From nobody Mon May 08 16:39:41 2023 X-Original-To: ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QFRpT32kPz4B6Jh for ; Mon, 8 May 2023 16:39:45 +0000 (UTC) (envelope-from zirias@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QFRpT2WfTz3jKB for ; Mon, 8 May 2023 16:39:45 +0000 (UTC) (envelope-from zirias@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1683563985; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=IwukFgSt3Fl0p1DCXJSM3igxzqMFhg/JiHYJ1CjtgB4=; b=Rhx8qfHp4fFaydpLzEoKPsZuSkcKa736fS4W2YMq1BiP/rqlG9CnWDV8oqtjYSRy2bHG7m ULeQvXaMrcfJXqkaqDThEhNnDIwssXZ2wovGWD+pR2EZx6GqSr9r2tg0NtUIyC4dZwnAu1 RD7Ovov/QAJtGd4A+/H+iqEETWIu9Uw+HXu/eRMPduz1miMm7U8XQaQBcpEPb4hlU54kMP orAzhg4av60l234qIZsbHZCtuP7hHPcRqMf3rtm2LwNb+f3+91Cbulmh7rxHrNDN4TsDyy ziuyJywevMvYkn+y28Dvxdjr1WDFRZZAXHZdYvIGWL+6kDVn200JdXF5Fc2ojA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1683563985; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: dkim-signature; bh=IwukFgSt3Fl0p1DCXJSM3igxzqMFhg/JiHYJ1CjtgB4=; b=wNxff9TW/70Yt62sDlewb8dxh+QnEXfMIWTzjjMZT9ka6UUBIfXb5yifxqlR+vtUm+ulHd DSUb2aO3OToC5sZ720g5MZrJxTxZpqLQh3x6Bbnus+8hkAxiZ6nG144n0UozzrtWeReIix +gvrWXzz1be9tC0z5YE8l4is0FtxqcCh1rrj6HL78eBnzvelxunBW98H1qyyb6+AoL7ezU XIJV1oIKEsXqhV9d43dkDqrp0AXRmUrAgw9zT7Dk2ny4OMx50Xts3xMDK3pe7RzOyZQA40 QP6oK5ac8UDneh/nOEYkl5NPBib6JQwfFEQOrzCYJ73fldizWHIB66QYD5VQ5A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1683563985; a=rsa-sha256; cv=none; b=Oa4xGwa3IXekoM6+KkKYSwPxcD4zzsYo0UrS2R/gKv8k+0XBWvUstz9OMAK9mGSxv5fhWA oUIuvxHUAeQJL4S6LPBYajjscsCeMb/r7v3muNJ5INsaM2HRrFrICxFKMJnEb7uKNBjGmd IAw22rDDb/xi2/npF3PKuzN+89FlUUh9St2tKrV9hzbLaThXBn94lEJOU/aE8HDXOCPdJv r3BLUTskgBPET+udIkHWXhpNXG9JdMGaM2dFutDeHmYGexLZAzj8LFddmdzmmIE4rSZxXv TNPuB7fXcEYdnVWLtqfFU8jYFbj/ocWYVk/2t1flxbIXjYypW0ZoPWpF9J0thA== Received: from stef.palmen-it.de (stef.palmen-it.de [IPv6:2001:470:1f0b:bbb:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: zirias/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4QFRpT1W5mztkC for ; Mon, 8 May 2023 16:39:45 +0000 (UTC) (envelope-from zirias@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=palmen-it.de; s=20200414; h=Content-Type:MIME-Version:Message-ID:Subject:To :From:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=IwukFgSt3Fl0p1DCXJSM3igxzqMFhg/JiHYJ1CjtgB4=; b=COrf97QXx0fa2JeSsCF6h4Vg4F z+4l0dvCQvjjrrCYdWvHiqGb5+MZ7CfnKUvregED7WslsU732qPM5oEX64AuXjkzeePtWzu2MWoq+ eRm7cR2lcRoQNznOZA9cLTC/Y3Y80f+U+RCzQOmARo8wzu/7qmffe6kLlTkSZLj5iOIIv4wk5m7LS pkNXwRQDUrSNIXA0m7NoWzFq1YucvqdKoNnul2Wv/2S8laI9G8UZ0apXk7tdFeglmfHBQTsX6RA8q UEbPZUZip0g0Ejm56TWMZpil/9OxjDTOc2P86hkn4vTRHVHUgZkG2P2v29ocSALESmzieuc5HI5pf 0YzXOIHg==; Received: from [192.168.71.101] (helo=mail.home.palmen-it.de) by stef.palmen-it.