samof76
commented
1 year ago @ese please review this.
Closed samof76 closed 1 year ago
samof76
commented
1 year ago @ese please review this.
ese
commented
1 year ago Thanks @samof76
Redis can be configured to store a copy on a disk when persistence is activated.
IMHO we don't get any improve using nobody
In fact from the link you posted on ubuntu wiki:
Services should have their own, dedicated, user account Do not use the user nobody for anything. It is for NFS.
samof76
commented
1 year ago Based on the comments by @ese closing this.
Use nobody
Use
nobodyto run things that don't need any special permissions. It's usually reserved for vulnerable services (httpd, etc) so that if they get hacked, they'll have minimal damage on the rest of the system.Contrast this with running something as a real user, if that service were compromised (web servers are occasionally exploited to run arbitrary code), it would run as that user and have access to everything that user had. In most cases, this is as bad as getting root.
You can read a little bit more about the nobody user on the Ubuntu Wiki:
Can you give a particular example when is indicated to use this account?
When permissions aren't required for a program's operations. This is most notable when there isn't ever going to be any disk activity.
A real world example of this is redis(a key-value in-memory cache/database/thing), sitting on my computer and my server running under the nobody account. Why? Because it just doesn't need any permissions and to give it an account that did have write access to files would just be a needless risk.