From owner-cvs-etc Mon Oct 27 09:43:35 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id JAA08737 for cvs-etc-outgoing; Mon, 27 Oct 1997 09:43:35 -0800 (PST) (envelope-from owner-cvs-etc) Received: from mail.uniserve.com (dns1-van.uniserve.com [204.244.163.48]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id JAA08447; Mon, 27 Oct 1997 09:39:59 -0800 (PST) (envelope-from tom@uniserve.com) Received: from shell.uniserve.com [204.244.210.252] by mail.uniserve.com with smtp (Exim 1.70 #1) id 0xPt8J-0001J8-00; Mon, 27 Oct 1997 09:39:19 -0800 Date: Mon, 27 Oct 1997 09:39:16 -0800 (PST) From: Tom To: Nate Williams cc: "Andrey A. Chernov" , cvs-committers@freebsd.org, cvs-all@freebsd.org, cvs-etc@freebsd.org Subject: Re: cvs commit: src/etc master.passwd In-Reply-To: <199710271718.KAA00563@rocky.mt.sri.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-etc@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Mon, 27 Oct 1997, Nate Williams wrote: > > ache 1997/10/27 08:59:09 PST > > > > Modified files: > > etc master.passwd > > Log: > > Move nobody to daemon class, otherwise it is impossible to start fingerd > > while Apache is running, it effectively eats all default class limits for > > nobody > > This seems silly. 'nobody' is nobody, and if Apache is running as > nobody, it should be running as daemon, or another (new) user. nobody > should be running as 'nobody'. :) I agree with that. Apache should be running as some other user. A problem with fingerd is that is does fuzzy lookups by default. If /etc/master.passwd is large, it will use a significant amount of CPU. Starting up 30-40 fingerds makes an easy and effective DoS attack. I had this happen to me. I now use xinetd to limit the number of simultaneous fingerd's, but an effective login class would be good too. > Nate Tom