On Wed, 28 Feb 1996, Neil J. McRae wrote:

> On Mon, 26 Feb 1996 01:33:48 -0500 
>  David Mazieres <dm@amsterdam.lcs.mit.edu> wrote:
> 
> > > ident           stream  tcp     wait    nobody.kmem /usr/libexec/identd ide
> ntd -w -t60 -e -N
> > 
> > Isn't nobody.kmem an incredibly bad idea?  Nobody is supposed to be
> > the least privileged UID.  Potentially many users can run arbitrary
> > cgi-bin scripts or whatever as nobody.

I would say that any web server that is set up to run anything as 
"nobody" -- instead of a new, unprivileged uid -- is set up wrong.  I 
make it a point to assign a new uid for each service on our firewall 
machines, which can be tedious but is more than worth the effort.

--scottn