[systemd-devel] Github systemd issue 6237

Lennart Poettering lennart at poettering.net
Mon Jul 10 10:55:27 UTC 2017


On Thu, 06.07.17 10:34, Reindl Harald (h.reindl at thelounge.net) wrote:

> 
> 
> Am 06.07.2017 um 09:59 schrieb Jonathan de Boyne Pollard:
> > Reindl Harald:
> >  > at least fall back to “nobody”
> > 
> > Jonathan de Boyne Pollard:
> >  > That idea is wrong.
> >  >
> >  > https://news.ycombinator.com/item?id=14681377#14682059
> > 
> > Reindl Harald:
> >  > better than a stupid [...]
> > 
> > Not really, no.  It's the same category of error, in fact: substituting
> > an account other than the one that the system administrator explicitly
> > said to drop privileges to.
> 
> yes, it's both nonsense, but when i only have the option to choose between
> two types of nonsense i take the one which don't give root permissions

The "nobody" user has special semantics on Linux: it's where things
are mapped to that can't be mapped otherwise. It's used by user
namspacing, by NFS and others. It's really not a good idea, to permit
random services to create and access files under that ID.

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list