From owner-freebsd-security Wed Dec 6 8: 0: 4 2000 From owner-freebsd-security@FreeBSD.ORG Wed Dec 6 07:59:59 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from epsilon.lucida.ca (epsilon.lucida.ca [216.95.146.6]) by hub.freebsd.org (Postfix) with SMTP id ED91A37B400 for ; Wed, 6 Dec 2000 07:59:58 -0800 (PST) Received: (qmail 76269 invoked by uid 1000); 6 Dec 2000 15:59:57 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 6 Dec 2000 15:59:57 -0000 Date: Wed, 6 Dec 2000 10:59:55 -0500 (EST) From: Matt Heckaman X-Sender: matt@epsilon.lucida.ca To: mouss Cc: FreeBSD-SECURITY Subject: Re: [spam score 10.00/10.0 -pobox] Re: Fw: NAPTHA Advisory Updated - BindView RAZOR In-Reply-To: <4.3.0.20001206150604.05998d30@pop.free.fr> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: localhost 1.6.2 0/1000/N Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 6 Dec 2000, mouss wrote: : isn't enough to create an account for each server or group of servers, : and use login.conf for the users? For some things yes, but not for most. The daemons that must run as root? It would be somewhat detrimental to put a restrictive fd limit on root. I can picture finding a problem, switching to root, and not being able to type a command because it's out of procs. :) * Matt Heckaman - mailto:matt@lucida.qc.ca http://www.lucida.qc.ca/ * * GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE6LmJ9dMMtMcA1U5ARAhFzAJ9ZpbjwvvJf1ofXpTZI+bI0MClFHgCffhDu QWpcBaJYACBD37A5791nLzk= =WkjR -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message