[sclug] Non-human user IDs
James Fidell
james at cloud9.co.uk
Sat Oct 25 09:05:30 UTC 2003
Quoting Will Dickson (wrd at glaurung.demon.co.uk):
> The two I'm most interested in are "daemon" and "nobody". Do they have
> any special privileges or attributes? And is there any reason not to run a
> system service, which does not want any special privileges, as user ID
> daemon?
In the dim and distant past, "nobody" was the uid to which uids on
NFS-mounted filesystems were mapped if they didn't have a directly
specified mapping for the remote filesystem in question. This is
usually still the case, as far as I'm aware.
In the less dim and no-so-distant past, someone unwisely (imho) decided
that "nobody" was a good uid for daemons such as apache to run under,
apparently under the misapprehension that it was some special kind of
unprivileged user. With my systems admin hat on, I've always disagreed
with this. Far more sensible to have each separate daemon run with it's
own uid in order to limit potential interaction between different
components of the system. I believe this is what RedHat has been doing
in more recent releases.
James
More information about the Sclug
mailing list