Re: daemons running as nobody

To: Arthur Korn <arthur@korn.ch>, debian-devel@lists.debian.org
Subject: Re: daemons running as nobody
From: Russell Coker <russell@coker.com.au>
Date: Wed, 4 Apr 2001 13:59:06 +1000
Message-id: <[🔎] 01040413590601.07700@lyta>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] 20010401151349.C711@korn.ch>
References: <20010401003440.A28243@ocsi.debian.net> <[🔎] E14jfhl-0005zW-00@rakefet> <[🔎] 20010401151349.C711@korn.ch>

On Sunday 01 April 2001 23:13, Arthur Korn wrote:
> Note: running all daemons as root is even worse than running all
> as nobody, but many daemons have to bind to privilegued ports
> somehow, and since there are no filesystem-like permissions on
> ports daemons have to be launched as root.

Install the "authbind" package and you get file system like permissions on 
ports!

> ( msyslog wouldn't be running as root if there weren't network
> input modules that need to reopen privilegued ports on
> reinitialisation. )

So run it from authbind.

> > What does nobody intended for?
>
> uhm ... dunno.

Nobody is a catch-all user.  There are quite a number of programs which will 
setuid(nobody) if run as root.

-- 
http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page

Reply to:

References:
- Re: daemons running as nobody
  - From: Shaul Karl <shaulka@bezeqint.net>
- Re: daemons running as nobody
  - From: Arthur Korn <arthur@korn.ch>

Prev by Date: Re: chroot BIND Re: Task harden.
Next by Date: Global secure install requested flag(Re: Task harden.)
Previous by thread: Re: daemons running as nobody
Next by thread: fvwm-beta (2.3) packages are apt'able now
Index(es):
- Date
- Thread