Date: Mon, 2 Jun 2003 12:43:52 -0400 From: Scott Lambert <lambert@lambertfam.org> To: isp@freebsd.org, security@freebsd.org Subject: Re: quick poppassd question Message-ID: <20030602164352.GA80586@laptop.lambertfam.org> In-Reply-To: <AJENJFOLCLAHHIIGCCHNAEAGGMAA.admin-lists@wolfpaw.net> References: <001b01c3291e$80b3ca90$23fbab3f@psknet.com> <AJENJFOLCLAHHIIGCCHNAEAGGMAA.admin-lists@wolfpaw.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 02, 2003 at 10:50:38AM -0600, Wolfpaw - Dale Corse wrote: > > Perhaps someone can shed more light on the subject, but it's my > > impression that most system process run with a UID/GID > > under 100. So a > > uid < 100 should deny the change request. > > Perhaps, though the trend is running most things as non-priv > users, because it minimizes the damage to the server if a > process is compromised. Generally "non-system" accounts seem > to start at 1000 (BSD, and most Linux), or 500 (notably Redhat) > so.. you may want to use 500 as the magic number for portability > reasons. Make it configurable!!! Set a default but don't make hard coded assumptions about someone else's systems. On FreeBSD, the default should probably be 1000. make NON_SYSTEM_ACCT_START=4321
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030602164352.GA80586>