> In addition to running as daemon it is also recommended to remove the
> basic privileges proc_info and proc_session which gives a lot of the
> benefits of running as a different uid for each process.
>
> This has all been covered in previous cases that dealt with uid allocation.
>
> Maybe I should write it up in a best practice.
I don't want to stray too far off course with this. I will note
we could ask Joe about noaccess, and let's continue the archeology
off line:
shadow:
1.4
17 lines
No id keywords (cm7)
noaccess:NP:6445::::::
D 1.4 90/04/24 01:09:41 jek3 13 11 00003/00001/00014
MRs:
COMMENTS:
k18.2 Merge; matches passwd; retains lp uid
jek3 Fri Apr 20 19:41:02 1990
passwd:
1.4
17 lines
No id keywords (cm7)
noaccess:x:60002:60002:uid no access:/:
D 1.4 90/04/24 01:09:45 jek3 13 11 00003/00001/00014
MRs:
COMMENTS:
k18.2 merge - retained lp uid and nuucp as 9 - k18.2 adds nobody
and noaccess
jek3 Fri Apr 20 19:38:42 1990
shadow:
1.11
noaccess:*LK*:6445::::::
14 lines
No id keywords (cm7)
D 1.11 03/10/10 14:15:45 darrenm 21 20 00004/00003/00010
MRs:
COMMENTS:
PSARC/2003/592 Clarification of nobody account usage
4862399 nobody account in /etc/passwd should have an account description
PSARC/2003/405 Sun ONE WebServer reserved uid/gid
4926183 webservd uid 80 gid 80 should be in the default
passwd/shadow/group file
Gary..
