[distcc] Re: Red Hat packaging patch for 0.15
Martin Pool
mbp at samba.org
Tue Dec 17 22:52:00 GMT 2002
On 17 Dec 2002, Jean-Eric Cuendet <jean-eric.cuendet at linkvest.com> wrote:
> >
> >
> >The only problem with using `nobody' for distcc is that some sites may
> >similarly use `nobody' for the uid under which other daemons run.
> >Thus, distcc, Amanda, Squid and others could all notionally read/write
> >each others' files.
> >
> That *could* be a security treat.
Freudian slip of the day. :-)
> But running under nobody is *better* than under root, in all condition!
> User nobody shouldn't have files.
> But a solution could be:
> - If distcc user *already* exists, use it in xinetd script
> - If distcc user is not available, use nobody
> - If nobody user is not available, use root
distcc refuses to run as root. "I'm sorry Dave, I can't allow you to
do that." :-)
The Linux Standards Base suggests but doesn't require a
"nobody:nobody" user.
http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/usernames.html
They also say
> The 'daemon' UID/GID was used as an unprivileged UID/GID for daemons
> to execute under in order to limit their access to the
> system. Generally daemons should now run under individual UID/GIDs in
> order to further partition daemons from one another.
I've never heard of a unix machine that didn't have a nobody user.
But if I thought my script might have to run on one, I would use uid
65535 (== -1 mod 2^16), the canonical value for nobody.
Make sure the gid gets set as well.
--
Martin
More information about the distcc
mailing list