Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 8 May 2023 18:39:41 +0200
From:      Felix Palmen <zirias@FreeBSD.org>
To:        ports@FreeBSD.org
Subject:   Unprivileged default user for "tiny" daemons?
Message-ID:  <hsletitqldfbhrucakzl3vvotkwp7ghfdpuzyty3b4yu3qdn4d@sdjyu6koet2t>
next in thread | raw e-mail | index | archive | help 

--lcpxynlcudq64jew
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi all,

TL;DR: Is there a recommendation for a generic unprivileged default user
to use with tiny daemons that won't need any file permissions?

I stumbled over that question when adding security/tlsc, a port of my
own very tiny daemon that does a simple little thing, without accessing
any files (except for its own pidfile). Of course, the best thing to do
is to add a service account to UIDs, but looking at it, I found this
comment:

# Please pick an empty slot when available and also consider base values fr=
om
# /usr/src/etc/master.passwd

This made me think: When would it be appropriate *not* to allocate a
dedicated UID? I'd personally answer that with "when your daemon doesn't
need to access any files". And I see how it makes sense, because the
space available for service accounts is limited to UIDs < 1000.

So I started to explore the tree a bit with 'git grep'. It seems almost
40 ports use 'nobody' as their default user. So I did the same.

Also discussing this briefly on IRC, there was the suggestion 'daemon'
would be a better fit. I can't find a single port using that. Does
anything in base use it, is it still recommended?

Furthermore, the concern was expressed that 'nobody' is used by NFS e.g.
as the fake owner of files owned by root, with the intention that nobody
should be able to access these. So, a daemon running as 'nobody' might
accidentally get access to lots of files on mounted NFS shares?

I tend to think now that 'daemon' should really be the way to go when
you don't need a dedicated account. Am I overlooking something? Any
other comments?

Cheers, Felix

--=20
 Felix Palmen <zirias@FreeBSD.org>     {private}   felix@palmen-it.de
 -- ports committer (mentee) --            {web}  http://palmen-it.de
 {pgp public key}  http://palmen-it.de/pub.txt
 {pgp fingerprint} 6936 13D5 5BBF 4837 B212  3ACC 54AD E006 9879 F231

--lcpxynlcudq64jew
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iNUEABYKAH0WIQRpNhPVW79IN7ISOsxUreAGmHnyMQUCZFklx18UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0Njkz
NjEzRDU1QkJGNDgzN0IyMTIzQUNDNTRBREUwMDY5ODc5RjIzMQAKCRBUreAGmHny
MYtCAP970E7OutNfiFAWOlFVBUQE10rl641M7f/RX9ZxsDm1ZAD+KJnATi8cuKov
1MzfUxU21GjWrzhRWofAEzLuAjhi8wE=
=GNsn
-----END PGP SIGNATURE-----

--lcpxynlcudq64jew--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?hsletitqldfbhrucakzl3vvotkwp7ghfdpuzyty3b4yu3qdn4d>