Date: Wed, 13 Jan 1999 19:38:27 +0100 (CET) From: Jeroen Ruigrok/Asmodai <asmodai@wxs.nl> To: andrewr <andrewr@slack.net> Cc: FreeBSD Security <security@FreeBSD.ORG> Subject: Re: GIDs for new default system `users' Message-ID: <XFMail.990113193827.asmodai@wxs.nl> In-Reply-To: <Pine.NEB.3.96.990113085054.7691A-100000@brooklyn.slack.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 13-Jan-99 andrewr wrote: > > > On Wed, 13 Jan 1999, Jeroen Ruigrok/Asmodai wrote: > >> Hi guys, >> >> I have a question/remark I am very well concerned with... >> >> Is there something specific about nogroup btw, that it has this explicit >> name? If not, if it's bascially the same as nobody, then I am all in >> favor of moving those tty-sandbox and kmem-sandbox to their own group >> id's for the sake of security... > > IMHO, just like qmail, any important service that is running on a machine, > should have their own gid. I agree with you on this completely.. however > it does seem kind of crazy to just go out and be throwing gid's around to > everyone and every thing. Well, I think that depends. The average system has at least 65535 gids available, of which roughly 20-30 are in use by default. That leaves us with 65500 gids free. Of these lets say about 1000 might be in use by active users and 2000 in use by inactive users. That still leaves us with 62000 gids to use... I frankly don't see the problem, in fact I see more benefits, except from a slight administration point of view it might be more problematic at start. --- Jeroen Ruigrok van der Werven A veil of smoke is what I am, asmodai(at)wxs.nl I wait and I wait... Network/Security Specialist <http://home.wxs.nl/~asmodai>; BSD & picoBSD: The Power to Serve <http://www.freebsd.org>; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.990113193827.asmodai>