[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Lsb-appbat] RE: Running appbat pkgs in LSB-si



> Ummm.. it's late enough that I can claim to be sleep walking if I have to
> back out of this one 8-), but it seems like nobody would be pretty safe to
> add. It is already in the list of optional username anyway.

Hmm.

The footnote for "daemon" says:

    The 'daemon' UID/GID was used as an unprivileged UID/GID for daemons
    to execute under in order to limit their access to the system.
    Generally daemons should now run under individual UID/GIDs in order to
    further partition daemons from one another.

Although "nobody" hasn't been quite the security nightmare that
"daemon" has (as far as I know), it seems a bit odd to overload the
NFS thing (which doesn't even seem to apply to my Red Hat system, as
nobody is UID 99 rather than 65534 or whatever it is in the NFS case)
and the Apache thing.

The flip side of course is that Apache running as nobody is pretty
long-standing tradition and people (or even applications) might be
used to making files owned by nobody if CGI's need to write them.



Reply to: