What is the gnome-initial-setup user account for?

English Applications
#1

I just revived my laptop (yey) after a few months of being down. I then ran a zypper update then did my usual security checks when rkhunter returned this result:

[10:56:00] Info: Starting test name 'passwd_changes'
[10:56:01]   Checking for passwd file changes                [ Warning ]
[10:56:01] Warning: User 'gnome-initial-setup' has been added to the passwd file.

So I did a grep on zypper.log and found these in relation to that user account:

2023-05-24 10:18:36 <1> localhost.localdomain(28421) [zypp] PackageProvider.cc(providePackage):412 provide Package (20012)gnome-initial-setup-41.4-150400.1.9.x86_64(repo-oss)
2023-05-24 10:18:36 <1> localhost.localdomain(28421) [zypp++] DeltaCandidates.cc(deltaRpms):82 package: (20012)gnome-initial-setup-41.4-150400.1.9.x86_64(repo-oss)
2023-05-24 10:18:36 <1> localhost.localdomain(28421) [zypp::media] RepoProvideFile.cc(provideFile):241 [1]./x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm{955.0 KiB|sha256-e3421f6958bc7ebf734aefeae69b979769ec9281627ad3dd7d47b44d97c93574|}
2023-05-24 10:18:36 <1> localhost.localdomain(28421) [zypp::fetcher++] MediaSetAccess.cc(provide):278 Going to try to provide  file ./x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm from media number 1
2023-05-24 10:18:37 <1> localhost.localdomain(28421) [zypp::media++] MediaMultiCurl.cc(doGetFileCopy):1336 dest: /var/tmp/AP_0xGsdm7f/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm
2023-05-24 10:18:37 <1> localhost.localdomain(28421) [zypp::media++] MediaMultiCurl.cc(doGetFileCopy):1337 temp: /var/tmp/AP_0xGsdm7f/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm.new.zypp.upB9Oh
2023-05-24 10:18:37 <1> localhost.localdomain(28421) [zypp::media++] MediaCurl.cc(doGetFileCopyFile):1173 ./x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm
2023-05-24 10:18:37 <1> localhost.localdomain(28421) [zypp::media++] MediaCurl.cc(doGetFileCopyFile):1183 URL: http://download.opensuse.org/distribution/leap/15.4/repo/oss/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm
2023-05-24 10:18:37 <1> localhost.localdomain(28421) [zypp-curl] metalinkparser.cc(parse):417 Begin parse /var/tmp/AP_0xGsdm7f/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm.new.zypp.upB9Oh
2023-05-24 10:18:37 <1> localhost.localdomain(28421) [zypp-curl] metalinkparser.cc(parse):419 End parse /var/tmp/AP_0xGsdm7f/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm.new.zypp.upB9Oh
2023-05-24 10:18:37 <1> localhost.localdomain(28421) [zypp::media] MediaCurl.cc(MediaCurl):240 MediaCurl::MediaCurl(http://mirrors.nju.edu.cn/opensuse/distribution/leap/15.4/repo/oss/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm, )
2023-05-24 10:18:37 <1> localhost.localdomain(28421) [zypp::media] MediaCurl.cc(MediaCurl):240 MediaCurl::MediaCurl(http://mirror.lzu.edu.cn/opensuse/distribution/leap/15.4/repo/oss/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm, )
2023-05-24 10:18:37 <1> localhost.localdomain(28421) [zypp::media] MediaCurl.cc(MediaCurl):240 MediaCurl::MediaCurl(http://mr.heru.id/opensuse/distribution/leap/15.4/repo/oss/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm, )
2023-05-24 10:18:37 <1> localhost.localdomain(28421) [zypp::media] MediaCurl.cc(MediaCurl):240 MediaCurl::MediaCurl(http://ftp.kaist.ac.kr/pub/opensuse/distribution/leap/15.4/repo/oss/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm, )
2023-05-24 10:18:37 <1> localhost.localdomain(28421) [zypp::media] MediaCurl.cc(MediaCurl):240 MediaCurl::MediaCurl(http://mirror.kakao.com/opensuse/distribution/leap/15.4/repo/oss/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm, )
2023-05-24 10:18:38 <1> localhost.localdomain(28421) [zypp-curl++] curlhelper.cc(log_redirects_curl):118 redirecting to Location: http://ftp.kaist.ac.kr/opensuse/distribution/leap/15.4/repo/oss/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm
2023-05-24 10:18:38 <1> localhost.localdomain(28421) [zypp-curl++] curlhelper.cc(log_redirects_curl):118 redirecting to Location: http://ftp.kaist.ac.kr/opensuse/distribution/leap/15.4/repo/oss/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm
