> > Why not just use nobody for programs that need their own user, as a sane > > default. Any smart admin should create any groups and users himself when > > necessairy. And prevents cluttering of unnecessairy users/groups. For > > example in my httpd setups, the http users would never be used. > > > > IMO. > > > > Glenn > > Using nobody for each and every service makes the nobody user unsafe to > use. As soon as one of your daemons is compromised, all of them are > compromised also because they share the same user. before a specific point in arch history we used to tell people that making a system "secure" and "easy" is the job of a sysadmin. For people who like a default "security" without rtfm, there is always debian. Arch doesnt need any scripts. If you're bored and don't know what to do with your free time i suggest either fixing one of the gazillion bugs in the debian easy-out-of-the-box install scripts or plaing chess. You can waste hours with that without giving us a big time headache when fixing the crap your automatic installers do. -- mit freundlichen Grüßen / best regards Arvid Ephraim Picciani
