Anders, thanks for the help, I will look into this immediately.
On 3/14/07, Anders Johansson
On Wednesday 14 March 2007 14:06, Abstract wrote:
Hello All,
I seem to be a little confused, so I may already know the correct answer , or may be stating it in the question.
I know that you should try and not run anything as root. For example, when you install mysql server, it starts with either the mysql user or the nobody user.
#1. What is this nobody user? It seems that you cannot log in as nobody. Is this a generic guest like account just for running services? Is this like the mysql user but with a different name? what do you call these types of accounts?
It's just an account where logins have been disabled, for security reasons
#2. Also, it seems to me that binding to a port would be a root level access thing.
No, only ports 0-1023 are restricted to root.
For example, if a start a program to bind to port 15000 then nothing else can bind to that port. Does it work like level of importance? If root wants to bind to that port does it drop the nobody user from that port?
No, not by default, root would get an error saying that the port is in use (although he can of course kill the process using the port if he wants to)
#3. Should you have a different "nobody" like user for each service you want to run? Or is that overkill?
There already are, for most of the normal services shipping in suse. e.g. wwwrun for apache, sshd for sshd, ntp for the ntp daemon and so on. Have a look in /etc/passwd for the complete list. All the lines that end in /bin/false have logins disabled
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org