On Mon, 2018-01-15 at 10:53 -0500, Steve Dickson wrote: > Googling 'linux nobody uid' it appears nobody is a uid used by apps > that don't want to run as root. In case they got hacked the would > not have root privileges, but with SElinux around I think that > problem has been solve. This seems a bit hand-wavy to me. We believe in many layers of security and good practices at every level, yes? Just running things as root and trusting SELinux to restrict their privileges seems like a very airy- fairy way of operating, if that's what you're suggesting. I'm fairly sure *lots* of daemons in Fedora still drop root privileges early in operation, and this is still widely considered to be good practice. Quite a few have their own unprivileged account to use for this purpose (which is also used to own files they need access to, etc.), but some may still run as 'nobody'. If this could be affected by the Change, it should probably be looked into... -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
