From owner-cvs-etc  Mon Oct 27 10:30:04 1997
Return-Path: <owner-cvs-etc>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id KAA12486
          for cvs-etc-outgoing; Mon, 27 Oct 1997 10:30:04 -0800 (PST)
          (envelope-from owner-cvs-etc)
Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.133])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id KAA12324;
          Mon, 27 Oct 1997 10:28:15 -0800 (PST)
          (envelope-from mark@greenpeace.grondar.za)
Received: from greenpeace.grondar.za (mvD7JS1mRIWKSJvh+qxbZtWFvll+E9tn@greenpeace.grondar.za [196.7.18.132])
	by gratis.grondar.za (8.8.7/8.8.7) with ESMTP id UAA17706;
	Mon, 27 Oct 1997 20:28:09 +0200 (SAT)
	(envelope-from mark@greenpeace.grondar.za)
Received: from greenpeace.grondar.za (wR4HYofdkaSV/n9pvTLzXJwFfRt0K3yh@localhost [127.0.0.1])
	by greenpeace.grondar.za (8.8.7/8.8.7) with ESMTP id UAA29423;
	Mon, 27 Oct 1997 20:27:51 +0200 (SAST)
Message-Id: <199710271827.UAA29423@greenpeace.grondar.za>
X-Mailer: exmh version 2.0zeta 7/24/97
To: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.pp.ru>
cc: Tom <tom@uniserve.com>, Nate Williams <nate@mt.sri.com>,
        cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-etc@FreeBSD.ORG
Subject: Re: cvs commit: src/etc master.passwd 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 27 Oct 1997 20:27:50 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-cvs-etc@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

=?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= wrote:
> No. If you ever run Apache, you'll understand. Many CGI scripts and other
> things for WWW already assume nobody. 
> 
> BTW, I even see no reason to do it, we need just single nobody only to
> share among all programs which needs it, not bunch of no-user ids each per
> particular program.

The reason for nobody:nobody is a truly "nobody" user with no special
priveliges or status, not a user with features, etc shoehorned to fit 
available software. The software should be fixed, not the OS broken.

It sounds to me as though Apache and/or fingerd is broken. Surely an 
appropriate set{e}gid(2) will fix this (off the top of my head)?

Modifying a user (like you did) may be valid, but not as a design 
consideration. It is the sort of thing someone may do when building a 
box for a specific task, like a web server.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org