MAJOR hole in 5.0

Daniel Roethlisberger daniel at
Fri Sep 26 16:28:51 PDT 2003

Dagmar d'Surreal <dagmar.wants at> wrote:
> Most folks figured out that having more than one thing using the
> nobody role account was a bad idea in the early 90's.

I fullheartedly agree: there should be a different unpriviledged user
account for every piece of software requiring such. But there is no harm
in having a nobody user, while at the same time, it might potentially
come in handy. *You* might know that you don't need it, especially on
production machines where you run only a small number of well-configured
daemons; but I believe that giving the general advice to remove the
nobody user without a lot of further background information (such as
contained in this thread) is not the Right Thing[tm] to do. The same
goes for all the basic security advice you gave (I wont comment any
further on that; I agree with your statements, but I draw a very
different conclusion from all that than you do, regarding advice on the
existence of a nobody user).

Anyway. Let's stop this thread, and let lfs-security come back to normal
again :-)


    Daniel Roethlisberger <daniel at>
    OpenPGP key id 0x804A06B1 (1024/4096 DSA/ElGamal)
    144D 6A5E 0C88 E5D7 0775 FCFD 3974 0E98 804A 06B1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <>

More information about the lfs-security mailing list