Date: Tue, 1 Jun 1999 20:13:42 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: Andrew Kenneth Milton <akm@mail.theinternet.com.au> Cc: matt@Mlink.NET (matt), akm@mail.theinternet.com.au, bc@thehub.com.au, cain@tasam.com, freebsd-security@FreeBSD.ORG Subject: Re: Shell Account system Message-ID: <199906020313.UAA86277@apollo.backplane.com> References: <199906020254.MAA22390@mail.theinternet.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
:|
:| Actually, You normally would make an account called irc or ircd, chmod
:| that home directory 700, set the D/S paths in the ircd config, and run
:| it FROM the irc home dir, with the conf chmod 600. There's absolutely
:| no need to SUID ircd at all, nor would I recommend it.
:
:Unless you have multiple remote admins, who you don't want to be
:able to stuff with the conf files, but, you do want them to be able
:to restart the daemon.
:
:--
:Totally Holistic Enterprises Internet| P:+61 7 3870 0066 | Andrew
You can always argue that your favoriate methods of admin requires
binaries to be suid-root, but all it means is that you need to change
your methods.
In this case, I think of several ways to avoid running ircd as root or
with root and have admins who do not have root or access to the ircd
account to nevertheless be able to restart the daemon. Perhaps with
a special port/password, or simply with an suid-ircd program which kills
and restarts ircd. No brainer. No root access required.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906020313.UAA86277>