on Thu, Nov 30, 2000 at 04:37:47PM -0200, Henrique M Holschuh (hmh+debianml@rcm.org.br) wrote:
> On Thu, 30 Nov 2000, Johann Spies wrote:
> > Who is this "nobody"?
>
> 'nobody' is a 'system' user. User 'nobody' should never ever have ANY files
> in the filesystem (if it does, that's probably a security hole), and should
> be used by daemons and the like that need only read access to files that are
> readable by all users.
Well:
$ find / /tmp /var /usr -mount -user nobody | xargs ls -l
srwxrwxrwx 1 nobody nogroup 0 Nov 19 04:02
/tmp/.font-unix/fs7100
-rw-rw---- 1 nobody mail 12487 Jun 2 2000
/var/spool/mail/nobody
/tmp/.font-unix:
total 0
srwxrwxrwx 1 nobody nogroup 0 Nov 19 04:02 fs7100
srwxr-xr-x 1 root root 0 Nov 19 04:02 fs7101
I'm not sure that nobody should own *no* files. But files owned by
nobody *should* be minimized. Note that nobody is just another
nonpriviledged user, and that file access isn't of and by itself a
problem.
In some cases, daemons run as 'nobody' (apache under RH, I believe), and
it may be necessary to create temporary files as 'nobody'.
Other thoughts?
--
Karsten M. Self <kmself@ix.netcom.com> http://www.netcom.com/~kmself
Evangelist, Zelerate, Inc. http://www.zelerate.org
What part of "Gestalt" don't you understand? There is no K5 cabal
http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
Attachment:
pgpYrnZIilVwJ.pgp
Description: PGP signature