tfoerste@n22 ~ $ grep nob /etc/passwd nobody:x:65534:65534:nobody:/:/bin/false Why does the user's home dir is "/" ? The background of this question can be found here : https://sourceforge.net/tracker/?func=detail&atid=386750&aid=1488505&group_id=26275 Wouldn't it be better to use "/nonexistent" or so ?
/ is NOT owned by nobody, use ls. Changing summary. # ls -ld / drwxr-xr-x 21 root root 488 2006-10-05 14:16
And moreover default shell of nobody is /bin/false so it doesnot make any difference.
The LSB states: http://refspecs.freestandards.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/usernames.html "The location of the users home directory is also not defined by policy other than the recommendations of the Filesystem Hierarchy Standard and should be obtained by the getpwnam(), getpwnam_r(), getpwent(), getpwuid(), and getpwuid_r() functions." FreeBSD-4.1: nobody:*:65534:65534:Unprivileged user:/nonexistent:/sbin/nologin Solaris 10: nobody:x:60001:60001:uid no body:/:/bin/false In short, I think anything depending that nobody has a nonexistent homedir is asking for trouble anyway.
here's Fedora Core 5: nobody:x:99:99:Nobody:/:/sbin/nologin I'd say that webdav is doing the wrong thing in trying to use the homedir of the nobody user. if it's after an empty directory, maybe use the /var/empty that ssh does? could you please pass this Gentoo bug on to the upstream dav bug?
i dont see anything that needs to be changed
*** Bug 212919 has been marked as a duplicate of this bug. ***
So, if I understand well, you're saying that all the programs that access ~user without handling the special case where user is nobody are broken and nothing should be handled in Gentoo's default nobody homedir policy? I see at least two arguments against that: 1/ Third party programs have no way of knowing the "unprivileged" user login (it can be "nobody" as well as "noone", "unprivileged", ... and several account may be unprivileged). 2/ If I follow the logic, gcc should not output any warning when compiling third party programs tat use old, unsecure libc functions such as strcmp(). Not mentioning its runtime buffer overflow protection abilities, since well written programs should not be vulnerable to buffer overflow attacks. On the other way, I cannot see anything that would break if nobody's homedir were changed from / to /nonexistent by default.