On Tue, 2020-05-26 at 17:40 +0100, Tom Vajzovic wrote: > I have checked the Debian policy manual for an authoritative answer, > but it does not say anything apart from that nobody must exist and have > the id 65534. > > So can someone please enlighten me as to which might be correct? > > The reason for my question is this: I am writing a process which runs > as root, but needs to fork a helper program which does not require file > system access at all and will perform I/O through pipes to the parent.
As far as I know the best practice is to use a dedicated system user for each service. Running "everything" unprivileged as the nobody user is problematic as the different processes can access each other in unwanted ways (e.g. manipulating another process running as nobody using debugging interfaces like ptrace). For services that don't store files, systemd provides a convenient way to allocate such a system user: +--- | DynamicUser= | Takes a boolean parameter. If set, a UNIX user and group pair is | allocated dynamically when the unit is started, and released as | soon as it is stopped. +---[ man:systemd.exec(5) ] Ansgar
