[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Daemons as user "nobody"



Hi Konstantin Ryabitsev!

 On Wed, Sep 05, 2007 at 12:37:16PM -0400, Konstantin Ryabitsev wrote next:

> I recall there being something about running daemons as user "nobody."
> Is that still a policy? Cursory search in the wiki revealed nothing,
> but searching for "user nobody" is near-futile. :)
> Don't we normally create daemon-specific users?
If you create only one user to many services you pick up big security hole.
For example, you have installed httpd and mysql under nobody account. If the
cracker crashed httpd he also got access to mysql. That's why we need to
create separate user per unique service.

-- 
With best regards,
Andy Shevchenko.      mailto: andy smile org ua



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]