From owner-freebsd-isp@FreeBSD.ORG  Mon Jul 25 23:10:49 2005
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DBCDC16A41F
	for <freebsd-isp@freebsd.org>; Mon, 25 Jul 2005 23:10:49 +0000 (GMT)
	(envelope-from freebsd-isp@chef-ingenieur.de)
Received: from mta.webmatic.de (mta.webmatic.de [212.78.99.126])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 026D843D45
	for <freebsd-isp@freebsd.org>; Mon, 25 Jul 2005 23:10:48 +0000 (GMT)
	(envelope-from freebsd-isp@chef-ingenieur.de)
Received: (qmail 58203 invoked by uid 1003); 25 Jul 2005 23:10:43 -0000
Received: from freebsd-isp@chef-ingenieur.de by mta.webmatic.de by uid 89 with
	qmail-scanner-1.22 
	(spamassassin: 2.63.  Clear:RC:1(217.186.8.102):. 
	Processed in 0.059439 secs); 25 Jul 2005 23:10:43 -0000
Received: from unknown (HELO ?172.21.1.12?)
	(freebsd-stable@chef-ingenieur.de@217.186.8.102)
	by mta.webmatic.de with (DHE-RSA-AES256-SHA encrypted) SMTP;
	25 Jul 2005 23:10:43 -0000
Message-ID: <42E57187.50503@chef-ingenieur.de>
Date: Tue, 26 Jul 2005 01:11:03 +0200
From: Thomas Krause <freebsd-isp@chef-ingenieur.de>
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
X-Accept-Language: de-DE, de, en-us, en
MIME-Version: 1.0
To: Eric Anderson <anderson@centtech.com>
References: <42E54654.1090705@chef-ingenieur.de>
	<42E549E7.4070606@centtech.com>
In-Reply-To: <42E549E7.4070606@centtech.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-isp@freebsd.org
Subject: Re: preventing a user to start a process
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2005 23:10:50 -0000



Eric Anderson schrieb:
> Thomas Krause wrote:
> 
>> Hello,
>> is it possible to bar a user (www) from starting a process?
>> I've a irc daemon running under the uid www. I think
>> this was done by php. What would be the best way to prevent
>> this (php should be remain usable)? I've installed ipfw rules,
>> but this doesn't prevent the starting of the process.
> 
> 
> Change the permissions on the file to not allow world execution?
> 
> chmod 750 /path/to/irc-daemon

the daemon was
- downloaded
- extracted
- started

by user www in dir /var/tmp, which has permission 1777

Regards,
Thomas.


> 
> and make sure it isn't owner by www user, and the www user is not in the 
> group that owns the daemon.
> 
> Eric
> 
> 
>