On Fri, May 28, 2010 at 4:05 AM, Werner Almesberger <wer...@openmoko.org> wrote: > Shaz wrote: >> Issue for the community that what user name or id to give for standard >> system services and utilities. > > Traditional choices for "service users" include "daemon", "nobody", > <service-name>, depending on what you're after. <service-name> can > be something like "mail", "uucp", "dhcp", etc. > > To prevent this sort of unprivileged "users" from owning too much > important stuff (not only files, but also processes - think kill > and strace attacks from an easily compromised unimportant "nobody" > service against a more valuable one), it's usually best to give > each its own user ID.
Thats exactly how it should be. Exceptions can be there but we can decide with time. > For a default "real user", if there's any chance that there may be > multiple users on the system, the system should probably just ask, > e.g., when getting the initial user password. We can't expect a smartphone or a mobile or a handheld to have multiple users. Can we? > If the system is truly single-user and the user/root separation is > purely technical, then something like "user", would work. Yup. -- Shaz