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1pw3tm-000hEt-GH for ports@FreeBSD.org; Mon, 08 May 2023 18:39:42 +0200 Received: from nexus.home.palmen-it.de ([192.168.99.2]) by mail.home.palmen-it.de with esmtpsa (TLS1.3) tls TLS_CHACHA20_POLY1305_SHA256 (Exim 4.95 (FreeBSD)) (envelope-from ) id 1pw3tm-0003JB-32 for ports@FreeBSD.org; Mon, 08 May 2023 16:39:42 +0000 Date: Mon, 8 May 2023 18:39:41 +0200 From: Felix Palmen To: ports@FreeBSD.org Subject: Unprivileged default user for "tiny" daemons? Message-ID: X-Face: /1K@t"h.}e~pR@]c7HorQ!T`F^RJCa'BCr#e>IKA{>C/9OTGB4|xh"y2{?1Z5M i2w"AH^pN_LlHR^{+f',_Np~;.B;!M/bL}*qk]p5*r7F5vW};{:@4u5S?T&f0$7BJ-71Q5SV]:v$`5 A0[DZ:=?S52x8HJ~5@^P_\T@MsjG{R( Organization: FreeBSD.org List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="lcpxynlcudq64jew" Content-Disposition: inline User-Agent: NeoMutt/20230407 X-ThisMailContainsUnwantedMimeParts: N --lcpxynlcudq64jew Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi all, TL;DR: Is there a recommendation for a generic unprivileged default user to use with tiny daemons that won't need any file permissions? I stumbled over that question when adding security/tlsc, a port of my own very tiny daemon that does a simple little thing, without accessing any files (except for its own pidfile). Of course, the best thing to do is to add a service account to UIDs, but looking at it, I found this comment: # Please pick an empty slot when available and also consider base values fr= om # /usr/src/etc/master.passwd This made me think: When would it be appropriate *not* to allocate a dedicated UID? I'd personally answer that with "when your daemon doesn't need to access any files". And I see how it makes sense, because the space available for service accounts is limited to UIDs < 1000. So I started to explore the tree a bit with 'git grep'. It seems almost 40 ports use 'nobody' as their default user. So I did the same. Also discussing this briefly on IRC, there was the suggestion 'daemon' would be a better fit. I can't find a single port using that. Does anything in base use it, is it still recommended? Furthermore, the concern was expressed that 'nobody' is used by NFS e.g. as the fake owner of files owned by root, with the intention that nobody should be able to access these. So, a daemon running as 'nobody' might accidentally get access to lots of files on mounted NFS shares? I tend to think now that 'daemon' should really be the way to go when you don't need a dedicated account. Am I overlooking something? Any other comments? Cheers, Felix --=20 Felix Palmen {private} felix@palmen-it.de -- ports committer (mentee) -- {web} http://palmen-it.de {pgp public key} http://palmen-it.de/pub.txt {pgp fingerprint} 6936 13D5 5BBF 4837 B212 3ACC 54AD E006 9879 F231 --lcpxynlcudq64jew Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iNUEABYKAH0WIQRpNhPVW79IN7ISOsxUreAGmHnyMQUCZFklx18UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0Njkz NjEzRDU1QkJGNDgzN0IyMTIzQUNDNTRBREUwMDY5ODc5RjIzMQAKCRBUreAGmHny MYtCAP970E7OutNfiFAWOlFVBUQE10rl641M7f/RX9ZxsDm1ZAD+KJnATi8cuKov 1MzfUxU21GjWrzhRWofAEzLuAjhi8wE= =GNsn -----END PGP SIGNATURE----- --lcpxynlcudq64jew--