[Jyri Virkki:]
| The primary reason for not running every daemon as root is isolation.
| Once upon a time most things ran as root. As soon as you managed to
| get any of them to do something unintended (by any number of ways), it
| did it as root, game over. Ok next we ran them all as some non-user
| (and "nobody" is a popular, if incorrect, choice). That's better,
| since the compromised process only gets limited access to do harm. Of
| course, if every important server (and its log files, data files, etc)
| on the system belong to that same user, the harm to be done isn't so
| limited after all.
|
| The logical conclusion is you run every server as its own user to
| isolate each one.
|
| That's how it works on e.g. debian - every (or so, I haven't checked
| all) package delivering a daemon process delivers a unique user to go
| with it.
|
| (Today there's more choices, zones for instance. But not everybody
| wants to always have to do separate zones for every thing. And while
| relatively lightweight, it is still more overhead (resources and
| administrative) than just running two processes.)
Would you advocate different userids for different versions? ie apache2
and apache2.2 ?
rahul
--
1. e4 _
