Why not just use nobody for programs that need their own user, as a sane default. Any smart admin should create any groups and users himself when necessairy. And prevents cluttering of unnecessairy users/groups. For example in my httpd setups, the http users would never be used.
IMO.
Glenn
Using nobody for each and every service makes the nobody user unsafe to use. As soon as one of your daemons is compromised, all of them are compromised also because they share the same user.
before a specific point in arch history we used to tell people that making a system "secure" and "easy" is the job of a sysadmin. For people who like a default "security" without rtfm, there is always debian. Arch doesnt need any scripts. If you're bored and don't know what to do with your free time i suggest either fixing one of the gazillion bugs in the debian easy-out-of-the-box install scripts or plaing chess. You can waste hours with that without giving us a big time headache when fixing the crap your automatic installers do. -- mit freundlichen Grüßen / best regards Arvid Ephraim Picciani