Date: Mon, 5 Jul 1999 09:32:15 +1200 From: "Dan Langille" <junkmale@xtra.co.nz> To: Jonathon Doran <doranj@Colorado.EDU> Cc: questions@FreeBSD.ORG Subject: Re: Use of user nobody Message-ID: <19990704213504.GDNY112692.mta2-rme@wocker> In-Reply-To: <199907041724.LAA05763@ucsu.Colorado.EDU> References: <199907040824.EAA27272@arutam.inch.com> from "Francisco Reyes" at Jul 4, 99 04:25:41 am
next in thread | previous in thread | raw e-mail | index | archive | help
On 4 Jul 99, at 11:24, Jonathon Doran wrote: > > Recently I installed Squid based on the instructions in an article at > > freebsdezine.com Two of the steps involved changing the owners of > > directories/files to "nobody". > > > > Is this safe? What does it mean? > > Yes, it is safe. > > > Anything special about this user? > > This user has no privilages, can't login, has an invalid password, and > doesn't belong to any group. This limits the ability to exploit bugs in > programs running as "nobody". There is otherwise, nothing special about > nobody. Given the above, I recall reading somewhere that it's better to create a separate user for apache (such as http). Any logic behind that reasoning? -- Dan Langille - DVL Software Limited The FreeBSD Diary - http://www.FreeBSDDiary.org/freebsd/ NZ FreeBSD User Group - http://www.nzfug.nz.freebsd.org/ The Racing System - http://www.racingsystem.com/racingsystem.htm To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990704213504.GDNY112692.mta2-rme>