From owner-freebsd-ports  Thu Feb  8  4:42: 7 2001
Delivered-To: freebsd-ports@freebsd.org
Received: from fling.sanbi.ac.za (fling.sanbi.ac.za [196.38.142.119])
	by hub.freebsd.org (Postfix) with ESMTP
	id C28C537B503; Thu,  8 Feb 2001 04:41:47 -0800 (PST)
Received: from johann by fling.sanbi.ac.za with local (Exim 3.13 #4)
	id 14QqO5-000FoL-00; Thu, 08 Feb 2001 14:41:25 +0200
Date: Thu, 8 Feb 2001 14:41:25 +0200
From: Johann Visagie <johann@egenetics.com>
To: Neil Blakey-Milner <nbm@mithrandr.moria.org>
Cc: Kris Kennaway <kris@obsecurity.org>, ports@FreeBSD.org,
	sheldonh@freebsd.org
Subject: Re: Needed: apache/httpd ports to use 'www' user
Message-ID: <20010208144125.I56586@fling.sanbi.ac.za>
References: <20010207014012.B22502@mollari.cthul.hu> <20010207115736.A37769@rapier.smartspace.co.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010207115736.A37769@rapier.smartspace.co.za>; from nbm@mithrandr.moria.org on Wed, Feb 07, 2001 at 11:57:37AM +0200
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Neil Blakey-Milner on 2001-02-07 (Wed) at 11:57:37 +0200:
> 
> I prefer a "httpd" bikeshed - it's less likely to have been used by
> others (and I've seen lots of places with a "www" group, and
> group-writable web pages).  I personally use "apache", but that may be
> too specific; but I like specific.
> 
> I've been working on moving zope to user zope - it's also the way I run
> it by default.  "squid" is another good target.

Moving off at a slight tangent...  what about alternative MTAs (where
"alterntive" means "non-sendmail")?

The only alternative MTA I use fairly often is Exim, and I recently noted
that the FreeBSD port of Exim is still installed to run as root.  There are
certainly some security advantages to be gained from running it as a
non-privileged user (though this could imply fiddling with the permissions of
various spool directories).

Does this apply to other alternative MTAs as well?  If so, should there be
one "mail" user for all of them, or should they each create their own sanbox
user?

[ CC to sheldonh, as I've been talking to him about the Exim port recently ]

-- Johann


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message