Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 19 Aug 2001 00:27:44 -0500
From:      Jeffrey Dunitz <orpheus@avalon.net>
To:        Eric Lam <ecrim@earthlink.net>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Nobody
Message-ID:  <20010819002744.A7556@lemieux.condolan.asn>
In-Reply-To: <NFBBLKKCLDGIJGPDMDAAIEFACAAA.ecrim@earthlink.net>; from ecrim@earthlink.net on Fri, Aug 17, 2001 at 07:57:50PM %2B0100
References:  <NFBBLKKCLDGIJGPDMDAAIEFACAAA.ecrim@earthlink.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On this day Fri, Aug 17, 2001 at 07:57:50PM +0100, the following great wisdom poured forth from the mouth of Eric Lam, to the stark amazement of all who witnessed: 
> Would someone please explain, in detail, what does, "Loading a daemon as
> nobody..." mean?  I kinda get what it's for, but I would like to know what
> are the pros, and the cons/limitations.  Thanks.

Well, exactly _how_ you do it depends on the particular daemon
you're dealing with--apache, for example, lets you specify the user
and group right in the config file. Things that run out of inetd 
have their user set in the inetd.conf file. Most things there run
as root, except for things like identd and finger.
 
The advantage, and really the only one, to running something as 
nobody is security. If someone is able to find an exploit for the
daemon in question, to make it execute arbitrary commands or access
files, they can only see or modify stuff the nobody user has access 
to. If you run something as root, and someone takes it over, they
effectively have gained root access to your system. 

The limitations, of course, are that if you need to be root to do
or see something that your daemon needs to do or see, you'll lose
that functionality. That's really the only limitation, but it's not
really so much a second-order effect as it is the _entire point_ of
not running something as root. Non-unix OSes sometimes refer to this
concept as "separation of roles".  It's kind of like the separated
areas in the hull of a submarine--if one compartment gets flooded, you
can close the doors and the other compartments stay dry.

I think it's good to run as few things as root as possible. Some things,
like telnet (which I'd say has no place on an internet-connected
system anyway, but that's just me...) pretty much _need_ to be run
as root, or they won't really work. Things like the daytime service
can be changed to run as nobody, but I'm somewhat certain that they
run as root anyway, because they're internal.
 
But running something like a finger daemon as root would be just 
asking for trouble; there have been some exploits against fingerd, 
so if it runs as root, you might be able to tickle it into giving
you a root shell. Being able to tickle a system into giving you a
nobody shell is way less fun and interesting than root. :)

Hope this sheds some light.

BTW, if you're asking about this, you might also want to look into
chroot jails for things like DNS. Very helpful.


> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jeffrey Dunitz                 |    unix   | orpheus@avalon.net
BOFH Emeritus, Avalon Networks |    perl   | (651) 686-9974 /
http://www.avalon.net/~orpheus |  net/sec  | Eagan, MN  _ /

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010819002744.A7556>