On Sat, Jul 05, 2003 at 02:26:24PM +0200, Christian Kujau wrote: > in another (german) newsgroup i saw a comment, being a bit upset about > the general-every-distribution behaviour to install new daemons under a > single user id. to be clear, if debconf/dpkg/whatever set up e.g. ntpd, > the default is that "root" starts the daemon. or user "nobody" does, but > another daemon was configured to be run from "nobody" too. the same > applies for user "daemon". only a few daemons are run by other users by > default, apache, snort or squid.
You're right that this is rather ridiculous. For the trivial cost of a new user, we get a significant gain in compartmentalization. I wish there were something in policy strongly recommending creating a new user for every system service. Andrew
