

To: debian-security@lists.debian.org
Subject: Re: one user per daemon?
From: Christian Kujau <evil@g-house.de>
Date: Sun, 06 Jul 2003 23:03:56 +0200
Message-id: <[🔎] 4s2aeb.5eo.ln@news.housecafe.de>
In-reply-to: <6hKI.6CR.9@gated-at.bofh.it>
References: <[🔎] o5g6eb.ee4.ln@news.housecafe.de> <[🔎] 20030706125738.GD16189@pimlott.net>

Andrew Pimlott wrote:

On Sat, Jul 05, 2003 at 02:26:24PM +0200, Christian Kujau wrote:
in another (german) newsgroup i saw a comment, being a bit upset aboutthe general-every-distribution behaviour to install new daemons under asingle user id. to be clear, if debconf/dpkg/whatever set up e.g. ntpd,the default is that "root" starts the daemon. or user "nobody" does, butanother daemon was configured to be run from "nobody" too. the sameapplies for user "daemon". only a few daemons are run by other users bydefault, apache, snort or squid.
You're right that this is rather ridiculous.  For the trivial cost
of a new user, we get a significant gain in compartmentalization.

I wish there were something in policy strongly recommending creating
a new user for every system service.

hmm, ok. thanks for confirming that, i thought i/someone missed a hiddenfeature or so. i see, there is work done *towards* a one-user-per-daemonsystem, as i named some daemons above. and yes, i know, that *work*would be sooner done with even more people working on it....


Thank you,
Christian.

--
BOFH excuse #363:

Out of cards on drive D:

Reply to:

References:
- one user per daemon?
  - From: Christian Kujau <evil@g-house.de>
- Re: one user per daemon?
  - From: Andrew Pimlott <andrew@pimlott.net>

Prev by Date: Re: Strongest linux - kernel patches
Next by Date: configure ssh-access
Previous by thread: Re: one user per daemon?
Next by thread: configure ssh-access
Index(es):
- Date
- Thread