From owner-freebsd-security  Tue Dec 10 11:28:41 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9E10F37B401
	for <freebsd-security@freebsd.org>; Tue, 10 Dec 2002 11:28:38 -0800 (PST)
Received: from web41302.mail.yahoo.com (web41302.mail.yahoo.com [66.218.93.51])
	by mx1.FreeBSD.org (Postfix) with SMTP id 95D8C43EC5
	for <freebsd-security@freebsd.org>; Tue, 10 Dec 2002 11:28:37 -0800 (PST)
	(envelope-from duckbreath@yahoo.com)
Message-ID: <20021210192837.88790.qmail@web41302.mail.yahoo.com>
Received: from [12.155.142.123] by web41302.mail.yahoo.com via HTTP; Tue, 10 Dec 2002 11:28:37 PST
Date: Tue, 10 Dec 2002 11:28:37 -0800 (PST)
From: Duckbreath <duckbreath@yahoo.com>
Subject: Privsep
To: freebsd-security@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi!  I know awhile back there was a little rucus and
next thing I knew it, I was getting 'sshd' and 'www'
users in my group with the newest versions of the
FreeBSD RELEASE.

Hip hip hooray!  These look useful.  I should of used
them earlier -- if I knew how.  Anyway, the status quo
is I'm still running too much under root and I want to
take advantage of this priv sep business.  Now I went
searching through the handbook, and here is what I
concluded:
1) It is not in the handbook, OR
2) I am very lousy at going through the handbook.

So how do I get sshd to run off the sshd user?  
Would apache be cooperative with the www user as well,
or is that more tricky?

These are not ports I'm using -- I like to download
from source directly from the ssh/apache folks.

So umm.. how do I get this privsep thing going for me?

Sorry about the Yahoo account (and the do you Yahoo!?
signature you are about to receive), but I don't want
to lure every scripter and blackhat in the known
universe to run screaming 'root daemon! root daemon!
attack attack!!!'....


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message