Date: Wed, 2 Jun 1999 12:54:39 +1000 (EST) From: Andrew Kenneth Milton <akm@mail.theinternet.com.au> To: matt@Mlink.NET (matt) Cc: akm@mail.theinternet.com.au, bc@thehub.com.au, cain@tasam.com, freebsd-security@FreeBSD.ORG Subject: Re: Shell Account system Message-ID: <199906020254.MAA22390@mail.theinternet.com.au> In-Reply-To: <Pine.BSF.4.10.9906012217250.688-100000@aic-gw.mlink.net> from matt at "Jun 1, 1999 10:19: 3 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
+----[ matt ]--------------------------------------------- | On Wed, 2 Jun 1999, Andrew Kenneth Milton wrote: | | [...] | | : It's normally suid because the conf files are readable only by the | : 'owner' -- it's also suid to limit the damage you can do, normally | : you setup an 'irc' account and make it suid that. | | Actually, You normally would make an account called irc or ircd, chmod | that home directory 700, set the D/S paths in the ircd config, and run | it FROM the irc home dir, with the conf chmod 600. There's absolutely | no need to SUID ircd at all, nor would I recommend it. Unless you have multiple remote admins, who you don't want to be able to stuff with the conf files, but, you do want them to be able to restart the daemon. -- Totally Holistic Enterprises Internet| P:+61 7 3870 0066 | Andrew The Internet (Aust) Pty Ltd | F:+61 7 3870 4477 | Milton ACN: 082 081 472 | M:+61 416 022 411 |72 Col .Sig PO Box 837 Indooroopilly QLD 4068 |akm@theinternet.com.au|Specialist To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906020254.MAA22390>