I noticed Debian does this by default and Arch wiki recommends is citing improved security and upstream.

I don’t get why that’s more secure. Is this assuming torrents might be infected and aims to limit what a virus may access to the dedicated user’s home directory (/var/lib/transmission-daemon on Debian)?

  • loutr@sh.itjust.works
    link
    fedilink
    arrow-up
    4
    ·
    2 months ago

    The point is also to minimize potential damages caused by a bug in the software. Just this year there have been multiple data-destroying bugs in publicly released software. If the app runs as a server it’s usually trivial to have it run as a dedicated user, with just enough permissions to do its job.

    It’s just good practice, even though the risks might be low why risk it at all?