< Day Day Up > |
8.13.1 ProblemYou need to know how to create system users for programs like Postfix, Apache, or Squid. These programs should have their own unique user accounts and not just all pile into "nobody." 8.13.2 SolutionBoth adduser and useradd can do this. adduser works like this: # adduser system no-create-home group squid Adding system user squid... Adding new group squid (109). Adding new user squid (109) with group squid Not creating home directory Check your work: # cat /etc/passwd | grep squid squid:x:109:109::/home/squid:/bin/false Even though it lists /home/squid, a home directory is not created. Here's how useradd does it: # useradd -d /dev/null -g squid -s /bin/false squid 8.13.3 DiscussionThe nobody user is the default for a lot of daemons and processes that need a system account, but an increasing number of applications require their own unique users. Use a unique user whenever possible, because it's a good security practice. The nobody account is a common cracker target, and you don't want to expose all kinds of processes and daemons to a common point of attack. 8.13.4 See Also
|
< Day Day Up > |