Re: Unprivileged default user for "tiny" daemons?

From: Felix Palmen <>
Date: Tue, 09 May 2023 08:05:15 UTC
* Felix Palmen <> [20230508 18:39]:
> I tend to think now that 'daemon' should really be the way to go when
> you don't need a dedicated account. Am I overlooking something? Any
> other comments?

Seems I overlooked something indeed:

$ find [14-jail] \( -user daemon -or -group daemon \)

So, daemon owns e.g. the print spool...

Interestingly, ou even find something owned by nobody in base:

-rw-r--r--  1 nobody  wheel  0 Jul  8  2021 /var/db/locate.database

So, takeaway is: There is no safe choice other than allocating a
dedicated UID for every single daemon, even if it doesn't need to
own/access any files? Is this really correct?

Cheers, Felix

 Felix Palmen <>     {private}
 -- ports committer (mentee) --            {web}
 {pgp public key}
 {pgp fingerprint} 6936 13D5 5BBF 4837 B212  3ACC 54AD E006 9879 F231