From owner-freebsd-questions@FreeBSD.ORG Thu May 21 03:41:13 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 72AB0106564A for ; Thu, 21 May 2009 03:41:13 +0000 (UTC) (envelope-from alexus@gmail.com) Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.29]) by mx1.freebsd.org (Postfix) with ESMTP id 262818FC0C for ; Thu, 21 May 2009 03:41:13 +0000 (UTC) (envelope-from alexus@gmail.com) Received: by yw-out-2324.google.com with SMTP id 9so544281ywe.13 for ; Wed, 20 May 2009 20:41:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=7AXqBqUZbxbvfgq07kq7aT6teExFc7fu6jKwODKImIE=; b=pY0iZYLwxNGFpzUp1P34mq74uZ+s60DLRRZyzaYzfuoymcmnklgZ39QgvKElWxllvI O7N3iRhOlOe107p+wDZSOH9z8VKUf7qgr3fXeNfYC7lfKGTYDrLIFiFMrvfooxyZttLH KUqvN5ae/tI+4pCRVvMmxx6syuzpDWqt3d64s= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=otI+vrDlo41Yr0bgnR9kkXIZh1y8/lHPvBLf/9T9pQpXGnDl/cI+YRgb3WTlZzo25E gzCFL4mTSjqDENF5GFSlgJMofYiE+LG6jn0SSIHjeBgxm0eOtXscKvnCodyfSpmIp2RF BmgZ2iJXlXmQY1XPayHFFdHV2Yx8OIVSMoOWQ= MIME-Version: 1.0 Received: by 10.151.69.8 with SMTP id w8mr4228128ybk.16.1242877272570; Wed, 20 May 2009 20:41:12 -0700 (PDT) In-Reply-To: <4a14799d.ZY4je8ybkiXA5l8q%perryh@pluto.rain.com> References: <6ae50c2d0905171301y2d92a7b1mc3598295de12ecc2@mail.gmail.com> <6ae50c2d0905191218mca27c81o67a7e2f0a2a37ca8@mail.gmail.com> <200905201346.33032.mel.flynn+fbsd.questions@mailing.thruhere.net> <6ae50c2d0905200713t7d9c785fs4f6c5ec6db4166de@mail.gmail.com> <6ae50c2d0905200718u596a087du537f64abe20a4ff7@mail.gmail.com> <6ae50c2d0905200719sf099123g769920981b84efcc@mail.gmail.com> <4a14799d.ZY4je8ybkiXA5l8q%perryh@pluto.rain.com> Date: Wed, 20 May 2009 23:41:12 -0400 Message-ID: <6ae50c2d0905202041j6189ad7fpf73ad6ad70826dd1@mail.gmail.com> From: alexus To: perryh@pluto.rain.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-questions@freebsd.org Subject: Re: proftpd TLS X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 May 2009 03:41:13 -0000 On Wed, May 20, 2009 at 5:43 PM, wrote: > alexus wrote: >> ... i guess my main concern it not to run it as root now > > AFAIK it is normal for a daemon to run as root if it expects to > receive login credentials: > > * For any but the most minimal authentication scheme, it must be > =C2=A0root to authenticate the credentials. =C2=A0(A scheme which enables= an > =C2=A0untrusted program to authenticate login credentials is vulnerable > =C2=A0to brute-force attacks.) > > * Regardless of the authentication scheme, it must be root in > =C2=A0order to assume the identity of the newly logged in user. > all my users are virtual users to begin with, so that's not really a concern, but i'd like to keep it running as non root thats for sure --=20 http://alexus.org/