From owner-freebsd-isp Tue Jan 2 15:28:18 2001 From owner-freebsd-isp@FreeBSD.ORG Tue Jan 2 15:28:16 2001 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from Samizdat.uucom.com (samizdat.uucom.com [198.202.217.54]) by hub.freebsd.org (Postfix) with ESMTP id D08AC37B400 for ; Tue, 2 Jan 2001 15:28:15 -0800 (PST) Received: (from cshenton@localhost) by Samizdat.uucom.com (8.9.3/8.9.3) id SAA22575; Tue, 2 Jan 2001 18:27:49 -0500 (EST) To: "Jeffrey D. LaCoursiere" Cc: freebsd-isp@FreeBSD.ORG Subject: Re: FW: Prepaid Internet Service (fwd) References: From: Chris Shenton Date: 02 Jan 2001 18:27:49 -0500 In-Reply-To: "Jeffrey D. LaCoursiere"'s message of "Tue, 2 Jan 2001 15:59:09 -0600 (CST)" Message-ID: Lines: 18 User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 2 Jan 2001 15:59:09 -0600 (CST), "Jeffrey D. LaCoursiere" said: Jeffrey> It is true that most of the BillMax processes run as root. Jeffrey> This is only a security issue if the machine is accessible to Jeffrey> the outside world, which generally it is not. [...] I'll be doing some work for an ISP which just purchased BillMax. I'm a bit of a paranoid so running as root may bother me more than most -- even if you've tried to close all the doors you can think of. I prefer the "principal of least privilege". While I'm not intimate with BillMax yet, I have done lots of work with apache, php, perl, mysql, radius, etc. I can't see that anything in BillMax would require running as root, since none of the components does. If not, I'd certainly prefer it to run as some non-root user, maybe even something like user "billmax". Thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message