Date: Tue, 9 May 2023 10:26:27 +0200 From: Felix Palmen <zirias@FreeBSD.org> To: ports@freebsd.org Subject: Re: Unprivileged default user for "tiny" daemons? Message-ID: <7pvzx7x54djblto5nvepsbz5c76xhv2j6zssq7s7pvsjmvypde@jxxnzexifuvo> In-Reply-To: <ZFoAGH3aIMRuPQUE@spindle.one-eyed-alien.net> References: <hsletitqldfbhrucakzl3vvotkwp7ghfdpuzyty3b4yu3qdn4d@sdjyu6koet2t> <axmocd4atpwa6gckwlr6d3xwx3vduhgyzkywv6sbawtmssbgi6@o7dzq6knd4nr> <ZFoAGH3aIMRuPQUE@spindle.one-eyed-alien.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--n4lvbrxz4gb26o3a
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
* Brooks Davis <brooks@freebsd.org> [20230509 08:11]:
> On Tue, May 09, 2023 at 10:05:15AM +0200, Felix Palmen wrote:
> > * Felix Palmen <zirias@FreeBSD.org> [20230508 18:39]:
> > So, takeaway is: There is no safe choice other than allocating a
> > dedicated UID for every single daemon, even if it doesn't need to
> > own/access any files? Is this really correct?
>=20
> This is clearly the right choice even it's a bit of a pain.
Thanks for confirming. Well, my concern wasn't the hassle to actually do
that, but more the confusion created by the comment on top of UIDs, and
also the fact that this seems to be a "waste" of precious "uid space"
below 1000 if you don't need any file permissions...
But seems there's indeed no immediate solution here :(
Cheers, Felix
--=20
Felix Palmen <zirias@FreeBSD.org> {private} felix@palmen-it.de
-- ports committer (mentee) -- {web} http://palmen-it.de
{pgp public key} http://palmen-it.de/pub.txt
{pgp fingerprint} 6936 13D5 5BBF 4837 B212 3ACC 54AD E006 9879 F231
--n4lvbrxz4gb26o3a
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iNUEABYKAH0WIQRpNhPVW79IN7ISOsxUreAGmHnyMQUCZFoDs18UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0Njkz
NjEzRDU1QkJGNDgzN0IyMTIzQUNDNTRBREUwMDY5ODc5RjIzMQAKCRBUreAGmHny
MZ55AP9FQOp2Xf6tNAwRCPjjUAsyUkum1No7y55mDB/9rSqXiAD/TAXi+GbUcrY4
NSgNNO0j/T41voFrR8MifjjFjboc8wg=
=rYj+
-----END PGP SIGNATURE-----
--n4lvbrxz4gb26o3a--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7pvzx7x54djblto5nvepsbz5c76xhv2j6zssq7s7pvsjmvypde>