I think the idea of running as a user other than root is good, but having venus run as 'nobody' would make the venus file cache visible to any other process running as 'nobody'. I don't think that would be very nice!
true - I was being sloppy, and really should have talked about a uid/gid just for venus. But that seems far away, and starting to remove the reasons why it can't be done one by one needs doing first.
