Re: daemons running as nobody
Hi
Shaul Karl schrieb:
> How should important daemons run?
Under it's own user.
> Why?
If one there is a root shell listening as nobody on the network,
all other daemons running as nobody are comromised as well. This
is particulary bad for things that just _have_ to work. Loosing
a game server is not that bad, loosing rpc.yppasswdd would be
... bad.
Note: running all daemons as root is even worse than running all
as nobody, but many daemons have to bind to privilegued ports
somehow, and since there are no filesystem-like permissions on
ports daemons have to be launched as root.
( msyslog wouldn't be running as root if there weren't network
input modules that need to reopen privilegued ports on
reinitialisation. )
> Why nobody should not own ANY file on the filesystem?
Every file should be owned by somebody, and nobody is nobody ...
> What does nobody intended for?
uhm ... dunno.
ciao, 2ri
--
Tux und Chucky spielen "capture the flag" mit Windos-Fähnchen...
Reply to: