[Shr-Devel] Security features of SHR

[Werner Almesberger]

Shaz wrote:
> Issue for the community that what user name or id to give for standard
> system services and utilities.

Traditional choices for "service users" include "daemon", "nobody",
<service-name>, depending on what you're after. <service-name> can
be something like "mail", "uucp", "dhcp", etc.

To prevent this sort of unprivileged "users" from owning too much
important stuff (not only files, but also processes - think kill
and strace attacks from an easily compromised unimportant "nobody"
service against a more valuable one), it's usually best to give
each its own user ID.

For a default "real user", if there's any chance that there may be
multiple users on the system, the system should probably just ask,
e.g., when getting the initial user password.

If the system is truly single-user and the user/root separation is
purely technical, then something like "user", would work.

- Werner