On Sat, Jul 05, 2003 at 02:26:24PM +0200, Christian Kujau wrote:
in another (german) newsgroup i saw a comment, being a bit upset about
the general-every-distribution behaviour to install new daemons under a
single user id. to be clear, if debconf/dpkg/whatever set up e.g. ntpd,
the default is that "root" starts the daemon. or user "nobody" does, but
another daemon was configured to be run from "nobody" too. the same
applies for user "daemon". only a few daemons are run by other users by
default, apache, snort or squid.
You're right that this is rather ridiculous. For the trivial cost
of a new user, we get a significant gain in compartmentalization.
I wish there were something in policy strongly recommending creating
a new user for every system service.