Re: one user per daemon?
On Sat, Jul 05, 2003 at 02:26:24PM +0200, Christian Kujau wrote:
>
> the things is, when some of the "nobody" processes are compromised,
> *every* daemon "nobody" has started is in danger to be killed or misused.
>
> /etc/password lists a lot of unused (but somehow standard-)users, they
> could be used to run processes under a different user id.
On my systems, I have added several accounts dedicated to
programs like snort, spamd, syslogd, tftpd and others. It's just
as easy as doing an ``adduser --system --no-create-home <foo>''.
Usually, it's a good idea to create a corresponding system group
too.
I think, it's not the default because sometimes process
interaction gets difficult to manage.
bit,
adam
--
1024D/37B8D989 954B 998A E5F5 BA2A 3622 82DD 54C2 843D 37B8 D989
finger://borso@vekoll.vein.hu | Some days, my soul's confined
http://www.keyserver.net | And out of mind
Sleep forever
Reply to: