On Friday 23 June 2006 11:14, Bill Kendrick wrote: ... > For the life of me, I couldn't really explain _what_ "nobody" is used for. > I'm familiar with it in terms of NCSA httpd and Apache, but beyond that... > A little help, here? :^D
I'll take a stab at this. The way I would explain it is that a *nix system has a variety of users that are non-human. They are users in the sense that they run processes that do not require privileges to other parts of the system, and they maintain resources (e.g. files and directories) to which other parts of the system do not need access. Therefore it is convenient and sensible to isolate them from human users and from each other in the same way that human users are isolated from each other. The general idea is that your system is more secure if access is not granted where it is not needed. A non-human user may be a security risk if, for example, it runs a program containing a flaw that lets someone break in and run tasks with the privileges of that user. I suppose someone chose the name "nobody" for one of these users simply to emphasize that it's not human. But there are many other examples of such users, like apache, bind, daemon, mail, mysql and news. I hope this is not too condescending... I wrote it this way so that newbies may also find it useful. Rod _______________________________________________ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
