[Techtalk] creating a system user with no privileges
James
jas at spamcop.net
Fri May 21 15:45:37 EST 2004
On Thu, 20 May 2004 10:53:59 -0700, Carla Schroder <carla at bratgrrl.com>
wrote:
> Some programs, like Postfix, warn against using 'nobody'. If the
> installation does not create the required Postfix users, you
> have to create them manually.
> Or when I'm torture-testing some poor innocent app, I want to create
> minimally-privilege users just for testing.
Also, there's a problem with using 'nobody' for everything: having,
say, the mail server and web server both running as nobody then allows
an intruder who compromised one to tamper with the other - defacing the
website by compromising Sendmail, or making you into an open relay for
spamming by exploiting a buggy CGI script. Create 'webuser' and 'mailuser'
to use instead of 'nobody', and at least an attacker is confined to
whichever subsystem had the hole.
James.
More information about the Techtalk
mailing list