Andrew Pimlott wrote:
On Sat, Jul 05, 2003 at 02:26:24PM +0200, Christian Kujau wrote:
in another (german) newsgroup i saw a comment, being a bit upset about
the general-every-distribution behaviour to install new daemons under a
single user id. to be clear, if debconf/dpkg/whatever set up e.g. ntpd,
the default is that "root" starts the daemon. or user "nobody" does, but
another daemon was configured to be run from "nobody" too. the same
applies for user "daemon". only a few daemons are run by other users by
default, apache, snort or squid.
You're right that this is rather ridiculous. For the trivial cost
of a new user, we get a significant gain in compartmentalization.
I wish there were something in policy strongly recommending creating
a new user for every system service.
hmm, ok. thanks for confirming that, i thought i/someone missed a hidden
feature or so. i see, there is work done *towards* a one-user-per-daemon
system, as i named some daemons above. and yes, i know, that *work*
would be sooner done with even more people working on it....
Thank you,
Christian.
--
BOFH excuse #363:
Out of cards on drive D:
