From owner-freebsd-questions Sun Jan 21 4: 0:16 2001 Delivered-To: freebsd-questions@freebsd.org Received: from c007.snv.cp.net (c007-h014.c007.snv.cp.net [209.228.33.221]) by hub.freebsd.org (Postfix) with SMTP id 09A1D37B404 for ; Sun, 21 Jan 2001 03:59:57 -0800 (PST) Received: (cpmta 25680 invoked from network); 21 Jan 2001 03:59:52 -0800 Received: from dsl-216-227-91-85.telocity.com (HELO zoso) (216.227.91.85) by smtp.telocity.com (209.228.33.221) with SMTP; 21 Jan 2001 03:59:52 -0800 X-Sent: 21 Jan 2001 11:59:52 GMT From: "Otter" To: "'Kris Kennaway'" , "'Alex Charalabidis'" Cc: "'Thakingfish'" , Subject: RE: dnetc in FBSD Date: Sun, 21 Jan 2001 07:03:45 -0500 Message-ID: <000c01c083a2$34dd8fd0$1401a8c0@zoso> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <20010121024645.A63940@citusc17.usc.edu> Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I remember seeing the user 'nobody' used after upgrading it last time. I changed my startup script in /usr/local/etc/rc.d to 'su -m ' instead of su'ing to nobody. I also changed the permissions so that my had access to it. Is this an acceptable workaround? If so, it might a simple change of the installation script. Maybe add a question in the install where it asks "What user do you want to run this as?" -Otter -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Kris Kennaway Sent: Sunday, January 21, 2001 5:47 AM To: Alex Charalabidis Cc: Thakingfish; freebsd-questions@FreeBSD.ORG Subject: Re: dnetc in FBSD On Sun, Jan 21, 2001 at 04:36:00AM -0600, Alex Charalabidis wrote: > Oops, misread it. So it was the horse, not the cow. :) We'll be expecting > an advisory whenever they fix it. Moo. > > Sure, it's a problem for everyone who runs so much stuff as nobody that > they might as well run it as root. I think I'll just assign it its own > user. Not that I care more than anyone else to litter the world with > separate users for every trivial task, but is it worth doing by default > for this particular package? The nobody user shouldn't confer any special privileges. Currently the apache ports break that rule since ownership of the webserver is certainly a privilege. But I don't know that the ability to submit RC5 blocks is a sufficient privilege that it should get its own user. On the other hand, if dnetc proves to be an ongoing source of problems (being a binary-only client makes it more difficult to check, and apparently no-one has ever poked at it before, because it was really obvious) then firewalling it away from the other remaining applications which still inappropriately use nobody would be of benefit. I think the real issue here is fixing the other stuff which uses nobody, though. Kris -- NOTE: To fetch an updated copy of my GPG key which has not expired, finger kris@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message