Re: system users/groups (was: nobody/nogroup - ITP maildir-bulletin)
On Thu, Oct 21, 1999 at 12:44:13PM +0200, Russell Coker wrote:
> > However we don't want to have too many system users and groups...
On Thu, Oct 21, 1999 at 09:31:13PM -0400, Andrew Pimlott wrote:
> On the contrary, we should have as many as is practical.
>
> - There is no shortage of dynamic system user and group ids.
> - Every privilege boundaries we establish limits the potential damage of a
> bug or security breach.
> - There is rarely any loss in flexibility, since system programs know ahead
> of time what files they need special privileges for.
While this is all true for the current context, I'd like to remind you
that there's a limit to how many groups a running process can acquire.
--
Raul
Reply to: