From owner-freebsd-questions@FreeBSD.ORG Tue Aug 16 13:31:59 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 14BA8106566B for ; Tue, 16 Aug 2011 13:31:59 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3fd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id 71C2F8FC13 for ; Tue, 16 Aug 2011 13:31:58 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id p7GDVgWm005941 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Tue, 16 Aug 2011 14:31:50 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: Sendmail DKIM Filter v2.8.3 smtp.infracaninophile.co.uk p7GDVgWm005941 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1313501511; bh=oTixfmWf5nq1EvMQyp6eShD7D6xdbQkKz/QE+AVOR8c=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Cc:Content-Type:Date:From:In-Reply-To: Message-ID:Mime-Version:References:To; z=Message-ID:=20<4E4A7136.7040203@infracaninophile.co.uk>|Date:=20T ue,=2016=20Aug=202011=2014:31:34=20+0100|From:=20Matthew=20Seaman= 20|User-Agent:=20Mozilla/5.0=20(M acintosh=3B=20Intel=20Mac=20OS=20X=2010.6=3B=20rv:5.0)=20Gecko/201 10624=20Thunderbird/5.0|MIME-Version:=201.0|To:=20Chuck=20Swiger=2 0|CC:=20Chris=20Brennan=20, =20=0D=0A=20FreeBSD=20Questions=20| Subject:=20Re:=20unprivledged=20users=20(for=20a=20service)|Refere nces:=20<20110815163659.GA22081@gmail.com>=20<238F0CF5-33DC-4F9A-8 8E3-F8356E125573@mac.com>|In-Reply-To:=20<238F0CF5-33DC-4F9A-88E3- F8356E125573@mac.com>|X-Enigmail-Version:=201.2|OpenPGP:=20id=3D60 AE908C|Content-Type:=20multipart/signed=3B=20micalg=3Dpgp-sha1=3B= 0D=0A=20protocol=3D"application/pgp-signature"=3B=0D=0A=20boundary =3D"------------enig83B3C751BCE091AE19774CD5"; b=IJX6/PaFWbPzZpLQhlZHIhauGT1Q6Xv98DnP4xfAfWQ8qNUQJikY88rrdPAkxx23m 0OrDYZ+BDnxCGfKS3zTQJ8L9Ge7gT8I3MVMiwq3AO/qD/9y2Ucr+Dp2WGq1CwL3NQw LqtWni9pu80FrqfQAukohN0UoxgPjv9pFWDyYGVQ= Message-ID: <4E4A7136.7040203@infracaninophile.co.uk> Date: Tue, 16 Aug 2011 14:31:34 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20110624 Thunderbird/5.0 MIME-Version: 1.0 To: Chuck Swiger References: <20110815163659.GA22081@gmail.com> <238F0CF5-33DC-4F9A-88E3-F8356E125573@mac.com> In-Reply-To: <238F0CF5-33DC-4F9A-88E3-F8356E125573@mac.com> X-Enigmail-Version: 1.2 OpenPGP: id=60AE908C Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig83B3C751BCE091AE19774CD5" X-Virus-Scanned: clamav-milter 0.97.2 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-0.6 required=5.0 tests=BAYES_05,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_FAIL autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk Cc: FreeBSD Questions , Chris Brennan Subject: Re: unprivledged users (for a service) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Aug 2011 13:31:59 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig83B3C751BCE091AE19774CD5 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 15/08/2011 17:42, Chuck Swiger wrote: > On Aug 15, 2011, at 9:37 AM, Chris Brennan wrote: >> > It's been a while since I've had to do this and the drive that conta= ined=20 >> > all of my notes is dead, along with the backup (I was actually lucky= to=20 >> > recover my home drive before it also failed but my notes were not=20 >> > there). I cannot for the life of me remember how to properly add an = >> > unprivledged user that will only be used for running a specific syst= em=20 >> > service. So it doesn't need a login shell or $HOME. > Add a user and set the shell to /bin/false or perhaps /sbin/nologin; fo= r $HOME set it to /var/empty or /tmp, perhaps. Good advice, except... for this sort of user that exists solely to run various processes, generally it is preferable for them *not* to be able to write to their home directory. Especially if the software concerned is exposed to the internet. The reasoning here is that if there is, say, a buffer overflow attack against your software, then an attacker can remotely inject and run various sorts of shell-code exploits. If they can change arbitrary files in the accounts home directory, then they can relatively simply get a login shell. So, /tmp not a good idea. / is actually a pretty good choice, and similarly /var/empty (which is specifically designed for this sort of thing.) Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enig83B3C751BCE091AE19774CD5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5KcT4ACgkQ8Mjk52CukIx4UgCdG7NIKRYkOm6HrPczMPf7u2EE btoAnilSO6Q6XBtYw9Q0dWv1cV8RoRgb =Pp0b -----END PGP SIGNATURE----- --------------enig83B3C751BCE091AE19774CD5--