> On Mon, Jun 01, 2009 at 11:20:19PM -0600, Theo de Raadt wrote: > > > Hmm.. kinda feels like a waste to create a new user/group. > > > The app doesn't write to any files nor does it have any > > > config files (ATM). > > > > > > How about I stick with nobody? > > > > How about everyone just share the root account? > > > > What are you afraid of, that we'll run out of users and groups? > > > > There are very good documented reasons why we have all daemons > > use different uids. Much security is failed from seperation. > > OK. I was just trying to use an available non-privileged > account. I had not realized nobody was "special" in that > it is being used for NFS.
Every account that exists is being used for something. The point isn't just about nobody; it is about using the uid space for seperation. If you share, you don't have seperation.
