Re: daemons running as nobody

To: debian-devel@lists.debian.org
Subject: Re: daemons running as nobody
From: Yotam Rubin <yotam@makif.omer.k12.il>
Date: Sun, 1 Apr 2001 17:12:27 +0200
Message-id: <[🔎] 20010401171227.A489@insomia17>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] E14jfhl-0005zW-00@rakefet>; from shaulka@bezeqint.net on Sun, Apr 01, 2001 at 01:07:28PM +0200
References: <20010401003440.A28243@ocsi.debian.net> <20010401014420.98D3.GAUTIER@email.enst.fr> <20010331145058.L909@plato.local.lan> <erbenson@alaska.net> <[🔎] E14jfhl-0005zW-00@rakefet>

Gentle people,

The ideal situation is that all detached user-space processes have separate 
owners. The rationale for this is obvious: In case of a compromise, the  
attacker can only manipulate resources which are owned by the compromised 
service. If multiple processes were to be owned by the 'nobody' user, then the
attacker would gain access to services beyond the one which was compromised.
Sadly, few services change their owner UID following their creation.
I do not know why the 'nobody' user exists (Perhaps a more history
aware person would care to share his knowledge) but a service must be owned
by a user unique to that particular service; for example, named should be owned  
by adnsowner (Or something similar). 'nobody' should be avoided because it is
not unique to any service and many (stupid) programs may choose to use it. 
The bottom line is: Each daemon should have a corresponding user, this may
lead to bulky passwd files, but the merits far surpass the disavanteges.

	Regards, Yotam Rubin

On Sun, Apr 01, 2001 at 01:07:28PM +0200, Shaul Karl wrote:
> > On Sun, Apr 01, 2001 at 01:45:46AM +0200, Fabrice Gautier wrote:
> > >=20
> > > On Sun, 1 Apr 2001 00:34:40 +0200
> > > Lenart Janos <ocsi@irisz.hu> wrote:
> > >=20
> > > > I thought *not* any daemon should run as nobody,
> > >=20
> > > Why (do you think that) ?
> > > Why not (should daemons run as nobody) ?
> > 
> > i think running daemons as nobody is ok if done in moderation, and
> > only on more or less unimportant daemons.  the thing with nobody is it
> > should not own ANY file on the filesystem.  so if the daemon needs to
> > write files it should not run as nobody. =20
> > 
> > the bigger flam^H^H^H^Hdebate is whether daemons should share uids at
> > all. =20
> > 
> > --=20
> > Ethan Benson
> > http://www.alaska.net/~erbenson/
> > 
> 
> 
> How should important daemons run? Why? Why nobody should not own ANY file on the filesystem? What does nobody intended for?
> -- 
> 	
> 	Shaul Karl <shaulka@bezeqint.net>
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

References:
- Re: daemons running as nobody
  - From: Shaul Karl <shaulka@bezeqint.net>

Prev by Date: Re: Preparing 2.2r3
Next by Date: Re: daemons running as nobody
Previous by thread: Re: daemons running as nobody
Next by thread: Re: daemons running as nobody
Index(es):
- Date
- Thread