2023-05-24 10:18:38 <2> localhost.localdomain(28421) [zypp::media] MediaMultiCurl.cc(run):1155 #0: state: 3 received: 99097 url: http://mirrors.nju.edu.cn/opensuse/distribution/leap/15.4/repo/oss/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm
2023-05-24 10:18:38 <2> localhost.localdomain(28421) [zypp::media] MediaMultiCurl.cc(run):1155 #1: state: 1 received: 0 url: http://mirror.lzu.edu.cn/opensuse/distribution/leap/15.4/repo/oss/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm
2023-05-24 10:18:38 <2> localhost.localdomain(28421) [zypp::media] MediaMultiCurl.cc(run):1155 #2: state: 4 received: 262144 url: http://mr.heru.id/opensuse/distribution/leap/15.4/repo/oss/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm
2023-05-24 10:18:38 <2> localhost.localdomain(28421) [zypp::media] MediaMultiCurl.cc(run):1155 #3: state: 5 received: 453672 url: http://ftp.kaist.ac.kr/pub/opensuse/distribution/leap/15.4/repo/oss/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm
2023-05-24 10:18:38 <2> localhost.localdomain(28421) [zypp::media] MediaMultiCurl.cc(run):1155 #4: state: 5 received: 262144 url: http://mirror.kakao.com/opensuse/distribution/leap/15.4/repo/oss/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm
2023-05-24 10:18:38 <1> localhost.localdomain(28421) [zypp-core] PathInfo.cc(rename):748 rename /var/tmp/AP_0xGsdm7f/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm.new.zypp.upB9Oh -> /var/tmp/AP_0xGsdm7f/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm
2023-05-24 10:18:38 <1> localhost.localdomain(28421) [zypp::media++] MediaMultiCurl.cc(doGetFileCopy):1513 done: /var/tmp/AP_0xGsdm7f/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm{- 0644 0/0 size 977960}
2023-05-24 10:18:38 <1> localhost.localdomain(28421) [zypp::media++] MediaHandler.cc(provideFile):976 provideFile([1]./x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm{955.0 KiB|sha256-e3421f6958bc7ebf734aefeae69b979769ec9281627ad3dd7d47b44d97c93574|})
2023-05-24 10:18:38 <1> localhost.localdomain(28421) [zypp::fetcher] Fetcher.cc(validate):381 Checking job [/var/tmp/AP_0xGsdm7f/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm] (2 checkers )
2023-05-24 10:18:38 <1> localhost.localdomain(28421) [zypp-core] PathInfo.cc(hardlinkCopy):916 hardlinkCopy /var/tmp/AP_0xGsdm7f/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm -> /var/cache/zypp/packages/repo-oss/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm
2023-05-24 10:18:38 <1> localhost.localdomain(28421) [zypp::fetcher++] MediaSetAccess.cc(releaseFile):92 Going to release file ./x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm from media number 1
2023-05-24 10:18:38 <1> localhost.localdomain(28421) [zypp-core] PathInfo.cc(unlink):706 unlink /var/tmp/AP_0xGsdm7f/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm
2023-05-24 10:18:38 <1> localhost.localdomain(28421) [zypp::media] RepoProvideFile.cc(provideFile):307 provideFile at /var/cache/zypp/packages/repo-oss/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm
2023-05-24 10:18:38 <1> localhost.localdomain(28421) [zypp] PackageProvider.cc(providePackage):513 provided Package (20012)gnome-initial-setup-41.4-150400.1.9.x86_64(repo-oss) at /var/cache/zypp/packages/repo-oss/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm
2023-05-24 10:18:43 <1> localhost.localdomain(28421) [zypp] PackageProvider.cc(providePackage):412 provide Package (20013)gnome-initial-setup-lang-41.4-150400.1.9.noarch(repo-oss)
2023-05-24 10:18:43 <1> localhost.localdomain(28421) [zypp++] DeltaCandidates.cc(deltaRpms):82 package: (20013)gnome-initial-setup-lang-41.4-150400.1.9.noarch(repo-oss)
2023-05-24 10:18:43 <1> localhost.localdomain(28421) [zypp::media] RepoProvideFile.cc(provideFile):241 [1]./noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm{185.8 KiB|sha256-a9a582e71d68893cd276bdd460b116625176a805efc3c60134cbcc87dc309753|}
2023-05-24 10:18:43 <1> localhost.localdomain(28421) [zypp::fetcher++] MediaSetAccess.cc(provide):278 Going to try to provide  file ./noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm from media number 1
2023-05-24 10:18:43 <1> localhost.localdomain(28421) [zypp::media++] MediaMultiCurl.cc(doGetFileCopy):1336 dest: /var/tmp/AP_0xGsdm7f/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm
2023-05-24 10:18:43 <1> localhost.localdomain(28421) [zypp::media++] MediaMultiCurl.cc(doGetFileCopy):1337 temp: /var/tmp/AP_0xGsdm7f/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm.new.zypp.eDpF1g
2023-05-24 10:18:43 <1> localhost.localdomain(28421) [zypp::media++] MediaCurl.cc(doGetFileCopyFile):1173 ./noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm
2023-05-24 10:18:43 <1> localhost.localdomain(28421) [zypp::media++] MediaCurl.cc(doGetFileCopyFile):1183 URL: http://download.opensuse.org/distribution/leap/15.4/repo/oss/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm
2023-05-24 10:18:43 <1> localhost.localdomain(28421) [zypp-curl] metalinkparser.cc(parse):417 Begin parse /var/tmp/AP_0xGsdm7f/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm.new.zypp.eDpF1g
2023-05-24 10:18:43 <1> localhost.localdomain(28421) [zypp-curl] metalinkparser.cc(parse):419 End parse /var/tmp/AP_0xGsdm7f/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm.new.zypp.eDpF1g
2023-05-24 10:18:43 <1> localhost.localdomain(28421) [zypp::media] MediaCurl.cc(MediaCurl):240 MediaCurl::MediaCurl(http://mirrors.nju.edu.cn/opensuse/distribution/leap/15.4/repo/oss/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm, )
2023-05-24 10:18:43 <1> localhost.localdomain(28421) [zypp::media] MediaCurl.cc(MediaCurl):240 MediaCurl::MediaCurl(http://mirror.lzu.edu.cn/opensuse/distribution/leap/15.4/repo/oss/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm, )
2023-05-24 10:18:43 <1> localhost.localdomain(28421) [zypp::media] MediaCurl.cc(MediaCurl):240 MediaCurl::MediaCurl(http://mr.heru.id/opensuse/distribution/leap/15.4/repo/oss/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm, )
2023-05-24 10:18:43 <1> localhost.localdomain(28421) [zypp::media] MediaCurl.cc(MediaCurl):240 MediaCurl::MediaCurl(http://ftp.kaist.ac.kr/pub/opensuse/distribution/leap/15.4/repo/oss/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm, )
2023-05-24 10:18:43 <1> localhost.localdomain(28421) [zypp::media] MediaCurl.cc(MediaCurl):240 MediaCurl::MediaCurl(http://mirror.kakao.com/opensuse/distribution/leap/15.4/repo/oss/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm, )
2023-05-24 10:18:44 <2> localhost.localdomain(28421) [zypp::media] MediaMultiCurl.cc(run):1155 #0: state: 3 received: 0 url: http://mirrors.nju.edu.cn/opensuse/distribution/leap/15.4/repo/oss/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm
2023-05-24 10:18:44 <2> localhost.localdomain(28421) [zypp::media] MediaMultiCurl.cc(run):1155 #1: state: 3 received: 59208 url: http://mirror.lzu.edu.cn/opensuse/distribution/leap/15.4/repo/oss/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm
2023-05-24 10:18:44 <2> localhost.localdomain(28421) [zypp::media] MediaMultiCurl.cc(run):1155 #2: state: 3 received: 0 url: http://mr.heru.id/opensuse/distribution/leap/15.4/repo/oss/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm
2023-05-24 10:18:44 <2> localhost.localdomain(28421) [zypp::media] MediaMultiCurl.cc(run):1155 #3: state: 3 received: 0 url: http://ftp.kaist.ac.kr/pub/opensuse/distribution/leap/15.4/repo/oss/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm
2023-05-24 10:18:44 <2> localhost.localdomain(28421) [zypp::media] MediaMultiCurl.cc(run):1155 #4: state: 4 received: 131072 url: http://mirror.kakao.com/opensuse/distribution/leap/15.4/repo/oss/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm
2023-05-24 10:18:44 <1> localhost.localdomain(28421) [zypp-core] PathInfo.cc(rename):748 rename /var/tmp/AP_0xGsdm7f/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm.new.zypp.eDpF1g -> /var/tmp/AP_0xGsdm7f/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm
2023-05-24 10:18:44 <1> localhost.localdomain(28421) [zypp::media++] MediaMultiCurl.cc(doGetFileCopy):1513 done: /var/tmp/AP_0xGsdm7f/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm{- 0644 0/0 size 190280}
