Purpose of the nobody user

To: debian-policy@lists.debian.org
Subject: Purpose of the nobody user
From: Tom Vajzovic <t.deblists@purposeful.co.uk>
Date: Tue, 26 May 2020 17:40:05 +0100
Message-id: <[🔎] 20200526174005.27cc82d7@grove.home>

Hi,

I have a question about the purpose of the nobody user.

The Debian wiki suggests that nobody:nogroup can be used as a
general-purpose unprivileged user:
https://wiki.debian.org/SystemGroups

However, this Stack Exchange answer:
https://askubuntu.com/a/674397

and the Ubuntu wiki:
https://wiki.ubuntu.com/nobody

and the LSB:
https://refspecs.linuxbase.org/LSB_3.0.0/LSB-PDA/LSB-PDA/usernames.html

all seem to contradict this and suggest that in should be reserved for
NFS purposes only.

I have checked the Debian policy manual for an authoritative answer,
but it does not say anything apart from that nobody must exist and have
the id 65534.

So can someone please enlighten me as to which might be correct?

The reason for my question is this:  I am writing a process which runs
as root, but needs to fork a helper program which does not require file
system access at all and will perform I/O through pipes to the parent.

Is is sensible to change the id of that process to nobody before calling
exec for the helper?  If not, is there a better value?  daemon(uid 1)
for example?

Many thanks,
Tom

Reply to:

Follow-Ups:
- Re: Purpose of the nobody user
  - From: Ansgar <ansgar@debian.org>

Prev by Date: Processed: tagging 961294
Next by Date: Re: Purpose of the nobody user
Previous by thread: Processed: tagging 961294
Next by thread: Re: Purpose of the nobody user
Index(es):
- Date
- Thread