Date: Tue, 26 Jul 2005 01:11:03 +0200 From: Thomas Krause <freebsd-isp@chef-ingenieur.de> To: Eric Anderson <anderson@centtech.com> Cc: freebsd-isp@freebsd.org Subject: Re: preventing a user to start a process Message-ID: <42E57187.50503@chef-ingenieur.de> In-Reply-To: <42E549E7.4070606@centtech.com> References: <42E54654.1090705@chef-ingenieur.de> <42E549E7.4070606@centtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Eric Anderson schrieb: > Thomas Krause wrote: > >> Hello, >> is it possible to bar a user (www) from starting a process? >> I've a irc daemon running under the uid www. I think >> this was done by php. What would be the best way to prevent >> this (php should be remain usable)? I've installed ipfw rules, >> but this doesn't prevent the starting of the process. > > > Change the permissions on the file to not allow world execution? > > chmod 750 /path/to/irc-daemon the daemon was - downloaded - extracted - started by user www in dir /var/tmp, which has permission 1777 Regards, Thomas. > > and make sure it isn't owner by www user, and the www user is not in the > group that owns the daemon. > > Eric > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42E57187.50503>