2023-05-24 10:18:44 <1> localhost.localdomain(28421) [zypp::media++] MediaHandler.cc(provideFile):976 provideFile([1]./noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm{185.8 KiB|sha256-a9a582e71d68893cd276bdd460b116625176a805efc3c60134cbcc87dc309753|})
2023-05-24 10:18:44 <1> localhost.localdomain(28421) [zypp::fetcher] Fetcher.cc(validate):381 Checking job [/var/tmp/AP_0xGsdm7f/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm] (2 checkers )
2023-05-24 10:18:44 <1> localhost.localdomain(28421) [zypp-core] PathInfo.cc(hardlinkCopy):916 hardlinkCopy /var/tmp/AP_0xGsdm7f/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm -> /var/cache/zypp/packages/repo-oss/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm
2023-05-24 10:18:44 <1> localhost.localdomain(28421) [zypp::fetcher++] MediaSetAccess.cc(releaseFile):92 Going to release file ./noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm from media number 1
2023-05-24 10:18:44 <1> localhost.localdomain(28421) [zypp-core] PathInfo.cc(unlink):706 unlink /var/tmp/AP_0xGsdm7f/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm
2023-05-24 10:18:44 <1> localhost.localdomain(28421) [zypp::media] RepoProvideFile.cc(provideFile):307 provideFile at /var/cache/zypp/packages/repo-oss/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm
2023-05-24 10:18:44 <1> localhost.localdomain(28421) [zypp] PackageProvider.cc(providePackage):513 provided Package (20013)gnome-initial-setup-lang-41.4-150400.1.9.noarch(repo-oss) at /var/cache/zypp/packages/repo-oss/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm
2023-05-24 10:33:37 <1> localhost.localdomain(28421) [zypp] RpmHeader.cc(readPackage):257 ReferenceCounted(@0x55e8abb6a190<=1){0x55e8abbca3a0}{gnome-initial-setup-41.4-150400.1.9} from /var/cache/zypp/packages/repo-oss/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm
2023-05-24 10:33:37 <1> localhost.localdomain(28421) [librpmDb] RpmDb.cc(doInstallPackage):1690 RpmDb::installPackage(/var/cache/zypp/packages/repo-oss/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm,0x0000000c)
2023-05-24 10:33:37 <1> localhost.localdomain(28421) [zypp::exec++] forkspawnengine.cc(start):181 Executing[C] 'rpm' '--root' '/' '--dbpath' '/usr/lib/sysimage/rpm' '-U' '--percent' '--noglob' '--force' '--nodeps' '--' '/var/cache/zypp/packages/repo-oss/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm'
2023-05-24 10:33:37 <1> localhost.localdomain(28421) [Progress++] progressdata.cc(report):70 {#902|Installing: gnome-initial-setup-41.4-150400.1.9.x86_64} START
2023-05-24 10:33:39 <1> localhost.localdomain(28421) [Progress++] progressdata.cc(report):89 {#902|Installing: gnome-initial-setup-41.4-150400.1.9.x86_64} END
2023-05-24 10:33:39 <1> localhost.localdomain(28421) [zypp-core] PathInfo.cc(unlink):706 unlink /var/cache/zypp/packages/repo-oss/x86_64/gnome-initial-setup-41.4-150400.1.9.x86_64.rpm
2023-05-24 10:34:03 <1> localhost.localdomain(28421) [zypp] RpmHeader.cc(readPackage):257 ReferenceCounted(@0x55e8abac6080<=1){0x55e8aab61a40}{gnome-initial-setup-lang-41.4-150400.1.9} from /var/cache/zypp/packages/repo-oss/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm
2023-05-24 10:34:03 <1> localhost.localdomain(28421) [librpmDb] RpmDb.cc(doInstallPackage):1690 RpmDb::installPackage(/var/cache/zypp/packages/repo-oss/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm,0x0000000c)
2023-05-24 10:34:03 <1> localhost.localdomain(28421) [zypp::exec++] forkspawnengine.cc(start):181 Executing[C] 'rpm' '--root' '/' '--dbpath' '/usr/lib/sysimage/rpm' '-U' '--percent' '--noglob' '--force' '--nodeps' '--' '/var/cache/zypp/packages/repo-oss/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm'
2023-05-24 10:34:03 <1> localhost.localdomain(28421) [Progress++] progressdata.cc(report):70 {#906|Installing: gnome-initial-setup-lang-41.4-150400.1.9.noarch} START
2023-05-24 10:34:04 <1> localhost.localdomain(28421) [Progress++] progressdata.cc(report):89 {#906|Installing: gnome-initial-setup-lang-41.4-150400.1.9.noarch} END
2023-05-24 10:34:04 <1> localhost.localdomain(28421) [zypp-core] PathInfo.cc(unlink):706 unlink /var/cache/zypp/packages/repo-oss/noarch/gnome-initial-setup-lang-41.4-150400.1.9.noarch.rpm

