Date: Thu, 25 Oct 2001 02:42:41 -0400 From: Anthony Schneider <aschneid@mail.slc.edu> To: Dave <mudman@R181172.resnet.ucsb.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re: lowering uids, startup Message-ID: <20011025024241.A2163@mail.slc.edu> In-Reply-To: <Pine.BSF.4.33.0110242313350.17839-100000@R181172.resnet.ucsb.edu>; from mudman@R181172.resnet.ucsb.edu on Wed, Oct 24, 2001 at 11:36:16PM -0700 References: <Pine.BSF.4.33.0110242313350.17839-100000@R181172.resnet.ucsb.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
you may create a /usr/local/etc/rc.d/ script which simply has su -c "command" user in it, where user is the unprivileged user you want the program to run under, and command is a quote string of the full command and arguments. For example: su -c "ls /root" nobody will execute the command "ls /root" as user nobody. This is a pretty lame example, because you wouldn't want it in a startup script, and because I don't think /root is permed against non-root users, but you see what I mean. :) -Anthony. On Wed, Oct 24, 2001 at 11:36:16PM -0700, Dave wrote: > > I am interested in learning how to start up a program (a 3rd party server > program, a daemon, whatever) automatically from boot up without using > inetd and without using a root uid. > > I do know that /usr/local/etc/rc.d/ (mostly from my ports downloads) will > automatically run packages such as ssh and apache, and really anything you > put in there. Unfortunately, these things initially run as root, so I'm > skeptical about using it. > > Are there any good, safe, secure ways to automatically start up third > party services in really low privileged environments? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011025024241.A2163>