From owner-freebsd-ports Fri Mar 29 0: 6:27 2002 Delivered-To: freebsd-ports@freebsd.org Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by hub.freebsd.org (Postfix) with ESMTP id 851D737B416 for ; Fri, 29 Mar 2002 00:06:24 -0800 (PST) Received: from eyal ([12.234.48.103]) by rwcrmhc53.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020329080622.CDGH2928.rwcrmhc53.attbi.com@eyal> for ; Fri, 29 Mar 2002 08:06:22 +0000 Message-ID: <00ad01c1d6f8$a40aa8c0$6730ea0c@eyal> From: "Eyal Soha" To: Subject: ports creating UID Date: Fri, 29 Mar 2002 00:06:33 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm working on a port (noip) that needs to store a config file in /usr/local/etc (no-ip.conf) and start a background process through a file in /usr/local/etc/rc.d (noip.sh). The config file has a password in it that should not be readable by others. I can change the permissions on the config file to 600 so that only the background process can read it, but I'm wondering if it would be a good idea to have noip run as something other than root. There's no reason that noip needs to run as root and it seems to me more secure to have it run with a different UID. Should the port have the noip files run as root, as nobody, or have noip create a new user and use that? Root is easiest but least secure and I don't like the idea of having a nobody process accessing special nobody files. Is there some precedent on this? Eyal PS Sorry if I'm repeating a recently asked questioned. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message