Not sure what to make out of those. Although it looks like just logs in relation to updating packages relating to gnome-initial-setup, I didn’t notice anything in relation to creating a user account.

Also checked the passwd file and this is the entry for the user account which got created:

gnome-initial-setup:x:455:100::/run/gnome-initial-setup/:/sbin/nologin

Any idea why that account was added and what it’s for?

#2

The GNOME package “gnome-initial-setup” provides the following functionality –

Initial assistant, helping you to get the system up and running.

Further information here: <https://github.com/GNOME/gnome-initial-setup>.

A new system initially boots with no (human) users configured – the “GNOME Initial Setup” needs the user you’re worried about to perform the initial (human) user setup.

1 Like
#3

Thank you. That gives me some peace of mind. :grinning:

#4

Just to make something clear –

  • UNIX® is a multitasking, multi-user (time-sharing) operating system – Linux also …
    Meaning, many (possibly up to one thousand) users may be simultaneously logged into and, use, any given system …

Therefore, there is a unique User Identifier (UID) and, a Group Identifier (GID) associated with each and every user – regardless of whether the user is a real human being or, a system user «also know as a “pseudo user”» …

  • There are static (distribution dependent) system users with UIDs in the range 0 … 99 and, dynamic (applied by system administrators) system users with UIDs in the range 100 … 499.
    With the possible exception of the system user “root” « UID = 0 GID = 0 », the login to system users is in general disabled – with the possible exception of administrator accounts (users).

Why?

  • Because, in general, apart from the Linux Kernel, system processes should not be running with the UID of the user “root” – a system process should only be executing with the UID of a system user specifically associated with the task being executed by that system user …
    The system task is effectively executing within a “jail” – it can only access system resources directly associated with the task.

This automatically leads to a security advantage – if a system process attempts to access any system resource which is not related to the task being executed, simple user protections prevent the access attempt from succeeding …

Another advantage is that, the system will not be rendered unusable by a single misbehaving system process.