Purpose of the nobody user
Hi,
I have a question about the purpose of the nobody user.
The Debian wiki suggests that nobody:nogroup can be used as a
general-purpose unprivileged user:
https://wiki.debian.org/SystemGroups
However, this Stack Exchange answer:
https://askubuntu.com/a/674397
and the Ubuntu wiki:
https://wiki.ubuntu.com/nobody
and the LSB:
https://refspecs.linuxbase.org/LSB_3.0.0/LSB-PDA/LSB-PDA/usernames.html
all seem to contradict this and suggest that in should be reserved for
NFS purposes only.
I have checked the Debian policy manual for an authoritative answer,
but it does not say anything apart from that nobody must exist and have
the id 65534.
So can someone please enlighten me as to which might be correct?
The reason for my question is this: I am writing a process which runs
as root, but needs to fork a helper program which does not require file
system access at all and will perform I/O through pipes to the parent.
Is is sensible to change the id of that process to nobody before calling
exec for the helper? If not, is there a better value? daemon(uid 1)
for example?
Many thanks,
Tom
Reply to: