Re: unprivledged users (for a service)

On 15/08/2011 17:42, Chuck Swiger wrote:
On Aug 15, 2011, at 9:37 AM, Chris Brennan wrote:
It's been a while since I've had to do this and the drive that contained
all of my notes is dead, along with the backup (I was actually lucky to
recover my home drive before it also failed but my notes were not
there). I cannot for the life of me remember how to properly add an
unprivledged user that will only be used for running a specific system
service. So it doesn't need a login shell or $HOME.

Add a user and set the shell to /bin/false or perhaps /sbin/nologin; for $HOME set it to /var/empty or /tmp, perhaps.

Good advice, except... for this sort of user that exists solely to run
various processes, generally it is preferable for them *not* to be able
to write to their home directory. Especially if the software concerned
is exposed to the internet.

The reasoning here is that if there is, say, a buffer overflow attack
against your software, then an attacker can remotely inject and run
various sorts of shell-code exploits. If they can change arbitrary
files in the accounts home directory, then they can relatively simply
get a login shell.

So, /tmp not a good idea. / is actually a pretty good choice, and
similarly /var/empty (which is specifically designed for this sort of



Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: Ramsgate
JID: matthew@xxxxxxxxxxxxxxxxxxxxxx Kent, CT11 9PW

Attachment: signature.asc
Description: OpenPGP digital signature