Date: Sun, 4 Jul 1999 23:46:59 -0600 (MDT) From: Jonathon Doran <doranj@Colorado.EDU> To: junkmale@xtra.co.nz Cc: doranj@Colorado.EDU, questions@FreeBSD.ORG Subject: Re: Use of user nobody Message-ID: <199907050546.XAA06548@ucsu.Colorado.EDU> In-Reply-To: <19990704213504.GDNY112692.mta2-rme@wocker> from "Dan Langille" at Jul 5, 99 09:32:15 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > This user has no privilages, can't login, has an invalid password, and > > doesn't belong to any group. This limits the ability to exploit bugs in > > programs running as "nobody". There is otherwise, nothing special about > > nobody. > > Given the above, I recall reading somewhere that it's better to create a > separate user for apache (such as http). Any logic behind that reasoning? Yes. If you have multiple programs (say Apache and wu_ftp) and you were to run them under the same UID, it might be possible to use one to mess with the other. This would be easier, since they would share ownership of some files. However, if each had their own UID, they wouldn't be able to get out of their sandbox. Jon Doran To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907050546.XAA06548>