Re: daemons running as nobody

To: debian-devel@lists.debian.org
Subject: Re: daemons running as nobody
From: Arthur Korn <arthur@korn.ch>
Date: Sun, 1 Apr 2001 15:13:49 +0200
Message-id: <[🔎] 20010401151349.C711@korn.ch>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] E14jfhl-0005zW-00@rakefet>; from shaulka@bezeqint.net on Sun, Apr 01, 2001 at 01:07:28PM +0200
References: <20010401003440.A28243@ocsi.debian.net> <20010401014420.98D3.GAUTIER@email.enst.fr> <20010331145058.L909@plato.local.lan> <erbenson@alaska.net> <[🔎] E14jfhl-0005zW-00@rakefet>

Hi

Shaul Karl schrieb:
> How should important daemons run?

Under it's own user.

> Why?

If one there is a root shell listening as nobody on the network,
all other daemons running as nobody are comromised as well. This
is particulary bad for things that just _have_ to work. Loosing
a game server is not that bad, loosing rpc.yppasswdd would be
... bad.

Note: running all daemons as root is even worse than running all
as nobody, but many daemons have to bind to privilegued ports
somehow, and since there are no filesystem-like permissions on
ports daemons have to be launched as root.

( msyslog wouldn't be running as root if there weren't network
input modules that need to reopen privilegued ports on
reinitialisation. )

> Why nobody should not own ANY file on the filesystem?

Every file should be owned by somebody, and nobody is nobody ...

> What does nobody intended for?

uhm ... dunno.

ciao, 2ri
-- 
Tux und Chucky spielen "capture the flag" mit Windos-Fähnchen...

Reply to:

Follow-Ups:
- Re: daemons running as nobody
  - From: Russell Coker <russell@coker.com.au>

References:
- Re: daemons running as nobody
  - From: Shaul Karl <shaulka@bezeqint.net>

Prev by Date: Re: daemons running as nobody
Next by Date: Re: Security through paranoia 2, with proposal...
Previous by thread: Re: daemons running as nobody
Next by thread: Re: daemons running as nobody
Index(es):
- Date
- Thread