Dmitry Bogatov <kact...@gnu.org> writes: > You are right. But what are we going to do anyway in case if user > installs 901 different daemons? Seems that approach of system users does > not scale at all.
Indeed. That said, I don't think I've seen a system consume more than 50 users or so. In practice, there do seem to be enough users. But that might not be the case if we accumulate users forever and never recycle those system UIDs. > Just a thought: `setuid(2)' accepts uid_t, which is 32bit on my 64 bit > system. So probably it possible to run process isolated without creating > entry in /etc/passwd? Hm, transient IDs is an interesting idea. In a lot of cases, we create a system user just to isolate the running daemon, not to control file system access. The drawback, though, is that one has to have a really clear idea of what resources the process would need in order to make sure this is safe. (A much clearer idea than the understanding we need to know when it's safe to delete a system user, I think.) Using random high-numbered IDs, while appealing, probably isn't a great idea because we allow the local admin to use that space. It's possible that they're doing something that's consuming millions of IDs for some reason, so although there's a lot of space there, we can't entirely rule out the possibility of a conflict. Although we could probably carve out more space if we really needed to. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>