Date: Wed, 20 May 2009 23:41:12 -0400 From: alexus <alexus@gmail.com> To: perryh@pluto.rain.com Cc: freebsd-questions@freebsd.org Subject: Re: proftpd TLS Message-ID: <6ae50c2d0905202041j6189ad7fpf73ad6ad70826dd1@mail.gmail.com> In-Reply-To: <4a14799d.ZY4je8ybkiXA5l8q%perryh@pluto.rain.com> References: <6ae50c2d0905171301y2d92a7b1mc3598295de12ecc2@mail.gmail.com> <c1e7523f0905191126o317b254aia654ed83cd141f5@mail.gmail.com> <6ae50c2d0905191218mca27c81o67a7e2f0a2a37ca8@mail.gmail.com> <200905201346.33032.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> <6ae50c2d0905200713t7d9c785fs4f6c5ec6db4166de@mail.gmail.com> <6ae50c2d0905200718u596a087du537f64abe20a4ff7@mail.gmail.com> <6ae50c2d0905200719sf099123g769920981b84efcc@mail.gmail.com> <4a14799d.ZY4je8ybkiXA5l8q%perryh@pluto.rain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 20, 2009 at 5:43 PM, <perryh@pluto.rain.com> wrote: > alexus <alexus@gmail.com> wrote: >> ... i guess my main concern it not to run it as root now > > AFAIK it is normal for a daemon to run as root if it expects to > receive login credentials: > > * For any but the most minimal authentication scheme, it must be > =C2=A0root to authenticate the credentials. =C2=A0(A scheme which enables= an > =C2=A0untrusted program to authenticate login credentials is vulnerable > =C2=A0to brute-force attacks.) > > * Regardless of the authentication scheme, it must be root in > =C2=A0order to assume the identity of the newly logged in user. > all my users are virtual users to begin with, so that's not really a concern, but i'd like to keep it running as non root thats for sure --=20 http://alexus.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6ae50c2d0905202041j6189ad7fpf73ad6ad70826dd1>