[systemd-devel] Github systemd issue 6237
Lennart Poettering
lennart at poettering.net
Mon Jul 10 10:55:27 UTC 2017
On Thu, 06.07.17 10:34, Reindl Harald (h.reindl at thelounge.net) wrote:
>
>
> Am 06.07.2017 um 09:59 schrieb Jonathan de Boyne Pollard:
> > Reindl Harald:
> > > at least fall back to “nobody”
> >
> > Jonathan de Boyne Pollard:
> > > That idea is wrong.
> > >
> > > https://news.ycombinator.com/item?id=14681377#14682059
> >
> > Reindl Harald:
> > > better than a stupid [...]
> >
> > Not really, no. It's the same category of error, in fact: substituting
> > an account other than the one that the system administrator explicitly
> > said to drop privileges to.
>
> yes, it's both nonsense, but when i only have the option to choose between
> two types of nonsense i take the one which don't give root permissions
The "nobody" user has special semantics on Linux: it's where things
are mapped to that can't be mapped otherwise. It's used by user
namspacing, by NFS and others. It's really not a good idea, to permit
random services to create and access files under that ID.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list