Hi,

When most of the server applications get installed, they create their own user. I believe this is to not use the "root" account. For example, Apache when installed creates a user called "apache". And the directories which it uses are all owned by this user. This seems to be the "professional" way of installing applications.

Is there any terminology for this kind of deployment? If I have to install a similar kind of server application, what are the steps that I need to take care? Has anyone written a blog post explaining these things? Or is there any standard guidelines published somewhere?

Thanks!

Debian policy call these "system users" but there's not much on the topic in there. Debian Policy Manual - The Operating System

AccountHandlingInMaintainerScripts - Debian Wiki also has some discussion from a Debian perspective.

I'm not saying Debian is necessarily the best role model but they tend to have documentation for these kinds of things. Turns out even they don't have much.

I believe the recommendation for e.g. Apache is actually to have two different accounts, where www-data owns the actual files served by the application, and apache (I guess) is the account which runs the daemon. The reasoning is that if the daemon is broken into, you have partitioned the ownerships so that it can't damage the files (it only need to read them to serve them, after all).

Thanks era, I will look into it.