From owner-freebsd-current  Tue May 25  7:26:25 1999
Delivered-To: freebsd-current@freebsd.org
Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11])
	by hub.freebsd.org (Postfix) with SMTP id 4866A14C24
	for <freebsd-current@freebsd.org>; Tue, 25 May 1999 07:26:17 -0700 (PDT)
	(envelope-from dwmalone@maths.tcd.ie)
Received: from hamilton.maths.tcd.ie by salmon.maths.tcd.ie with SMTP
          id <aa27225@salmon.maths.tcd.ie>; 25 May 99 15:26:17 +0100 (BST)
To: freebsd-current@freebsd.org
Subject: Sandbox for rpc services?
X-Request-Do: 
Date: Tue, 25 May 1999 15:26:17 +0100
From: David Malone <dwmalone@maths.tcd.ie>
Message-ID:  <9905251526.aa27225@salmon.maths.tcd.ie>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Since identd and talk have been sandboxed in -current I was wondering if
rpc services could also be sandboxed, or is there something which says
they have to run as root. I'm guessing, but it might be possible to run
the following services with the following privilege.

	rstatd		kmem
	rusersd		nobody
	walld		tty
	pcnfsd		root
	rquotad		root
	sprayd		nobody
	lockd		root
	statd		?
	nfsd		root
	nfsiod		root

Has anyone thought about this? Is it a dead end, or should I try to find
out if it works?

	David.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message