What is the equivalent user for nobody:nobody from CentOS?

services users

I am converting from centOS and am used to having a nobody:nobody user:group for running services. Does Ubuntu have a similar best practice user:group combination for running a service?


Solution 1:

You can use nobody:nogroup if you really do want a user/group with no permissions. But Debian derivatives tend to define a user and/or group per task to ensure that your unprivileged services are separated from each other.

Solution 2:

Ubuntu has a nobody user and a nogroup group, I guess these can be used equivalently if you want.

Having all (or most) services running under the same user defeats part of the purpose of using a non-privileged user; thus I think the recommended best practice is for each service to have its own user (e.g. apache runs as www-data, I think exim4 will have an exim4 user, spamassassin will have a spamd user (I think!), and so on). When you install a service it takes care of creating this user for you. Sometimes managing permissions to ensure services can talk to each other can be slightly cumbersome, but these instances are usually well-documented and the added security and compartmentalization are worth the (minor) hassle.

Related

Copy files from a server via ssh to dropbox.
How to disable screen lock in Ubuntu 14.04 / Unity? [duplicate]
What's the difference between ubuntu-mate and ubuntu? [duplicate]
How to change the default TTL of TCP/IP packets?
How to install the latest version of pip when I already installed the provided by Ubuntu?
Can an anti-virus protect me from KillDisk, malware for Linux?
Share installed libraries between Debian and Ubuntu
What GUI libraries are the JetBrains using?
What is public/manifest.json file in create-react-app?
Why always ./configure; make; make install; as 3 separate steps?
How to install a node.js module without using npm?
It has a DefiningQuery but no InsertFunction element... err