From owner-freebsd-security  Tue Jun  1 19:52:43 1999
Delivered-To: freebsd-security@freebsd.org
Received: from mail.theinternet.com.au (zeus.theinternet.com.au [203.34.176.2])
	by hub.freebsd.org (Postfix) with ESMTP id CCD5D14DE0
	for <freebsd-security@FreeBSD.ORG>; Tue,  1 Jun 1999 19:52:37 -0700 (PDT)
	(envelope-from akm@mail.theinternet.com.au)
Received: (from akm@localhost)
	by mail.theinternet.com.au (8.9.3/8.9.3) id MAA22390;
	Wed, 2 Jun 1999 12:54:39 +1000 (EST)
	(envelope-from akm)
From: Andrew Kenneth Milton <akm@mail.theinternet.com.au>
Message-Id: <199906020254.MAA22390@mail.theinternet.com.au>
Subject: Re: Shell Account system
In-Reply-To: <Pine.BSF.4.10.9906012217250.688-100000@aic-gw.mlink.net> from matt at "Jun 1, 1999 10:19: 3 pm"
To: matt@Mlink.NET (matt)
Date: Wed, 2 Jun 1999 12:54:39 +1000 (EST)
Cc: akm@mail.theinternet.com.au, bc@thehub.com.au, cain@tasam.com,
	freebsd-security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL43 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

+----[ matt ]---------------------------------------------
| On Wed, 2 Jun 1999, Andrew Kenneth Milton wrote:
| 
| [...]
| 
| : It's normally suid because the conf files are readable only by the
| : 'owner' -- it's also suid to limit the damage you can do, normally
| : you setup an 'irc' account and make it suid that.
| 
| Actually, You normally would make an account called irc or ircd, chmod
| that home directory 700, set the D/S paths in the ircd config, and run
| it FROM the irc home dir, with the conf chmod 600. There's absolutely
| no need to SUID ircd at all, nor would I recommend it.

Unless you have multiple remote admins, who you don't want to be
able to stuff with the conf files, but, you do want them to be able
to restart the daemon.

-- 
Totally Holistic Enterprises Internet|  P:+61 7 3870 0066   |  Andrew
The Internet (Aust) Pty Ltd          |  F:+61 7 3870 4477   |  Milton
ACN: 082 081 472                     |  M:+61 416 022 411   |72 Col .Sig
PO Box 837 Indooroopilly QLD 4068    |akm@theinternet.com.au|Specialist


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message