Re: [Lsb-appbat] RE: Running appbat pkgs in LSB-si
> The footnote for "daemon" says:
> The 'daemon' UID/GID was used as an unprivileged UID/GID for daemons
> to execute under in order to limit their access to the system.
> Generally daemons should now run under individual UID/GIDs in order to
> further partition daemons from one another.
The preconfigured 'daemon' seems to be less of a risk than for daemons to run
under individual UID/GIDs.
> Although "nobody" hasn't been quite the security nightmare that
> "daemon" has (as far as I know), it seems a bit odd to overload the
> NFS thing (which doesn't even seem to apply to my Red Hat system, as
> nobody is UID 99 rather than 65534 or whatever it is in the NFS case)
> and the Apache thing.
> The flip side of course is that Apache running as nobody is pretty
> long-standing tradition and people (or even applications) might be
> used to making files owned by nobody if CGI's need to write them.