hi,
in another (german) newsgroup i saw a comment, being a bit upset about
the general-every-distribution behaviour to install new daemons under a
single user id. to be clear, if debconf/dpkg/whatever set up e.g. ntpd,
the default is that "root" starts the daemon. or user "nobody" does, but
another daemon was configured to be run from "nobody" too. the same
applies for user "daemon". only a few daemons are run by other users by
default, apache, snort or squid.
the things is, when some of the "nobody" processes are compromised,
*every* daemon "nobody" has started is in danger to be killed or misused.
/etc/password lists a lot of unused (but somehow standard-)users, they
could be used to run processes under a different user id.
yes, it's a bit confusing, please ask if i was unlcear.
Thanks for comments,
Christian.
--
BOFH excuse #224:
Jan 9 16:41:27 huber su: 'su root' succeeded for .... on /dev/pts/1
