[arch-general] [arch-dev-public] adding http user/group to filesystems
Arvid Ephraim Picciani
aep at ibcsolutions.de
Sun Jun 22 12:36:41 EDT 2008
> > Why not just use nobody for programs that need their own user, as a sane
> > default. Any smart admin should create any groups and users himself when
> > necessairy. And prevents cluttering of unnecessairy users/groups. For
> > example in my httpd setups, the http users would never be used.
> >
> > IMO.
> >
> > Glenn
>
> Using nobody for each and every service makes the nobody user unsafe to
> use. As soon as one of your daemons is compromised, all of them are
> compromised also because they share the same user.
before a specific point in arch history we used to tell people that making a
system "secure" and "easy" is the job of a sysadmin.
For people who like a default "security" without rtfm, there is always debian.
Arch doesnt need any scripts. If you're bored and don't know what to do with
your free time i suggest either fixing one of the gazillion bugs in the
debian easy-out-of-the-box install scripts or plaing chess. You can waste
hours with that without giving us a big time headache when fixing the crap
your automatic installers do.
--
mit freundlichen Grüßen / best regards
Arvid Ephraim Picciani
More information about the arch-general
mailing list