On Fri, May 28, 2010 at 4:05 AM, Werner Almesberger <[email protected]> wrote: > Shaz wrote: >> Issue for the community that what user name or id to give for standard >> system services and utilities. > > Traditional choices for "service users" include "daemon", "nobody", > <service-name>, depending on what you're after. <service-name> can > be something like "mail", "uucp", "dhcp", etc. > > To prevent this sort of unprivileged "users" from owning too much > important stuff (not only files, but also processes - think kill > and strace attacks from an easily compromised unimportant "nobody" > service against a more valuable one), it's usually best to give > each its own user ID.
Thats exactly how it should be. Exceptions can be there but we can decide with time. > For a default "real user", if there's any chance that there may be > multiple users on the system, the system should probably just ask, > e.g., when getting the initial user password. We can't expect a smartphone or a mobile or a handheld to have multiple users. Can we? > If the system is truly single-user and the user/root separation is > purely technical, then something like "user", would work. Yup. -- Shaz _______________________________________________ Shr-devel mailing list [email protected] http://lists.shr-project.org/mailman/listinfo/shr-devel
