On 6/12/19 1:56 PM, Thomas Trepl via blfs-dev wrote:
Am Mittwoch, den 12.06.2019, 11:01 -0500 schrieb Douglas R. Reno via
blfs-dev:
Hi folks,
I was just building rpcbind-1.2.5 and noticed a curious difference between SysV
and systemd's instructions.
On systemd, we create a separate "rpc" user to isolate the package similar to
how we would any other system daemon:
"There should be a dedicated user and group to take control of the rpcbind
daemon after it is started. Issue the following commands as the root user:
groupadd -g 28 rpc
useradd -c "RPC Bind Daemon Owner" -d /dev/null -g rpc \
-s /bin/false -u 28 rpc
On SysV, we tell the rpcbind daemon to use the root user in the configure command:
"--with-rpcuser=root". On systemd, we tell it to use "--with-rpcuser=rpc".
Should we setup a dedicated user and group for the rpcbind daemon in SysV like
we do for systemd?
From security perspective a dedicated user might be the better choice
than root. Looks like that root isn't required to be the user running
rpcbind.
I'd vote for user rpc.
We could do that, but I don't think that it is necessary without some
specific rationale. Do we create a specific user for every daemon?
What about syslogd, klogd, acpid, haveged, sshd, gpm ... ? Those are
all run as root on my very limited system in it's current state of
build. On a more complete system, add upowerd, cupsd, postfix/master,
and fcron.
-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
