I noticed Debian does this by default and Arch wiki recommends is citing improved security and upstream.

I don’t get why that’s more secure. Is this assuming torrents might be infected and aims to limit what a virus may access to the dedicated user’s home directory (/var/lib/transmission-daemon on Debian)?

    • loutr@sh.itjust.works
      4·
      1 month ago

      The point is also to minimize potential damages caused by a bug in the software. Just this year there have been multiple data-destroying bugs in publicly released software. If the app runs as a server it’s usually trivial to have it run as a dedicated user, with just enough permissions to do its job.

      It’s just good practice, even though the risks might be low why risk it at all?

    • Fonzie!@ttrpg.network
      1·
      1 month ago

      Not yet, but if every system was only protected against what already happened instead of also what could happen, we’d get hacked a lot more often!