Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sun, 3 Nov 2002 15:28:57 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sun, 3 Nov 2002 15:28:57 -0500 Received: from ellpspace.math.ualberta.ca ([129.128.207.67]:41124 "EHLO ellpspace.math.ualberta.ca") by vger.kernel.org with ESMTP id ; Sun, 3 Nov 2002 15:28:57 -0500 Date: Sun, 3 Nov 2002 13:35:28 -0700 From: Michal Jaegermann To: Dax Kelson Cc: linux-kernel@vger.kernel.org Subject: Re: Filesystem Capabilities in 2.6? Message-ID: <20021103133528.A14177@ellpspace.math.ualberta.ca> Reply-To: michal@harddata.com References: <1036307763.31699.214.camel@thud> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <1036307763.31699.214.camel@thud>; from dax@gurulabs.com on Sun, Nov 03, 2002 at 12:16:02AM -0700 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1053 Lines: 23 On Sun, Nov 03, 2002 at 12:16:02AM -0700, Dax Kelson wrote: > > Speaking of user 'nobody', modern best practices (and shipped vendor > configuration) strongly discourages lumping everything under 'nobody'. > > Each app should run in its own security context by itself. That is why > I have all the following users in my /etc/passwd: > > apache nscd squid xfs ident rpc pcap nfsnobody radvd gdm named ntp As a side issue each of these "users", or most of them, has likely also its own group and one needs also few groups for other purposes. Seems like the next potential point to bump into a numbers of groups barrier although probably most of these does not need to be shared. Still if this will become a part of a widely used security mechanisms there could be extra demands on memberships. Michal - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/