Date: Sun, 21 Jan 2001 07:03:45 -0500 From: "Otter" <otterr@telocity.com> To: "'Kris Kennaway'" <kris@FreeBSD.ORG>, "'Alex Charalabidis'" <alex@wnm.net> Cc: "'Thakingfish'" <thakingfish@hal3000.cx>, <freebsd-questions@FreeBSD.ORG> Subject: RE: dnetc in FBSD Message-ID: <000c01c083a2$34dd8fd0$1401a8c0@zoso> In-Reply-To: <20010121024645.A63940@citusc17.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
I remember seeing the user 'nobody' used after upgrading it last time. I changed my startup script in /usr/local/etc/rc.d to 'su -m <user>' instead of su'ing to nobody. I also changed the permissions so that my <user> had access to it. Is this an acceptable workaround? If so, it might a simple change of the installation script. Maybe add a question in the install where it asks "What user do you want to run this as?" -Otter -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Kris Kennaway Sent: Sunday, January 21, 2001 5:47 AM To: Alex Charalabidis Cc: Thakingfish; freebsd-questions@FreeBSD.ORG Subject: Re: dnetc in FBSD On Sun, Jan 21, 2001 at 04:36:00AM -0600, Alex Charalabidis wrote: > Oops, misread it. So it was the horse, not the cow. :) We'll be expecting > an advisory whenever they fix it. Moo. > > Sure, it's a problem for everyone who runs so much stuff as nobody that > they might as well run it as root. I think I'll just assign it its own > user. Not that I care more than anyone else to litter the world with > separate users for every trivial task, but is it worth doing by default > for this particular package? The nobody user shouldn't confer any special privileges. Currently the apache ports break that rule since ownership of the webserver is certainly a privilege. But I don't know that the ability to submit RC5 blocks is a sufficient privilege that it should get its own user. On the other hand, if dnetc proves to be an ongoing source of problems (being a binary-only client makes it more difficult to check, and apparently no-one has ever poked at it before, because it was really obvious) then firewalling it away from the other remaining applications which still inappropriately use nobody would be of benefit. I think the real issue here is fixing the other stuff which uses nobody, though. Kris -- NOTE: To fetch an updated copy of my GPG key which has not expired, finger kris@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000c01c083a2$34dd8fd0$1401a8c0>