From owner-freebsd-security  Tue Jun  1 19:19:31 1999
Delivered-To: freebsd-security@freebsd.org
Received: from Argon.Mlink.NET (Argon.Mlink.NET [205.236.182.18])
	by hub.freebsd.org (Postfix) with ESMTP id E0BB81529C
	for <freebsd-security@FreeBSD.ORG>; Tue,  1 Jun 1999 19:19:29 -0700 (PDT)
	(envelope-from matt@Mlink.NET)
Received: from aic-gw.mlink.net (matt@[209.104.118.65]) by Argon.Mlink.NET (8.8.8/8.8.2) with ESMTP id WAA09921; Tue, 1 Jun 1999 22:16:47 -0400 (EDT)
Date: Tue, 1 Jun 1999 22:19:03 -0400 (EDT)
From: matt <matt@Mlink.NET>
To: Andrew Kenneth Milton <akm@mail.theinternet.com.au>
Cc: Bruce Campbell <bc@thehub.com.au>, cain@tasam.com,
	freebsd-security@FreeBSD.ORG
Subject: Re: Shell Account system
In-Reply-To: <199906020147.LAA21482@mail.theinternet.com.au>
Message-ID: <Pine.BSF.4.10.9906012217250.688-100000@aic-gw.mlink.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 2 Jun 1999, Andrew Kenneth Milton wrote:

[...]

: It's normally suid because the conf files are readable only by the
: 'owner' -- it's also suid to limit the damage you can do, normally
: you setup an 'irc' account and make it suid that.

Actually, You normally would make an account called irc or ircd, chmod
that home directory 700, set the D/S paths in the ircd config, and run
it FROM the irc home dir, with the conf chmod 600. There's absolutely
no need to SUID ircd at all, nor would I recommend it.

Matt

: -- 
: Totally Holistic Enterprises Internet|  P:+61 7 3870 0066   |  Andrew
: The Internet (Aust) Pty Ltd          |  F:+61 7 3870 4477   |  Milton
: ACN: 082 081 472                     |  M:+61 416 022 411   |72 Col .Sig
: PO Box 837 Indooroopilly QLD 4068    |akm@theinternet.com.au|Specialist

--
DISCLAIMER: Anyone sending me unsolicited commercial electronic mail
will be charged a $100 fee for time spent reading it. Do NOT send this
type of electronic mail to me. In reading this, you automatically agree
to be subjected to these terms:

US Code Title 47, Sec.227(a)(2)(B), a computer/modem/printer meets the
definition of a telephone fax machine. By Sec.227(b)(1)(C), it is
unlawful to send any unsolicited advertisement to such equipment. By
Sec.227(b)(3)(C), a violation of the aforementioned Section is punishable
by action to recover actual monetary loss, or $500, whichever is greater,
for each violation.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message