Date: Mon, 27 Oct 1997 09:39:16 -0800 (PST) From: Tom <tom@uniserve.com> To: Nate Williams <nate@mt.sri.com> Cc: "Andrey A. Chernov" <ache@freebsd.org>, cvs-committers@freebsd.org, cvs-all@freebsd.org, cvs-etc@freebsd.org Subject: Re: cvs commit: src/etc master.passwd Message-ID: <Pine.BSF.3.96.971027093542.11950A-100000@shell.uniserve.com> In-Reply-To: <199710271718.KAA00563@rocky.mt.sri.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 27 Oct 1997, Nate Williams wrote: > > ache 1997/10/27 08:59:09 PST > > > > Modified files: > > etc master.passwd > > Log: > > Move nobody to daemon class, otherwise it is impossible to start fingerd > > while Apache is running, it effectively eats all default class limits for > > nobody > > This seems silly. 'nobody' is nobody, and if Apache is running as > nobody, it should be running as daemon, or another (new) user. nobody > should be running as 'nobody'. :) I agree with that. Apache should be running as some other user. A problem with fingerd is that is does fuzzy lookups by default. If /etc/master.passwd is large, it will use a significant amount of CPU. Starting up 30-40 fingerds makes an easy and effective DoS attack. I had this happen to me. I now use xinetd to limit the number of simultaneous fingerd's, but an effective login class would be good too. > Nate Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971027093542.11950A-100000>