[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Lsb-appbat] RE: Running appbat pkgs in LSB-si

> The footnote for "daemon" says:
>     The 'daemon' UID/GID was used as an unprivileged UID/GID for daemons
>     to execute under in order to limit their access to the system.
>     Generally daemons should now run under individual UID/GIDs in order to
>     further partition daemons from one another.

The preconfigured 'daemon' seems to be less of a risk than for daemons to run
under individual UID/GIDs.  

> Although "nobody" hasn't been quite the security nightmare that
> "daemon" has (as far as I know), it seems a bit odd to overload the
> NFS thing (which doesn't even seem to apply to my Red Hat system, as
> nobody is UID 99 rather than 65534 or whatever it is in the NFS case)
> and the Apache thing.
> The flip side of course is that Apache running as nobody is pretty
> long-standing tradition and people (or even applications) might be
> used to making files owned by nobody if CGI's need to write them.

Reply to: