Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 16 Aug 2011 14:31:34 +0100
From:      Matthew Seaman <>
To:        Chuck Swiger <>
Cc:        FreeBSD Questions <>, Chris Brennan <>
Subject:   Re: unprivledged users (for a service)
Message-ID:  <>
In-Reply-To: <>
References:  <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 15/08/2011 17:42, Chuck Swiger wrote:
> On Aug 15, 2011, at 9:37 AM, Chris Brennan wrote:
>> > It's been a while since I've had to do this and the drive that conta=
>> > all of my notes is dead, along with the backup (I was actually lucky=
>> > recover my home drive before it also failed but my notes were not=20
>> > there). I cannot for the life of me remember how to properly add an =

>> > unprivledged user that will only be used for running a specific syst=
>> > service. So it doesn't need a login shell or $HOME.

> Add a user and set the shell to /bin/false or perhaps /sbin/nologin; fo=
r $HOME set it to /var/empty or /tmp, perhaps.

Good advice, except... for this sort of user that exists solely to run
various processes, generally it is preferable for them *not* to be able
to write to their home directory.  Especially if the software concerned
is exposed to the internet.

The reasoning here is that if there is, say, a buffer overflow attack
against your software, then an attacker can remotely inject and run
various sorts of shell-code exploits.  If they can change arbitrary
files in the accounts home directory, then they can relatively simply
get a login shell.

So, /tmp not a good idea. / is actually a pretty good choice, and
similarly /var/empty (which is specifically designed for this sort of



Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP:     Ramsgate
JID:               Kent, CT11 9PW

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla -



Want to link to this message? Use this URL: <>