LWN.net Logo

Advertisement

ThinLinc Terminal Server

Advanced thin client solution for Linux, based on Open Source. Mix Windows and Linux applications on the same desktop.

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LK2008: The values of the Linux community

LWN.net Weekly Edition for October 9, 2008

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

"nobody"

"nobody"

Posted Feb 11, 2008 23:39 UTC (Mon) by bronson (subscriber, #4806)
In reply to: "nobody" by rfunk
Parent article: LCA: Two talks on the state of X 

"nobody" has come to mean the generic unprivileged user.  Lots of distros run server software
as nobody these days.

If NFS really wants to make this distinction, why don't they call their user "nfs-not-root" or
"squashed-root" or something a little less generic?

(Log in to post comments)

"nobody"

Posted Feb 12, 2008 1:21 UTC (Tue) by nix (subscriber, #2304) [Link] 

Because NFS was the first thing to need such a user, so it's become 
traditional?

(Isn't `daemon' the ID you run otherwise-low-privilege daemons as, 
anyway?)

"nobody"

Posted Feb 13, 2008 20:43 UTC (Wed) by cortana (subscriber, #24596) [Link] 

It's the UID you run a daemon as when you want it to have privileges to interfere with other
daemons running as 'daemon'. :)

Seriously... adduser --system is not hard! Give everything its own user!

"nobody"

Posted Feb 14, 2008 12:49 UTC (Thu) by nix (subscriber, #2304) [Link] 

But what if I had over 64K daemons running?

... oh, 32-bit uids. What if I had over four billion daemons running?

(seriously, with KDE it's only a matter of time! I suppose those all run as the KDE desktop
user though.)

;}

"nobody"

Posted Feb 14, 2008 18:58 UTC (Thu) by quotemstr (subscriber, #45331) [Link] 

That's the problem. If everyone uses the same generic "unprivileged" user, that user actually
becomes quite powerful. Better would be to separate out users for each application.

"nobody"

Posted Feb 22, 2008 8:34 UTC (Fri) by goaty (guest, #17783) [Link] 

The practice of running all daemons as "nobody" was a historical mistake. This has been
corrected in Debian and (I hope) most other Linux distributions. Each daemon runs as a
separate user, which prevents both accidental and malicious interference with other daemons.

The extreme example is qmail, which has four user accounts and no license.

I think "run as nobody" has become a shorthand for "run as an unprivileged user instead of
root", and that is how the article was using it. I think the LWN guys are clueful enough that
they wouldn't suggest we literally run the X server as the "nobody" user.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds