[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: passwd entry for uid -1

Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de> writes:

> Right, and I think it is a good idea to not dynamically create this entry
> either, as the uid must not change anyway.

Yup, no "adduser" involved, no problem.

> > BTW, what's the difference to Unix's nobody?
> Nobody is just another user, though usually with special semantics.

Hmm, all the security punduits continously preach that "nobody" was
only meant as a no-rights-at-all target to map root to in NFS.
"nobody" actually owning stuff is a big no-no. So I count that not as
just another user. I'd actually wager that "nobody" was in fact an
attempt to emulate the concept of an empty id set (or empty capability
set) in Unix semantics.

If that's correct, unifying them may be good. May be I'm missing
something, though.


Attachment: signature.ng
Description: PGP signature

Reply to: