On 2011 Oct 04 (Tue) at 12:12:38 -0600 (-0600), Theo de Raadt wrote: > > On 2011 Oct 04 (Tue) at 12:00:08 -0600 (-0600), Theo de Raadt wrote: > > > > note the definition of def_anon in mountd.c, that one has a uid/gid of > > > > -2, now > > > > this might be a problem I suppose. > > > > > > > > However, for the nobody case. If you are mapping to nobody, mountd will > > > > populate > > > > the exportlist correctly for the anonymous user (with the nobody > > > > information) > > > > and pass that to the kernel, where there is some messing about... > > > > > > I don't think this changes anything regarding the master.passwd commit. > > > > > > Obviously nobody isn't just for NFS. It is used by locate, too. > > I dont know what locate is doing with nobody. > > > > What seems to be lost here, is that up to a point the nobody and NFS is > > analogous to _daemon/daemon. > > > > So, thats the point of nobody and thats why there is a linkage between > > NFS and nobody. > > I think you've not read the diff that was commited. You'd be wrong.
> master.passwd used to say: > > "Unprivileged user for NFS". Which I'm arguing it is. Just like _bgpd is the BGP daemon user. > But locate uses that login, too. If it wanted to be very > truthful, it could say > > "Unprivileged user for NFS and locate(1)". Again, I have no clue what locate(1) is doing, but given this I suspect it is wrong and warrants some looking into. > Or it can just say > > "Unprivileged user". > > That is what was commited. And this I think is wrong. There should be no general unprivileged user. There should be ,,application specific'' unprivileged users. Am I the only one who sees this parallel between the numerous _daemond users and there respective daemons and nobody and NFS ? If so, can someone please enlighten me about the purpose of nobody? Is it going to be used (do we want to encourage the usage that is) for something else or new ?
