Date: Fri, 29 Mar 2002 00:06:33 -0800 From: "Eyal Soha" <esoha@attbi.com> To: <freebsd-ports@FreeBSD.ORG> Subject: ports creating UID Message-ID: <00ad01c1d6f8$a40aa8c0$6730ea0c@eyal>
next in thread | raw e-mail | index | archive | help
I'm working on a port (noip) that needs to store a config file in /usr/local/etc (no-ip.conf) and start a background process through a file in /usr/local/etc/rc.d (noip.sh). The config file has a password in it that should not be readable by others. I can change the permissions on the config file to 600 so that only the background process can read it, but I'm wondering if it would be a good idea to have noip run as something other than root. There's no reason that noip needs to run as root and it seems to me more secure to have it run with a different UID. Should the port have the noip files run as root, as nobody, or have noip create a new user and use that? Root is easiest but least secure and I don't like the idea of having a nobody process accessing special nobody files. Is there some precedent on this? Eyal PS Sorry if I'm repeating a recently asked questioned. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00ad01c1d6f8$a40aa8c0$6730ea0c>