Don't abuse nobody for running dæmons.

nobody is not a suitable account for running dæmons as.

The nobody account has a very specific purpose, originating in NFS. That purpose is to be the visible owner of files and directories in mounted NFS filesystems in certain circumstances. Dæmon processes in general run as unprivileged accounts that should own a minimal amount of filesystem entities relevant to their operation. They certainly should not run as accounts that own vast tracts of the filesystem that the dæmon programs have no business dealing in.

For best results, a dæmon process that has dropped privileges should run under the aegis of an unprivileged account that is a rôle account specific to that one service. This allows one to grant filesystem access and object ownership specifically, and enables the kernel's usual mechanisms for preventing other (unprivileged) processes from messing with the dæmon process with the likes of ptrace() and kill().

This is stuff that the world learned was the wrong thing to do in the 1990s. The note in the LSB recommending against running dæmons in a single shared account dates from 2002, and that was years late to the party.


© Copyright 2017 Jonathan de Boyne Pollard. "Moral" rights asserted.
Permission is hereby granted to copy and to distribute this web page in its original, unmodified form as long as its last modification datestamp is preserved.