Date: Tue, 10 Dec 2002 11:36:59 -0800 From: Erick Mechler <emechler@techometer.net> To: Duckbreath <duckbreath@yahoo.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Privsep Message-ID: <20021210193659.GI458@techometer.net> In-Reply-To: <20021210192837.88790.qmail@web41302.mail.yahoo.com> References: <20021210192837.88790.qmail@web41302.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:: So how do I get sshd to run off the sshd user? :: Would apache be cooperative with the www user as well, :: or is that more tricky? Privsep is just an sshd thing right now. If you do a system upgrade via source, the new user should get setup, and the appropriate chroot environment will as well (/var/empty). To enable sshd privsep, set UsePrivilegeSeparation yes in /etc/ssh/sshd_config. As for running Apache as the www user, set User www Group www in your httpd.conf file. Make sure that the user and group you choose can read all the files in your DocumentRoot, too. The parent process will continue to run as root (binding to privileged ports and all), but the children will run as www). Hope this helps... Cheers - Erick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021210193659.GI458>