Re: [Lsb-appbat] RE: Running appbat pkgs in LSB-si

To: Jim Kingdon <kingdon@panix.com>
Cc: anderson@freestandards.org, lsb-impl@lists.linuxbase.org, lsb-appbat@freestandards.org
Subject: Re: [Lsb-appbat] RE: Running appbat pkgs in LSB-si
From: George Kraft IV <gk4@austin.ibm.com>
Date: Thu, 08 Aug 2002 10:35:16 -0500
Message-id: <[🔎] 3D528FB4.7DFC8376@austin.ibm.com>
Reply-to: gk4@austin.ibm.com
References: <[🔎] 20020808001314.Y13906-100000@trantor.stuart.netsweng.com> <[🔎] 200208081503.g78F3IT20069@panix3.panix.com>

> The footnote for "daemon" says:
> 
>     The 'daemon' UID/GID was used as an unprivileged UID/GID for daemons
>     to execute under in order to limit their access to the system.
>     Generally daemons should now run under individual UID/GIDs in order to
>     further partition daemons from one another.

The preconfigured 'daemon' seems to be less of a risk than for daemons to run
under individual UID/GIDs.  

> 
> Although "nobody" hasn't been quite the security nightmare that
> "daemon" has (as far as I know), it seems a bit odd to overload the
> NFS thing (which doesn't even seem to apply to my Red Hat system, as
> nobody is UID 99 rather than 65534 or whatever it is in the NFS case)
> and the Apache thing.
> 
> The flip side of course is that Apache running as nobody is pretty
> long-standing tradition and people (or even applications) might be
> used to making files owned by nobody if CGI's need to write them.

Reply to:

References:
- Re: [Lsb-appbat] RE: Running appbat pkgs in LSB-si
  - From: anderson@freestandards.org
- Re: [Lsb-appbat] RE: Running appbat pkgs in LSB-si
  - From: Jim Kingdon <kingdon@panix.com>

Prev by Date: Re: [Lsb-appbat] RE: Running appbat pkgs in LSB-si
Next by Date: Re: [Lsb-appbat] RE: Running appbat pkgs in LSB-si
Previous by thread: Re: [Lsb-appbat] RE: Running appbat pkgs in LSB-si
Next by thread: Re: [Lsb-appbat] RE: Running appbat pkgs in LSB-si
Index(es):
- Date
- Thread